also @ TechSpot: First Qualcomm Snapdragon 800 benchmarks hit the web

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

FBI computer locked. $200 moneypak virus

Discussion in 'Virus and Malware Removal' started by Sprinter, Aug 30, 2012.

Post New Reply

Page 1 of 4

Sprinter Newcomer, in training Posts: 59

I had my screen pop up with a notice saying my illegal activities had caused the FBI to lock my computer and that I had 72 hours to pay $200 via moneypak or I would be arrested. I realized this was a scam. I tried to close the exe via task manager but I could not even access task manager. I restarted and attempted to run malwarebytes free scan program that I have and the message locked me out again. I unplugged my wireless receiver and restarted again. this time I was able to run a scan but nothing was found. I think plugged in my receiver and boom message locked me out again. How can I get rid/fix this?

Thanks for your time
-Sprinter

Sprinter, Aug 30, 2012

#1
Broni Malware Annihilator Posts: 40,071 +187
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

Start with this guide and let me know how it went: http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
Broni, Aug 30, 2012

#2
Sprinter Newcomer, in training Posts: 59

I was reading through the rules post and started with the 3 scans in the top thread before I read this reply. the malwarebtyes log and the gmer log I was able to get but the dds one never ran despite me trying to open the file more than once. here are the 2 logs and now im going to try to fix it from the link you suggested. sorry for the inconvience.

Thanks again,
-Sprinter

Sprinter, Aug 30, 2012

#3
Sprinter Newcomer, in training Posts: 59

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4994
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
8/30/2012 9:46:38 PM
mbam-log-2012-08-30 (21-46-38).txt
Scan type: Quick scan
Objects scanned: 211737
Time elapsed: 22 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-30 22:03:21
Windows 5.1.2600 Service Pack 3
Running: 0ymugb9y.exe

---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys (*** hidden *** ) [BOOT] 39081e7f9367d87f <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----

Sprinter, Aug 30, 2012

#4
Broni Malware Annihilator Posts: 40,071 +187

Let me know...

Broni, Aug 30, 2012

#5

Broni Malware Annihilator Posts: 40,071 +187

Let's skip DDS for now.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Broni, Aug 30, 2012

#6

Sprinter Newcomer, in training Posts: 59

I have nearly completed your instruction to follow the steps at bleepingcomputer.com(the link you gave me). it is scaning my system and has so far found 4 items that I will be quaratining. but how do I know my computer is actually clean? would you like me to download and run the TDSSKiller after I am done?

thanks for your time,
-Sprinter

Sprinter, Aug 31, 2012

#7
Broni Malware Annihilator Posts: 40,071 +187

Yes.

Broni, Aug 31, 2012

#8
Sprinter Newcomer, in training Posts: 59

Just completed the scan from bleepingcomputer.com(the link you gave me). it detected 81 items which I believe I took care of following their instructions on the site. Question, how did malwarebytes not find even one of these 81 items? :/
Also it said to reboot my computer in normal mode after completing all the steps in safe mode. rebooted, plugged in my wireless receiver to get online to download the TDSSKiller and pop, up came the FBI screen locking me out again. I restarted in safe mode and im going to try plugging it back in and downloading TDSSKiller and running it. Thoughts?

Thanks,
-Sprinter

Sprinter, Aug 31, 2012

#9
Sprinter Newcomer, in training Posts: 59

Here is the TDSSKiller log

03:45:20.0734 0140 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:45:21.0031 0140 ============================================================
03:45:21.0031 0140 Current date / time: 2012/08/31 03:45:21.0031
03:45:21.0031 0140 SystemInfo:
03:45:21.0031 0140
03:45:21.0031 0140 OS Version: 5.1.2600 ServicePack: 3.0
03:45:21.0031 0140 Product type: Workstation
03:45:21.0031 0140 ComputerName: TINKER
03:45:21.0031 0140 UserName: atinker
03:45:21.0031 0140 Windows directory: C:\WINDOWS
03:45:21.0031 0140 System windows directory: C:\WINDOWS
03:45:21.0031 0140 Processor architecture: Intel x86
03:45:21.0031 0140 Number of processors: 2
03:45:21.0031 0140 Page size: 0x1000
03:45:21.0031 0140 Boot type: Safe boot with network
03:45:21.0031 0140 ============================================================
03:45:28.0343 0140 !crdlk
03:45:28.0343 0140 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
03:45:28.0359 0140 ============================================================
03:45:28.0359 0140 \Device\Harddisk0\DR0:
03:45:28.0359 0140 MBR partitions:
03:45:28.0359 0140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x8B966D7
03:45:28.0359 0140 ============================================================
03:45:28.0437 0140 C: <-> \Device\Harddisk0\DR0\Partition1
03:45:28.0453 0140 ============================================================
03:45:28.0453 0140 Initialize success
03:45:28.0453 0140 ============================================================
03:45:36.0906 1780 ============================================================
03:45:36.0906 1780 Scan started
03:45:36.0906 1780 Mode: Manual;
03:45:36.0906 1780 ============================================================
03:45:37.0750 1780 ================ Scan system memory ========================
03:45:37.0750 1780 System memory - ok
03:45:37.0750 1780 ================ Scan services =============================
03:45:37.0859 1780 Suspicious service (NoAccess): 39081e7f9367d87f
03:45:38.0046 1780 [ 7B01DACDBB1F8AEC54F61CBD50DFD5B8 ] 39081e7f9367d87f C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys
03:45:38.0046 1780 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys. md5: 7B01DACDBB1F8AEC54F61CBD50DFD5B8
03:45:38.0828 1780 39081e7f9367d87f ( Rootkit.Win32.Necurs.gen ) - infected
03:45:38.0828 1780 39081e7f9367d87f - detected Rootkit.Win32.Necurs.gen (0)
03:45:39.0156 1780 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Documents and Settings\atinker\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
03:45:39.0156 1780 A2DDA - ok
03:45:39.0171 1780 Abiosdsk - ok
03:45:39.0312 1780 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
03:45:39.0312 1780 abp480n5 - ok
03:45:39.0390 1780 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:45:39.0390 1780 ACPI - ok
03:45:39.0453 1780 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:45:39.0468 1780 ACPIEC - ok
03:45:39.0515 1780 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
03:45:39.0515 1780 adpu160m - ok
03:45:39.0578 1780 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:45:39.0578 1780 aec - ok
03:45:39.0656 1780 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:45:39.0656 1780 AFD - ok
03:45:39.0718 1780 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
03:45:39.0718 1780 agp440 - ok
03:45:39.0734 1780 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
03:45:39.0734 1780 agpCPQ - ok
03:45:39.0796 1780 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
03:45:39.0796 1780 Aha154x - ok
03:45:39.0843 1780 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
03:45:39.0843 1780 aic78u2 - ok
03:45:39.0875 1780 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
03:45:39.0890 1780 aic78xx - ok
03:45:39.0953 1780 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:45:39.0953 1780 Alerter - ok
03:45:40.0000 1780 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
03:45:40.0000 1780 ALG - ok
03:45:40.0046 1780 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
03:45:40.0046 1780 AliIde - ok
03:45:40.0093 1780 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
03:45:40.0093 1780 alim1541 - ok
03:45:40.0156 1780 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
03:45:40.0171 1780 amdagp - ok
03:45:40.0203 1780 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
03:45:40.0203 1780 amsint - ok
03:45:40.0375 1780 [ 8FA646F0E639D9A8C8B98E217D471DC0 ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
03:45:40.0406 1780 AOL ACS - ok
03:45:40.0562 1780 [ A8AA9D47F971570A5162B862B80F87E8 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
03:45:40.0593 1780 Apple Mobile Device - ok
03:45:40.0687 1780 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:45:40.0703 1780 AppMgmt - ok
03:45:40.0765 1780 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
03:45:40.0765 1780 asc - ok
03:45:40.0796 1780 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
03:45:40.0796 1780 asc3350p - ok
03:45:40.0859 1780 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
03:45:40.0859 1780 asc3550 - ok
03:45:40.0937 1780 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
03:45:40.0937 1780 ASCTRM - ok
03:45:41.0140 1780 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:45:41.0140 1780 aspnet_state - ok
03:45:41.0218 1780 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:45:41.0218 1780 AsyncMac - ok
03:45:41.0265 1780 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:45:41.0281 1780 atapi - ok
03:45:41.0296 1780 Atdisk - ok
03:45:41.0390 1780 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
03:45:41.0406 1780 Ati HotKey Poller - ok
03:45:41.0562 1780 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
03:45:41.0593 1780 ati2mtag - ok
03:45:41.0687 1780 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:45:41.0687 1780 Atmarpc - ok
03:45:41.0734 1780 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:45:41.0734 1780 AudioSrv - ok
03:45:41.0765 1780 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:45:41.0765 1780 audstub - ok
03:45:41.0921 1780 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
03:45:41.0937 1780 BBSvc - ok
03:45:42.0015 1780 [ B770039886598AAB7CF5EAEEC2409E31 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
03:45:42.0015 1780 BCMH43XX - ok
03:45:42.0046 1780 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:45:42.0046 1780 Beep - ok
03:45:42.0156 1780 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
03:45:42.0328 1780 BITS - ok
03:45:42.0390 1780 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:45:42.0406 1780 Bonjour Service - ok
03:45:42.0453 1780 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
03:45:42.0453 1780 Browser - ok
03:45:42.0484 1780 bvrp_pci - ok
03:45:42.0593 1780 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
03:45:42.0593 1780 cbidf - ok
03:45:42.0609 1780 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:45:42.0609 1780 cbidf2k - ok
03:45:42.0671 1780 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
03:45:42.0687 1780 cd20xrnt - ok
03:45:42.0750 1780 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:45:42.0750 1780 Cdaudio - ok
03:45:42.0812 1780 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:45:42.0812 1780 Cdfs - ok
03:45:42.0859 1780 [ 814ACB9B8A55804D9878248B3C79F862 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
03:45:42.0859 1780 Cdr4_xp - ok
03:45:42.0906 1780 [ BCE7213F8AA1BC9D5C08F81CB05E10A7 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
03:45:42.0906 1780 Cdralw2k - ok
03:45:42.0937 1780 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:45:42.0937 1780 Cdrom - ok
03:45:43.0015 1780 [ 7E6F7DA1C4DE5680820F964562548949 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
03:45:43.0015 1780 cfwids - ok
03:45:43.0046 1780 Changer - ok
03:45:43.0140 1780 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:45:43.0140 1780 CiSvc - ok
03:45:43.0218 1780 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:45:43.0218 1780 ClipSrv - ok
03:45:43.0296 1780 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:45:43.0296 1780 clr_optimization_v2.0.50727_32 - ok
03:45:43.0328 1780 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
03:45:43.0343 1780 CmdIde - ok
03:45:43.0375 1780 COMSysApp - ok
03:45:43.0453 1780 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
03:45:43.0453 1780 Cpqarray - ok
03:45:43.0546 1780 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
03:45:43.0546 1780 Creative Labs Licensing Service - ok
03:45:43.0640 1780 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
03:45:43.0640 1780 Creative Service for CDROM Access - ok
03:45:43.0718 1780 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:45:43.0718 1780 CryptSvc - ok
03:45:43.0750 1780 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
03:45:43.0750 1780 dac2w2k - ok
03:45:43.0796 1780 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
03:45:43.0796 1780 dac960nt - ok
03:45:43.0875 1780 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:45:43.0890 1780 DcomLaunch - ok
03:45:43.0953 1780 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:45:43.0968 1780 Dhcp - ok
03:45:44.0000 1780 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:45:44.0000 1780 Disk - ok
03:45:44.0078 1780 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
03:45:44.0078 1780 DLABOIOM - ok
03:45:44.0109 1780 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
03:45:44.0109 1780 DLACDBHM - ok
03:45:44.0171 1780 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
03:45:44.0171 1780 DLADResN - ok
03:45:44.0203 1780 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
03:45:44.0203 1780 DLAIFS_M - ok
03:45:44.0250 1780 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
03:45:44.0250 1780 DLAOPIOM - ok
03:45:44.0296 1780 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
03:45:44.0296 1780 DLAPoolM - ok
03:45:44.0343 1780 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
03:45:44.0343 1780 DLARTL_N - ok
03:45:44.0375 1780 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
03:45:44.0375 1780 DLAUDFAM - ok
03:45:44.0421 1780 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
03:45:44.0421 1780 DLAUDF_M - ok
03:45:44.0453 1780 dmadmin - ok
03:45:44.0531 1780 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:45:44.0562 1780 dmboot - ok
03:45:44.0640 1780 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
03:45:44.0640 1780 dmio - ok
03:45:44.0687 1780 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:45:44.0687 1780 dmload - ok
03:45:44.0765 1780 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
03:45:44.0765 1780 dmserver - ok
03:45:44.0796 1780 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:45:44.0796 1780 DMusic - ok
03:45:44.0859 1780 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:45:44.0859 1780 Dnscache - ok
03:45:44.0937 1780 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:45:44.0937 1780 Dot3svc - ok
03:45:45.0015 1780 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
03:45:45.0015 1780 dpti2o - ok
03:45:45.0062 1780 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:45:45.0062 1780 drmkaud - ok
03:45:45.0125 1780 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
03:45:45.0125 1780 DRVMCDB - ok
03:45:45.0171 1780 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
03:45:45.0171 1780 DRVNDDM - ok
03:45:45.0296 1780 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
03:45:45.0296 1780 DSBrokerService - ok
03:45:45.0343 1780 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
03:45:45.0343 1780 DSproct - ok
03:45:45.0406 1780 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
03:45:45.0421 1780 dsunidrv - ok
03:45:45.0484 1780 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
03:45:45.0484 1780 E100B - ok
03:45:45.0531 1780 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:45:45.0546 1780 EapHost - ok
03:45:45.0656 1780 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
03:45:45.0671 1780 ehRecvr - ok
03:45:45.0765 1780 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
03:45:45.0765 1780 ehSched - ok
03:45:45.0828 1780 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:45:45.0828 1780 ERSvc - ok
03:45:45.0890 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
03:45:45.0906 1780 Eventlog - ok
03:45:45.0968 1780 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
03:45:45.0968 1780 EventSystem - ok
03:45:46.0031 1780 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:45:46.0031 1780 Fastfat - ok
03:45:46.0109 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:45:46.0125 1780 FastUserSwitchingCompatibility - ok
03:45:46.0187 1780 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
03:45:46.0203 1780 Fax - ok
03:45:46.0234 1780 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:45:46.0234 1780 Fdc - ok
03:45:46.0296 1780 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:45:46.0296 1780 Fips - ok
03:45:46.0343 1780 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:45:46.0343 1780 Flpydisk - ok
03:45:46.0406 1780 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:45:46.0406 1780 FltMgr - ok
03:45:46.0531 1780 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:45:46.0531 1780 FontCache3.0.0.0 - ok
03:45:46.0578 1780 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:45:46.0578 1780 Fs_Rec - ok
03:45:46.0656 1780 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:45:46.0656 1780 Ftdisk - ok
03:45:46.0718 1780 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
03:45:46.0718 1780 GEARAspiWDM - ok
03:45:46.0750 1780 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:45:46.0750 1780 Gpc - ok
03:45:46.0875 1780 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:45:46.0875 1780 gusvc - ok
03:45:46.0921 1780 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:45:46.0921 1780 HDAudBus - ok
03:45:47.0015 1780 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:45:47.0015 1780 helpsvc - ok
03:45:47.0062 1780 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
03:45:47.0062 1780 HidServ - ok
03:45:47.0093 1780 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:45:47.0093 1780 HidUsb - ok
03:45:47.0187 1780 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:45:47.0187 1780 hkmsvc - ok
03:45:47.0296 1780 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
03:45:47.0328 1780 HP Port Resolver - ok
03:45:47.0375 1780 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
03:45:47.0375 1780 hpn - ok
03:45:47.0468 1780 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
03:45:47.0468 1780 HSFHWBS2 - ok
03:45:47.0531 1780 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
03:45:47.0562 1780 HSF_DP - ok
03:45:47.0640 1780 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:45:47.0656 1780 HTTP - ok
03:45:47.0703 1780 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:45:47.0718 1780 HTTPFilter - ok
03:45:47.0750 1780 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
03:45:47.0750 1780 i2omgmt - ok
03:45:47.0812 1780 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
03:45:47.0812 1780 i2omp - ok
03:45:47.0859 1780 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:45:47.0859 1780 i8042prt - ok
03:45:47.0968 1780 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
03:45:48.0078 1780 ialm - ok
03:45:48.0171 1780 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:45:48.0234 1780 idsvc - ok
03:45:48.0296 1780 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:45:48.0296 1780 Imapi - ok
03:45:48.0359 1780 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:45:48.0359 1780 ImapiService - ok
03:45:48.0437 1780 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
03:45:48.0437 1780 ini910u - ok
03:45:48.0531 1780 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
03:45:48.0546 1780 IntelIde - ok
03:45:48.0625 1780 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:45:48.0625 1780 intelppm - ok
03:45:48.0703 1780 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:45:48.0718 1780 Ip6Fw - ok
03:45:48.0781 1780 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:45:48.0781 1780 IpFilterDriver - ok
03:45:48.0828 1780 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:45:48.0828 1780 IpInIp - ok
03:45:48.0890 1780 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:45:48.0890 1780 IpNat - ok
03:45:48.0953 1780 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:45:48.0984 1780 iPod Service - ok
03:45:49.0031 1780 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:45:49.0031 1780 IPSec - ok
03:45:49.0078 1780 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:45:49.0093 1780 IRENUM - ok
03:45:49.0171 1780 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:45:49.0171 1780 isapnp - ok
03:45:49.0265 1780 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
03:45:49.0265 1780 JavaQuickStarterService - ok
03:45:49.0312 1780 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:45:49.0312 1780 Kbdclass - ok
03:45:49.0343 1780 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:45:49.0343 1780 kbdhid - ok
03:45:49.0421 1780 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:45:49.0421 1780 kmixer - ok
03:45:49.0468 1780 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:45:49.0468 1780 KSecDD - ok
03:45:49.0515 1780 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:45:49.0515 1780 lanmanserver - ok
03:45:49.0578 1780 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:45:49.0593 1780 lanmanworkstation - ok
03:45:49.0640 1780 [ 9FFD1CF2A782F2560E78EEC4B8B8689E ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
03:45:49.0640 1780 LBeepKE - ok
03:45:49.0671 1780 lbrtfdc - ok
03:45:49.0828 1780 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
03:45:49.0828 1780 LBTServ - ok
03:45:49.0906 1780 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
03:45:49.0906 1780 LEqdUsb - ok
03:45:49.0937 1780 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
03:45:49.0937 1780 LHidEqd - ok
03:45:50.0000 1780 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
03:45:50.0015 1780 LHidFilt - ok
03:45:50.0078 1780 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:45:50.0078 1780 LmHosts - ok
03:45:50.0125 1780 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
03:45:50.0125 1780 LMouFilt - ok
03:45:50.0234 1780 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
03:45:50.0234 1780 McComponentHostService - ok
03:45:50.0359 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
03:45:50.0375 1780 McMPFSvc - ok
03:45:50.0406 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:45:50.0406 1780 mcmscsvc - ok
03:45:50.0453 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:45:50.0453 1780 McNaiAnn - ok
03:45:50.0484 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:45:50.0484 1780 McNASvc - ok
03:45:50.0703 1780 [ ADA83A989D5822DAA5E2F62FDF118AC6 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
03:45:50.0703 1780 McODS - ok
03:45:50.0734 1780 [ B26A3EA976E6FD5C03C65F6E5824AD7C ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:45:50.0734 1780 McProxy - ok
03:45:50.0828 1780 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
03:45:50.0828 1780 McrdSvc - ok
03:45:50.0875 1780 [ 7394FCADC0DD68DDC5921884906F4AE9 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
03:45:50.0875 1780 McShield - ok
03:45:51.0000 1780 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
03:45:51.0015 1780 MDM - ok
03:45:51.0046 1780 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
03:45:51.0046 1780 mdmxsdk - ok
03:45:51.0203 1780 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:45:51.0203 1780 Messenger - ok
03:45:51.0265 1780 [ 84D59A3EDDFB9438FB94F7F80D37859D ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
03:45:51.0265 1780 mfeapfk - ok
03:45:51.0328 1780 [ 67E961988312B1A28D6F93357B0BF998 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
03:45:51.0343 1780 mfeavfk - ok
03:45:51.0390 1780 [ 19161B1796CF74A6A326ABDE309062BA ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
03:45:51.0406 1780 mfebopk - ok
03:45:51.0468 1780 [ 3D8E909DA47E22E2B32056FD2AE66EDE ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
03:45:51.0468 1780 mfefire - ok
03:45:51.0531 1780 [ D5F89B4934960C70882924D992C6ABFC ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
03:45:51.0531 1780 mfefirek - ok
03:45:51.0625 1780 [ 0EFAB2B91B27543FE589DE700DE07136 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
03:45:51.0640 1780 mfehidk - ok
03:45:51.0687 1780 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:45:51.0687 1780 mfendisk - ok
03:45:51.0703 1780 [ 549DD4966BF0B1D1FC205CA0755A745B ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
03:45:51.0718 1780 mfendiskmp - ok
03:45:51.0796 1780 [ C9EDA1EADA2AB6E34CD1A10C3A24AB25 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
03:45:51.0796 1780 mferkdet - ok
03:45:51.0875 1780 [ E6C5F7AADE5A31C057D73201ACFE8ADF ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
03:45:51.0875 1780 mfetdi2k - ok
03:45:51.0937 1780 [ 5C1B2814EF2A6313936A111D3FD095AF ] mfevtp C:\WINDOWS\system32\mfevtps.exe
03:45:51.0937 1780 mfevtp - ok
03:45:52.0000 1780 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
03:45:52.0015 1780 MHN - ok
03:45:52.0046 1780 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
03:45:52.0046 1780 MHNDRV - ok
03:45:52.0140 1780 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:45:52.0140 1780 mnmdd - ok
03:45:52.0203 1780 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:45:52.0203 1780 mnmsrvc - ok
03:45:52.0281 1780 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:45:52.0281 1780 Modem - ok
03:45:52.0328 1780 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
03:45:52.0328 1780 MODEMCSA - ok
03:45:52.0390 1780 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:45:52.0390 1780 Mouclass - ok
03:45:52.0437 1780 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:45:52.0437 1780 mouhid - ok
03:45:52.0468 1780 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:45:52.0468 1780 MountMgr - ok
03:45:52.0546 1780 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:45:52.0562 1780 MozillaMaintenance - ok
03:45:52.0609 1780 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
03:45:52.0609 1780 mraid35x - ok
03:45:52.0656 1780 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:45:52.0656 1780 MRxDAV - ok
03:45:52.0734 1780 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32

Sprinter, Aug 31, 2012

#10
Sprinter Newcomer, in training Posts: 59

\DRIVERS\mrxsmb.sys
03:45:52.0734 1780 MRxSmb - ok
03:45:52.0796 1780 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:45:52.0796 1780 MSDTC - ok
03:45:52.0843 1780 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:45:52.0859 1780 Msfs - ok
03:45:52.0890 1780 MSIServer - ok
03:45:52.0968 1780 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:45:52.0968 1780 MSKSSRV - ok
03:45:53.0031 1780 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:45:53.0031 1780 MSPCLOCK - ok
03:45:53.0078 1780 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:45:53.0093 1780 MSPQM - ok
03:45:53.0171 1780 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:45:53.0171 1780 mssmbios - ok
03:45:53.0203 1780 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:45:53.0218 1780 Mup - ok
03:45:53.0296 1780 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:45:53.0312 1780 napagent - ok
03:45:53.0343 1780 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:45:53.0359 1780 NDIS - ok
03:45:53.0421 1780 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:45:53.0421 1780 NdisTapi - ok
03:45:53.0484 1780 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:45:53.0484 1780 Ndisuio - ok
03:45:53.0515 1780 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:45:53.0515 1780 NdisWan - ok
03:45:53.0578 1780 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:45:53.0578 1780 NDProxy - ok
03:45:53.0656 1780 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:45:53.0656 1780 NetBIOS - ok
03:45:53.0703 1780 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:45:53.0703 1780 NetBT - ok
03:45:53.0765 1780 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
03:45:53.0781 1780 NetDDE - ok
03:45:53.0812 1780 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:45:53.0828 1780 NetDDEdsdm - ok
03:45:53.0890 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:45:53.0890 1780 Netlogon - ok
03:45:53.0953 1780 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
03:45:53.0953 1780 Netman - ok
03:45:54.0140 1780 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
03:45:54.0140 1780 NetSvc - ok
03:45:54.0218 1780 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:45:54.0234 1780 NetTcpPortSharing - ok
03:45:54.0281 1780 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
03:45:54.0281 1780 Nla - ok
03:45:54.0359 1780 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:45:54.0359 1780 Npfs - ok
03:45:54.0437 1780 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:45:54.0453 1780 Ntfs - ok
03:45:54.0484 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:45:54.0484 1780 NtLmSsp - ok
03:45:54.0578 1780 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:45:54.0593 1780 NtmsSvc - ok
03:45:54.0671 1780 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:45:54.0671 1780 Null - ok
03:45:54.0765 1780 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:45:54.0812 1780 nv - ok
03:45:54.0859 1780 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:45:54.0859 1780 NwlnkFlt - ok
03:45:54.0921 1780 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:45:54.0921 1780 NwlnkFwd - ok
03:45:54.0984 1780 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:45:54.0984 1780 ose - ok
03:45:55.0093 1780 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:45:55.0093 1780 Parport - ok
03:45:55.0140 1780 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:45:55.0140 1780 PartMgr - ok
03:45:55.0203 1780 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:45:55.0203 1780 ParVdm - ok
03:45:55.0234 1780 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:45:55.0234 1780 PCI - ok
03:45:55.0281 1780 PCIDump - ok
03:45:55.0343 1780 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:45:55.0343 1780 PCIIde - ok
03:45:55.0421 1780 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:45:55.0421 1780 Pcmcia - ok
03:45:55.0437 1780 PDCOMP - ok
03:45:55.0484 1780 PDFRAME - ok
03:45:55.0531 1780 PDRELI - ok
03:45:55.0578 1780 PDRFRAME - ok
03:45:55.0640 1780 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
03:45:55.0640 1780 perc2 - ok
03:45:55.0703 1780 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
03:45:55.0703 1780 perc2hib - ok
03:45:55.0843 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
03:45:55.0843 1780 PlugPlay - ok
03:45:55.0890 1780 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
03:45:55.0890 1780 Pml Driver HPZ12 - ok
03:45:55.0921 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:45:55.0921 1780 PolicyAgent - ok
03:45:56.0000 1780 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:45:56.0000 1780 PptpMiniport - ok
03:45:56.0015 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:45:56.0015 1780 ProtectedStorage - ok
03:45:56.0062 1780 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:45:56.0062 1780 PSched - ok
03:45:56.0156 1780 [ 1DF21F001F3A94EBA4A2950C70CC358F ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
03:45:56.0156 1780 PSI - ok
03:45:56.0203 1780 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:45:56.0218 1780 Ptilink - ok
03:45:56.0250 1780 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:45:56.0250 1780 PxHelp20 - ok
03:45:56.0296 1780 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
03:45:56.0296 1780 ql1080 - ok
03:45:56.0343 1780 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
03:45:56.0343 1780 Ql10wnt - ok
03:45:56.0375 1780 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
03:45:56.0375 1780 ql12160 - ok
03:45:56.0421 1780 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
03:45:56.0421 1780 ql1240 - ok
03:45:56.0468 1780 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
03:45:56.0468 1780 ql1280 - ok
03:45:56.0515 1780 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:45:56.0531 1780 RasAcd - ok
03:45:56.0593 1780 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:45:56.0593 1780 RasAuto - ok
03:45:56.0640 1780 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:45:56.0640 1780 Rasl2tp - ok
03:45:56.0750 1780 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:45:56.0750 1780 RasMan - ok
03:45:56.0781 1780 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:45:56.0781 1780 RasPppoe - ok
03:45:56.0812 1780 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:45:56.0812 1780 Raspti - ok
03:45:56.0875 1780 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:45:56.0875 1780 Rdbss - ok
03:45:56.0906 1780 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:45:56.0906 1780 RDPCDD - ok
03:45:57.0000 1780 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:45:57.0000 1780 rdpdr - ok
03:45:57.0078 1780 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:45:57.0093 1780 RDPWD - ok
03:45:57.0187 1780 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:45:57.0187 1780 RDSessMgr - ok
03:45:57.0234 1780 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:45:57.0234 1780 redbook - ok
03:45:57.0296 1780 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:45:57.0296 1780 RemoteAccess - ok
03:45:57.0390 1780 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:45:57.0390 1780 RemoteRegistry - ok
03:45:57.0437 1780 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
03:45:57.0437 1780 RpcLocator - ok
03:45:57.0500 1780 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:45:57.0500 1780 RpcSs - ok
03:45:57.0562 1780 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:45:57.0578 1780 RSVP - ok
03:45:57.0640 1780 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
03:45:57.0640 1780 SamSs - ok
03:45:57.0687 1780 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:45:57.0687 1780 SCardSvr - ok
03:45:57.0765 1780 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:45:57.0765 1780 Schedule - ok
03:45:57.0843 1780 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
03:45:57.0859 1780 SeaPort - ok
03:45:57.0921 1780 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:45:57.0921 1780 Secdrv - ok
03:45:57.0984 1780 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
03:45:58.0000 1780 seclogon - ok
03:45:58.0046 1780 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
03:45:58.0046 1780 SENS - ok
03:45:58.0109 1780 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:45:58.0109 1780 serenum - ok
03:45:58.0187 1780 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:45:58.0203 1780 Serial - ok
03:45:58.0296 1780 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:45:58.0296 1780 Sfloppy - ok
03:45:58.0359 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:45:58.0359 1780 ShellHWDetection - ok
03:45:58.0484 1780 [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
03:45:58.0515 1780 sigfilt - ok
03:45:58.0531 1780 Simbad - ok
03:45:58.0625 1780 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
03:45:58.0625 1780 sisagp - ok
03:45:58.0671 1780 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
03:45:58.0671 1780 Sparrow - ok
03:45:58.0750 1780 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:45:58.0750 1780 splitter - ok
03:45:58.0812 1780 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:45:58.0812 1780 Spooler - ok
03:45:58.0843 1780 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:45:58.0843 1780 sr - ok
03:45:58.0921 1780 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
03:45:58.0921 1780 srservice - ok
03:45:58.0984 1780 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:45:58.0984 1780 Srv - ok
03:45:59.0046 1780 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:45:59.0046 1780 SSDPSRV - ok
03:45:59.0109 1780 [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
03:45:59.0125 1780 STHDA - ok
03:45:59.0234 1780 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
03:45:59.0234 1780 StillCam - ok
03:45:59.0328 1780 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:45:59.0343 1780 stisvc - ok
03:45:59.0390 1780 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:45:59.0390 1780 swenum - ok
03:45:59.0421 1780 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:45:59.0437 1780 swmidi - ok
03:45:59.0468 1780 SwPrv - ok
03:45:59.0546 1780 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
03:45:59.0546 1780 symc810 - ok
03:45:59.0640 1780 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
03:45:59.0640 1780 symc8xx - ok
03:45:59.0671 1780 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
03:45:59.0671 1780 sym_hi - ok
03:45:59.0718 1780 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
03:45:59.0718 1780 sym_u3 - ok
03:45:59.0812 1780 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:45:59.0812 1780 sysaudio - ok
03:45:59.0859 1780 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:45:59.0859 1780 SysmonLog - ok
03:45:59.0937 1780 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:45:59.0953 1780 TapiSrv - ok
03:46:00.0015 1780 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:46:00.0031 1780 Tcpip - ok
03:46:00.0093 1780 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:46:00.0093 1780 TDPIPE - ok
03:46:00.0140 1780 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:46:00.0140 1780 TDTCP - ok
03:46:00.0203 1780 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:46:00.0203 1780 TermDD - ok
03:46:00.0281 1780 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
03:46:00.0296 1780 TermService - ok
03:46:00.0343 1780 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
03:46:00.0343 1780 Themes - ok
03:46:00.0421 1780 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:46:00.0421 1780 TlntSvr - ok
03:46:00.0484 1780 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
03:46:00.0484 1780 TosIde - ok
03:46:00.0562 1780 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:46:00.0562 1780 TrkWks - ok
03:46:00.0656 1780 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:46:00.0656 1780 Udfs - ok
03:46:00.0703 1780 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
03:46:00.0703 1780 ultra - ok
03:46:00.0765 1780 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:46:00.0781 1780 Update - ok
03:46:00.0828 1780 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
03:46:00.0843 1780 upnphost - ok
03:46:00.0890 1780 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
03:46:00.0890 1780 UPS - ok
03:46:00.0984 1780 [ C1CA131F4E3ED63D6BC89A35FFAD4CDA ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
03:46:00.0984 1780 USBAAPL - ok
03:46:01.0046 1780 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:46:01.0046 1780 usbccgp - ok
03:46:01.0093 1780 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:46:01.0093 1780 usbehci - ok
03:46:01.0187 1780 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:46:01.0187 1780 usbhub - ok
03:46:01.0281 1780 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:46:01.0281 1780 usbprint - ok
03:46:01.0375 1780 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:46:01.0375 1780 USBSTOR - ok
03:46:01.0437 1780 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:46:01.0437 1780 usbuhci - ok
03:46:01.0500 1780 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:46:01.0500 1780 VgaSave - ok
03:46:01.0562 1780 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
03:46:01.0562 1780 viaagp - ok
03:46:01.0656 1780 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
03:46:01.0656 1780 ViaIde - ok
03:46:01.0718 1780 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:46:01.0718 1780 VolSnap - ok
03:46:01.0796 1780 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
03:46:01.0812 1780 VSS - ok
03:46:01.0875 1780 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
03:46:01.0890 1780 w32time - ok
03:46:01.0937 1780 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:46:01.0937 1780 Wanarp - ok
03:46:02.0000 1780 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
03:46:02.0015 1780 wanatw - ok
03:46:02.0078 1780 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
03:46:02.0078 1780 Wdf01000 - ok
03:46:02.0109 1780 WDICA - ok
03:46:02.0187 1780 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:46:02.0187 1780 wdmaud - ok
03:46:02.0250 1780 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
03:46:02.0250 1780 WebClient - ok
03:46:02.0343 1780 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
03:46:02.0375 1780 winachsf - ok
03:46:02.0484 1780 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:46:02.0484 1780 winmgmt - ok
03:46:02.0687 1780 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:46:02.0734 1780 wlidsvc - ok
03:46:02.0843 1780 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
03:46:02.0843 1780 WLSetupSvc - ok
03:46:02.0906 1780 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
03:46:02.0906 1780 WMDM PMSP Service - ok
03:46:02.0984 1780 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:46:02.0984 1780 WmdmPmSN - ok
03:46:03.0062 1780 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:46:03.0093 1780 Wmi - ok
03:46:03.0187 1780 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:46:03.0187 1780 WmiApSrv - ok
03:46:03.0328 1780 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
03:46:03.0359 1780 WMPNetworkSvc - ok
03:46:03.0421 1780 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
03:46:03.0421 1780 WpdUsb - ok
03:46:03.0500 1780 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:46:03.0640 1780 wuauserv - ok
03:46:03.0734 1780 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:46:03.0734 1780 WudfPf - ok
03:46:03.0796 1780 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:46:03.0812 1780 WudfRd - ok
03:46:03.0875 1780 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:46:03.0875 1780 WudfSvc - ok
03:46:03.0953 1780 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:46:03.0968 1780 WZCSVC - ok
03:46:04.0015 1780 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:46:04.0109 1780 xmlprov - ok
03:46:04.0187 1780 ================ Scan global ===============================
03:46:04.0265 1780 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
03:46:04.0312 1780 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:46:04.0328 1780 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
03:46:04.0359 1780 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
03:46:04.0359 1780 [Global] - ok
03:46:04.0359 1780 ================ Scan MBR ==================================
03:46:04.0406 1780 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
03:46:04.0656 1780 \Device\Harddisk0\DR0 - ok
03:46:04.0656 1780 ================ Scan VBR ==================================
03:46:04.0687 1780 [ 2860AF43991D59E904A9CEA7DF8231F3 ] \Device\Harddisk0\DR0\Partition1
03:46:04.0687 1780 \Device\Harddisk0\DR0\Partition1 - ok
03:46:04.0703 1780 ============================================================
03:46:04.0703 1780 Scan finished
03:46:04.0703 1780 ============================================================
03:46:04.0765 1764 Detected object count: 1
03:46:04.0765 1764 Actual detected object count: 1
03:47:12.0703 1764 C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys - copied to quarantine
03:47:12.0718 1764 HKLM\SYSTEM\ControlSet001\services\39081e7f9367d87f - will be deleted on reboot
03:47:12.0750 1764 HKLM\SYSTEM\ControlSet002\services\39081e7f9367d87f - will be deleted on reboot
03:47:12.0890 1764 C:\WINDOWS\System32\Drivers\39081e7f9367d87f.sys - will be deleted on reboot
03:47:12.0890 1764 39081e7f9367d87f ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
03:47:31.0890 1300 Deinitialize success

Sprinter, Aug 31, 2012

#11
Broni Malware Annihilator Posts: 40,071 +187
Now when your computer is doing better we'll run some checks to make sure you're clean.

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

============================================

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

===========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Broni, Aug 31, 2012

#12
Sprinter Newcomer, in training Posts: 59

This is the malwarebytes AM log. about to download and run rKill and post that log in a min

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.13
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
atinker :: TINKER [administrator]
8/31/2012 8:56:14 PM
mbam-log-2012-08-31 (20-56-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278662
Time elapsed: 21 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Data: C:\WINDOWS\Installer\{B1E5375A-06CD-8564-AA25-957888614293}\syshost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55476 (Trojan.Inject) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msiiui.scr -> Delete on reboot.
Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$27254ec040351f30aee8a6638f936eca\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-241897789-3776253787-1937995284-1006\$27254ec040351f30aee8a6638f936eca\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\WINDOWS\Installer\{B1E5375A-06CD-8564-AA25-957888614293}\syshost.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Local Settings\Temp\msiiui.scr (Trojan.Inject) -> Quarantined and deleted successfully.
(end)

Sprinter, Aug 31, 2012

#13
Sprinter Newcomer, in training Posts: 59

Rkill log

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/31/2012 10:26:08 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!

Performing miscellaneous checks.
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Program finished at: 08/31/2012 10:26:57 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

Sprinter, Aug 31, 2012

#14
Sprinter Newcomer, in training Posts: 59

The last scan. aswMBR log is as follows. any next steps for me?
thank you for the help so far and your free time,
-Sprinter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-31 22:30:11
-----------------------------
22:30:11.578 OS Version: Windows 5.1.2600 Service Pack 3
22:30:11.578 Number of processors: 2 586 0x407
22:30:11.578 ComputerName: TINKER UserName:
22:30:12.046 Initialize success
22:39:36.515 AVAST engine defs: 12083102
22:59:17.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:59:17.296 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
22:59:17.343 Disk 0 MBR read successfully
22:59:17.359 Disk 0 MBR scan
22:59:17.421 Disk 0 unknown MBR code
22:59:17.453 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:59:17.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71468 MB offset 112455
22:59:17.562 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 146496735
22:59:17.609 Disk 0 scanning sectors +156232125
22:59:17.718 Disk 0 scanning C:\WINDOWS\system32\drivers
22:59:33.312 Service scanning
22:59:58.609 Modules scanning
23:00:02.968 Disk 0 trace - called modules:
23:00:02.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:00:02.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f77ab8]
23:00:02.984 3 CLASSPNP.SYS[f7675fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86fd5d98]
23:00:03.500 AVAST engine scan C:\WINDOWS
23:00:46.828 AVAST engine scan C:\WINDOWS\system32
23:04:40.265 AVAST engine scan C:\WINDOWS\system32\drivers
23:05:02.484 AVAST engine scan C:\Documents and Settings\atinker
23:37:25.234 AVAST engine scan C:\Documents and Settings\All Users
23:48:44.750 Scan finished successfully
23:54:07.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\atinker\Desktop\MBR.dat"
23:54:07.796 The log file has been saved successfully to "C:\Documents and Settings\atinker\Desktop\aswMBR.txt"

Sprinter, Aug 31, 2012

#15
Broni Malware Annihilator Posts: 40,071 +187
Looks good so far...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Aug 31, 2012

#16
Sprinter Newcomer, in training Posts: 59

Combofix log is as follows. im still running in safemode. what should I do next?

ComboFix 12-08-31.08 - atinker 09/01/2012 0:21.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -4:00]
Running from: c:\documents and settings\atinker\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\export.dat
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpi.jar
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 02:21 . 2005-10-15 00:45 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-08-31 07:47 . 2012-08-31 07:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-29 16:17 . 2012-08-29 16:17 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-07 06:40 . 2012-08-07 06:40 -------- d-----w- c:\documents and settings\atinker\Local Settings\Application Data\Sun
2012-08-07 06:31 . 2012-08-07 06:31 -------- d-----w- c:\program files\Oracle
2012-08-07 06:31 . 2012-08-07 06:31 -------- d-----w- c:\documents and settings\atinker\Application Data\Oracle
2012-08-07 06:31 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07 . 2010-05-10 04:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-04 14:05 . 2005-08-16 08:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2010-10-30 00:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 15:07 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07 . 2005-08-16 08:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-07-09 01:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-08-29 16:17 . 2012-06-11 01:14 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 03:28 . 2011-01-04 19:29 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"46A661F4-1EEB-4BBD-8947-26414B632DAE"="start" [X]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-21 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-20 813584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-06-29 18:17 319488 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/4/2011 3:28 PM 84072]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/4/2011 3:29 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/4/2011 3:28 PM 141792]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [7/29/2012 9:26 PM 642432]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [1/4/2011 3:28 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [1/4/2011 3:28 PM 88544]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\atinker\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys [8/31/2012 2:55 AM 17904]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/20/2010 5:20 PM 10384]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2011 3:28 PM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2011 3:28 PM 271480]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [1/4/2011 3:28 PM 55840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [1/4/2011 3:28 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/4/2011 3:28 PM 84264]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/10/2012 9:14 PM 114144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\atinker\Application Data\Mozilla\Firefox\Profiles\at0tu0ks.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
SafeBoot-96997861.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 00:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-09-01 00:40:10
ComboFix-quarantined-files.txt 2012-09-01 04:39
.
Pre-Run: 26,998,071,296 bytes free
Post-Run: 28,414,414,848 bytes free
.
- - End Of File - - F07949A200455F569018111BC898A259

Sprinter, Sep 1, 2012

#17
Broni Malware Annihilator Posts: 40,071 +187
Looks good

Are you having any issue with running the computer in normal mode?

If not....

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Sep 1, 2012

#18
Sprinter Newcomer, in training Posts: 59

I restarted my computer in normal mode and a window and command prompt popped up before everything loaded. the window was titled "46A661F4-1EEB-4BBD-8947-26414b632DAE.exe"

in the window it said "Windows cannot find 46A661F4-1EEB-4BBD-8947-26414b632DAE.exe . Make sure you typed the name correctly, and then try again. To search for a file, click the Start button , and then click Search"

I clicked Ok and then everything loaded up fine. Not sure if this is an issue or not.
Also I was wonder if I can delete any of this scanning tools or if you reccommend I keep certain ones to check for stuff now and then.?

Thanks sooo much for the help! I really appreciate it.
-Sprinter

Sprinter, Sep 1, 2012

#19
Broni Malware Annihilator Posts: 40,071 +187

We'll look into that message when I see OTL logs.

Broni, Sep 1, 2012

#20

Page 1 of 4

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.