Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

***Google/Yahoo searches highjacked, memory running 40-100%


  • This topic is locked This topic is locked
5 replies to this topic

#1 mattymatt

mattymatt

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 11 December 2011 - 01:25 PM

Hello,

My google and Yahoo searches dont initially get hijacked, its when you click on a link on the search page that you then get redirected. Everything running super slow. I noticed things were not right when my Outlook 2007 kept me disconnected. Not sure if these problems are related.

You fine folks have helped me before, any help would greatly be appreciated!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 AM

Posted 11 December 2011 - 01:38 PM

Hello mattymatt,lets get some info and scan logs and see how it is after.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 11 December 2011 - 03:35 PM

Ok, here goes. I DID run MBAM yesterday and picked up about 7-8 viruses but it looks like it cleaned them for this run. Anyway, here are the logs in order requested. (I was not required to restart my laptop.)

MiniToolBox by Farbar
Ran by matt.thomas (administrator) on 11-12-2011 at 14:17:49
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : MDS0083

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : michiganheart.com

michiganheart.com

michiganheart.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-24-00-C4



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.mi.comcast.net.

Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-1D-60-BF-27-7F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 75.75.76.76

75.75.75.75

Lease Obtained. . . . . . . . . . : Sunday, December 11, 2011 1:07:20 PM

Lease Expires . . . . . . . . . . : Sunday, December 18, 2011 1:07:20 PM



Pinging google.com [74.125.225.52] with 32 bytes of data:



Reply from 74.125.225.52: bytes=32 time=29ms TTL=53

Reply from 74.125.225.52: bytes=32 time=32ms TTL=53



Ping statistics for 74.125.225.52:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 32ms, Average = 30ms



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=97ms TTL=48

Reply from 98.137.149.56: bytes=32 time=98ms TTL=48



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 97ms, Maximum = 98ms, Average = 97ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 24 00 c4 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 1d 60 bf 27 7f ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.6 25
10.0.0.0 255.255.255.0 10.0.0.6 10.0.0.6 25
10.0.0.6 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.0.6 10.0.0.6 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.0.6 10.0.0.6 20
224.0.0.0 240.0.0.0 10.0.0.6 10.0.0.6 25
255.255.255.255 255.255.255.255 10.0.0.6 2 1
255.255.255.255 255.255.255.255 10.0.0.6 10.0.0.6 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 mswsock.dll [File Not found] ()
Catalog5 05 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 02 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 03 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 01:05:47 PM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

Error: (12/11/2011 01:05:47 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2968
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (12/11/2011 11:56:33 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 2259. The installer has encountered an unexpected error. The error code is 2259. Database: Table(s) Update failed

Error: (12/11/2011 11:55:25 AM) (Source: MSSQL$MSSMLBIZ) (User: )
Description: The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\MSDBData.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.

Error: (12/11/2011 11:49:46 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 1440
No Callstack,
CmdLine: setup.exe /q /qn ADDLOCAL=SQL_Data_Files,SQL_Engine,SQL_SharedTools UPGRADE=SQL_Data_Files,SQL_Engine,SQL_SharedTools LOGPATH="C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9Express_Ho...

Error: (12/11/2011 11:42:25 AM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (12/11/2011 11:42:19 AM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

Error: (12/11/2011 11:42:19 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3688
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (12/11/2011 11:31:24 AM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

Error: (12/11/2011 11:31:24 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3308
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}


System errors:
=============
Error: (12/11/2011 02:18:03 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:18:03 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:18:02 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:18:01 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:18:00 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:17:59 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:17:58 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:17:56 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/11/2011 02:17:55 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (05/11/2011 01:37:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17629 seconds with 1740 seconds of active time. This session ended with a crash.

Error: (04/15/2011 02:27:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 20424 seconds with 660 seconds of active time. This session ended with a crash.

Error: (04/01/2011 08:08:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 45870 seconds with 300 seconds of active time. This session ended with a crash.

Error: (03/15/2011 08:57:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30371 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (03/04/2011 00:09:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 175037 seconds with 4380 seconds of active time. This session ended with a crash.

Error: (02/22/2011 03:50:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 104024 seconds with 2220 seconds of active time. This session ended with a crash.

Error: (02/18/2011 09:17:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39939 seconds with 2700 seconds of active time. This session ended with a crash.

Error: (02/09/2011 10:58:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 86798 seconds with 960 seconds of active time. This session ended with a crash.

Error: (02/01/2011 04:15:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 108597 seconds with 5700 seconds of active time. This session ended with a crash.

Error: (01/19/2011 09:09:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 38699 seconds with 2340 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================


2007 Microsoft Office system (Version: 12.0.6425.1000)
ACR38/100/122 PC/SC Driver 1.1.2.0 (Version: 1.1.2)
Adobe Acrobat 8 Standard (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard (Version: 8.3.1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
ADS Tech Master Installer V3.6 (Version: 3.7.0.6)
ADS Tech V3.7 DVD Xpress CapWiz (Version: 3.7.0.6)
ADS Tech V3.8 DVD Xpress CapWiz (Version: 3.8.0.10)
Any DVD Converter Professional 3.7.9
Any Video Converter 2.7.1
Any Video Converter Professional 2.7.9
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Software Suite
biolsp patch (Version: 01.00.01.0010)
Bloggie Software (Version: 03.01.0099)
Bonjour (Version: 2.0.5.0)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Management Programs (Version: 10.15.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Business Contact Manager for Outlook 2007 SP1 (Version: 3.0.7311.0)
CA Yahoo! Anti-Spy (remove only)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.7)
Canon EOS 5D WIA Driver (Version: 5.7)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.4.0.1)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Centra Client
Conexant HDA D330 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems (Version: 02.00.00.039)
Dell Touchpad (Version: Version 7.1.101.6)
Dell Wireless WLAN Card (Version: 4.100.15.8)
Digital Line Detect (Version: 1.21)
DigitImg (Version: 2.00.0000)
Document Manager Lite (Version: 05.06.00.005)
EMBASSY Security Center (Version: 03.00.00.036)
EMBASSY Security Setup (Version: 03.00.00.035)
EMBASSY Trust Suite by Wave Systems (Version: 2.00.00.039)
ESC Home Page Plugin (Version: 03.00.00.013)
ETS Upgrade (Version: 02.00.00.012)
First Step Guide (Version: 1.00.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Hamster Lite Archiver 2.0.0.13 (Version: 2.0.0.13)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
HP LaserJet P1500 series
HP Memories Disc (Version: 1.0.4.805)
HP Software Update (Version: 1.0.18.20030627)
HPCarePackCore (Version: 10.0.0.1)
HPCarePackProducts (Version: 1.0.0.1)
HPSSupply (Version: 2.1.1.0000)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Image Retriever 7 (Version: 7.0.0.0)
ImageMixer VCD2 (Version: 2.01.002.3)
Intel® Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement (Version: 2.1.37)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Juniper Networks Secure Application Manager (Version: 6.3.0.14121)
LogMeIn (Version: 4.0.680)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft WinUsb 1.0
Mirar
MobileMe Control Panel (Version: 3.1.6.0)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox (3.6.12) (Version: 3.6.12 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
NDH2008Plus!
NetWaiting (Version: 2.5.44)
Novacomd (Version: 1.0.40)
NTRU TCG Software Stack (Version: 2.1.12)
O2Micro USB Smart Card Reader (Version: 1.00.0000)
PaperPort Image Printer (Version: 1.00.0000)
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
PL-2303 USB-to-Serial
PowerDVD (Version: 7.0)
Preboot Manager (Version: 2.0.0.102)
Private Information Manager (Version: 05.05.00.022)
PS7600 (Version: 1.00.0000)
PSShortcuts (Version: 1.00.0000)
PSUsage (Version: 1.20.0000)
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.69.80.9)
ResMed USB Adapter (Driver Removal)
ResMed Ventilator Installer v1.96.0 (Version: 1.96.0)
ResScan (Version: 3.16)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Safari (Version: 5.33.18.5)
Scanner Utility for Microsoft Windows
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Secure Update (Version: 05.03.00.011)
Security Wizards (Version: 01.03.00.021)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4820.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Software Operation Panel
Sonic Activation Module (Version: 1.0)
Sony USB Driver
SpywareBlaster 4.4 (Version: 4.4.0)
SUPERAntiSpyware Free Edition (Version: 4.22.0.1014)
Touch by HTC™ User Guide (Version: 1.0)
Trend Micro Client/Server Security Agent
TubeSucker (Version: 5.0.0.4)
Ulead DVD MovieFactory 3 SE (Version: 3.0)
Ulead Straight-to-Disc SDK (Version: 2.2)
upekmsi (Version: 02.00.02.0010)
URL Assistant
Virtual Earth 3D (Beta) (Version: 3.0.808.29001)
VPN Client
Wave Infrastructure Installer (Version: 03.05.10.0050)
Wave Support Software (Version: 05.04.00.018)
WebDrive (Version: 7.10.1475)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5) (Version: 12/16/2009 1.1.6.5)
Windows Driver Package - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3) (Version: 12/16/2009 1.1.6.3)
Windows Driver Package - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2) (Version: 12/15/2009 1.1.6.2)
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) (Version: 09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) (Version: 02/05/2007 1.1.3.7)
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0) (Version: 11/30/2008 1.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Xerox WC M20 Series PS
Xerox WorkCentre M20 Series
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 2037.9 MB
Available physical RAM: 932.11 MB
Total Pagefile: 3930.54 MB
Available Pagefile: 2560.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:5.01 GB) NTFS

========================= Users: ========================================

User accounts for \\MDS0083

charlene.oldeck Guest HelpAssistant
Hypnos l3174299092 matt.thomas
Support SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010809-01.dmp
C:\WINDOWS\Minidump\Mini033011-01.dmp
C:\WINDOWS\Minidump\Mini061010-01.dmp
C:\WINDOWS\Minidump\Mini062309-01.dmp
C:\WINDOWS\Minidump\Mini062409-01.dmp
C:\WINDOWS\Minidump\Mini080709-01.dmp
C:\WINDOWS\Minidump\Mini101308-01.dmp
C:\WINDOWS\Minidump\Mini102508-01.dmp
C:\WINDOWS\Minidump\Mini112808-01.dmp

**** End of log ****


14:25:10.0468 5176 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
14:25:10.0828 5176 ============================================================
14:25:10.0828 5176 Current date / time: 2011/12/11 14:25:10.0828
14:25:10.0828 5176 SystemInfo:
14:25:10.0828 5176
14:25:10.0828 5176 OS Version: 5.1.2600 ServicePack: 3.0
14:25:10.0828 5176 Product type: Workstation
14:25:10.0828 5176 ComputerName: MDS0083
14:25:10.0828 5176 UserName: matt.thomas
14:25:10.0828 5176 Windows directory: C:\WINDOWS
14:25:10.0828 5176 System windows directory: C:\WINDOWS
14:25:10.0828 5176 Processor architecture: Intel x86
14:25:10.0828 5176 Number of processors: 2
14:25:10.0828 5176 Page size: 0x1000
14:25:10.0828 5176 Boot type: Normal boot
14:25:10.0828 5176 ============================================================
14:25:13.0234 5176 Initialize success
14:25:30.0062 5508 ============================================================
14:25:30.0062 5508 Scan started
14:25:30.0062 5508 Mode: Manual;
14:25:30.0062 5508 ============================================================
14:25:35.0515 5508 Abiosdsk - ok
14:25:35.0562 5508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:25:35.0578 5508 abp480n5 - ok
14:25:35.0625 5508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:25:35.0656 5508 ACPI - ok
14:25:35.0703 5508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:25:35.0718 5508 ACPIEC - ok
14:25:35.0765 5508 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:25:35.0796 5508 adpu160m - ok
14:25:35.0859 5508 ADSEXPB (d6283a2039c54e34eb5ba518c9aedca5) C:\WINDOWS\system32\Drivers\adsexpb.SYS
14:25:35.0875 5508 ADSEXPB - ok
14:25:36.0000 5508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:25:36.0031 5508 aec - ok
14:25:36.0078 5508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:25:36.0109 5508 AFD - ok
14:25:36.0156 5508 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
14:25:36.0187 5508 AFS2K - ok
14:25:36.0250 5508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:25:36.0265 5508 agp440 - ok
14:25:36.0406 5508 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:25:36.0421 5508 agpCPQ - ok
14:25:36.0468 5508 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:25:36.0484 5508 Aha154x - ok
14:25:36.0515 5508 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:25:36.0531 5508 aic78u2 - ok
14:25:36.0578 5508 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:25:36.0593 5508 aic78xx - ok
14:25:36.0640 5508 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:25:36.0656 5508 AliIde - ok
14:25:36.0843 5508 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:25:36.0859 5508 alim1541 - ok
14:25:36.0890 5508 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:25:36.0906 5508 amdagp - ok
14:25:36.0937 5508 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:25:36.0968 5508 amsint - ok
14:25:37.0000 5508 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:25:37.0031 5508 ApfiltrService - ok
14:25:37.0156 5508 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
14:25:37.0171 5508 APPDRV - ok
14:25:37.0234 5508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:25:37.0250 5508 Arp1394 - ok
14:25:37.0296 5508 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:25:37.0328 5508 asc - ok
14:25:37.0359 5508 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:25:37.0390 5508 asc3350p - ok
14:25:37.0421 5508 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:25:37.0437 5508 asc3550 - ok
14:25:37.0562 5508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:25:37.0593 5508 AsyncMac - ok
14:25:37.0656 5508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:25:37.0656 5508 atapi - ok
14:25:37.0671 5508 Atdisk - ok
14:25:37.0718 5508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:25:37.0734 5508 Atmarpc - ok
14:25:37.0781 5508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:25:37.0796 5508 audstub - ok
14:25:37.0843 5508 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:25:37.0875 5508 b57w2k - ok
14:25:37.0984 5508 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
14:25:38.0000 5508 BASFND - ok
14:25:38.0125 5508 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:25:38.0203 5508 BCM43XX - ok
14:25:38.0265 5508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:25:38.0281 5508 Beep - ok
14:25:38.0343 5508 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
14:25:38.0359 5508 BrScnUsb - ok
14:25:38.0390 5508 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
14:25:38.0406 5508 BrSerIf - ok
14:25:38.0531 5508 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
14:25:38.0546 5508 BrUsbSer - ok
14:25:38.0578 5508 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:25:38.0609 5508 cbidf - ok
14:25:38.0625 5508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:38.0625 5508 cbidf2k - ok
14:25:38.0687 5508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:25:38.0718 5508 CCDECODE - ok
14:25:38.0750 5508 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:25:38.0781 5508 cd20xrnt - ok
14:25:38.0781 5508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:38.0796 5508 Cdaudio - ok
14:25:38.0843 5508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:38.0875 5508 Cdfs - ok
14:25:39.0000 5508 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:25:39.0015 5508 cdrbsdrv - ok
14:25:39.0093 5508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:39.0125 5508 Cdrom - ok
14:25:39.0156 5508 Changer - ok
14:25:39.0187 5508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:25:39.0203 5508 CmBatt - ok
14:25:39.0250 5508 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:25:39.0265 5508 CmdIde - ok
14:25:39.0718 5508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:25:39.0734 5508 Compbatt - ok
14:25:39.0828 5508 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:25:39.0843 5508 Cpqarray - ok
14:25:39.0968 5508 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:25:39.0984 5508 CVirtA - ok
14:25:40.0046 5508 CVPNDRVA (b4ee6bf210982d31e56cd526eb7e0cb6) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:25:40.0078 5508 CVPNDRVA - ok
14:25:40.0156 5508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:25:40.0203 5508 dac2w2k - ok
14:25:40.0296 5508 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:25:40.0312 5508 dac960nt - ok
14:25:40.0406 5508 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys
14:25:40.0437 5508 DgiVecp - ok
14:25:40.0484 5508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:40.0500 5508 Disk - ok
14:25:40.0593 5508 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
14:25:40.0609 5508 DLABMFSM - ok
14:25:40.0671 5508 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:25:40.0687 5508 DLABOIOM - ok
14:25:40.0750 5508 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:25:40.0765 5508 DLACDBHM - ok
14:25:40.0890 5508 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
14:25:40.0906 5508 DLADResM - ok
14:25:40.0921 5508 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:25:40.0953 5508 DLAIFS_M - ok
14:25:40.0968 5508 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:25:40.0984 5508 DLAOPIOM - ok
14:25:41.0046 5508 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:25:41.0062 5508 DLAPoolM - ok
14:25:41.0140 5508 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:25:41.0171 5508 DLARTL_M - ok
14:25:41.0187 5508 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:25:41.0218 5508 DLAUDFAM - ok
14:25:41.0281 5508 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:25:41.0312 5508 DLAUDF_M - ok
14:25:41.0406 5508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:25:41.0484 5508 dmboot - ok
14:25:41.0546 5508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:25:41.0593 5508 dmio - ok
14:25:41.0609 5508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:25:41.0625 5508 dmload - ok
14:25:41.0718 5508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:25:41.0750 5508 DMusic - ok
14:25:41.0796 5508 DNE (f3d3e0d3fefac57ed1ecadfe746e52f3) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:25:41.0828 5508 DNE - ok
14:25:41.0875 5508 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:25:41.0890 5508 dpti2o - ok
14:25:41.0984 5508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:42.0000 5508 drmkaud - ok
14:25:42.0093 5508 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:25:42.0125 5508 DRVMCDB - ok
14:25:42.0156 5508 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:25:42.0171 5508 DRVNDDM - ok
14:25:42.0234 5508 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
14:25:42.0250 5508 DXEC01 - ok
14:25:42.0328 5508 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:25:42.0359 5508 E100B - ok
14:25:42.0468 5508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:42.0500 5508 Fastfat - ok
14:25:42.0593 5508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:42.0609 5508 Fdc - ok
14:25:42.0656 5508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:25:42.0671 5508 Fips - ok
14:25:42.0734 5508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:42.0750 5508 Flpydisk - ok
14:25:42.0781 5508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:25:42.0812 5508 FltMgr - ok
14:25:42.0859 5508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:42.0875 5508 Fs_Rec - ok
14:25:42.0906 5508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:42.0937 5508 Ftdisk - ok
14:25:43.0031 5508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:25:43.0062 5508 GEARAspiWDM - ok
14:25:43.0125 5508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:43.0156 5508 Gpc - ok
14:25:43.0203 5508 guardian2 (7dadeb7f2215b1f883267cad67f091c1) C:\WINDOWS\system32\Drivers\oz776.sys
14:25:43.0234 5508 guardian2 - ok
14:25:43.0296 5508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:25:43.0312 5508 HDAudBus - ok
14:25:43.0375 5508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:43.0390 5508 HidUsb - ok
14:25:43.0453 5508 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:25:43.0484 5508 hpn - ok
14:25:43.0593 5508 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:25:43.0640 5508 HPZid412 - ok
14:25:43.0781 5508 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:25:43.0812 5508 HPZipr12 - ok
14:25:43.0906 5508 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:25:43.0921 5508 HPZius12 - ok
14:25:44.0000 5508 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:25:44.0031 5508 HSFHWAZL - ok
14:25:44.0140 5508 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:25:44.0234 5508 HSF_DPV - ok
14:25:44.0343 5508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:44.0375 5508 HTTP - ok
14:25:44.0437 5508 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:25:44.0453 5508 i2omgmt - ok
14:25:44.0531 5508 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:25:44.0546 5508 i2omp - ok
14:25:44.0593 5508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:25:44.0625 5508 i8042prt - ok
14:25:44.0984 5508 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:25:45.0437 5508 ialm - ok
14:25:45.0578 5508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:45.0593 5508 Imapi - ok
14:25:45.0656 5508 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:25:45.0671 5508 ini910u - ok
14:25:45.0718 5508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:45.0734 5508 IntelIde - ok
14:25:45.0796 5508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:25:45.0828 5508 intelppm - ok
14:25:45.0890 5508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:25:45.0906 5508 Ip6Fw - ok
14:25:45.0953 5508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:45.0984 5508 IpFilterDriver - ok
14:25:46.0109 5508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:46.0125 5508 IpInIp - ok
14:25:46.0187 5508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:46.0218 5508 IpNat - ok
14:25:46.0234 5508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:46.0265 5508 IPSec - ok
14:25:46.0312 5508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:46.0328 5508 IRENUM - ok
14:25:46.0375 5508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:46.0421 5508 isapnp - ok
14:25:46.0453 5508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:46.0484 5508 Kbdclass - ok
14:25:46.0640 5508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:25:46.0671 5508 kmixer - ok
14:25:46.0750 5508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:46.0781 5508 KSecDD - ok
14:25:46.0796 5508 lbrtfdc - ok
14:25:46.0906 5508 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
14:25:46.0937 5508 LMIInfo - ok
14:25:47.0031 5508 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:25:47.0046 5508 lmimirr - ok
14:25:47.0062 5508 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:25:47.0078 5508 LMIRfsDriver - ok
14:25:47.0140 5508 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:25:47.0171 5508 MBAMProtector - ok
14:25:47.0234 5508 MCSTRM - ok
14:25:47.0328 5508 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:25:47.0343 5508 mdmxsdk - ok
14:25:47.0359 5508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:47.0375 5508 mnmdd - ok
14:25:47.0437 5508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:25:47.0453 5508 Modem - ok
14:25:47.0468 5508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:47.0500 5508 Mouclass - ok
14:25:47.0593 5508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:47.0609 5508 mouhid - ok
14:25:47.0656 5508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:47.0671 5508 MountMgr - ok
14:25:47.0734 5508 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:25:47.0765 5508 mraid35x - ok
14:25:47.0812 5508 MREMPR5 - ok
14:25:47.0828 5508 MRENDIS5 - ok
14:25:47.0890 5508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:47.0921 5508 MRxDAV - ok
14:25:48.0078 5508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:48.0156 5508 MRxSmb - ok
14:25:48.0218 5508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:25:48.0234 5508 Msfs - ok
14:25:48.0281 5508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:48.0296 5508 MSKSSRV - ok
14:25:48.0359 5508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:48.0375 5508 MSPCLOCK - ok
14:25:48.0421 5508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:48.0437 5508 MSPQM - ok
14:25:48.0546 5508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:48.0578 5508 mssmbios - ok
14:25:48.0593 5508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:25:48.0609 5508 MSTEE - ok
14:25:48.0671 5508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:25:48.0703 5508 Mup - ok
14:25:48.0750 5508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:25:48.0781 5508 NABTSFEC - ok
14:25:48.0921 5508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:25:48.0953 5508 NDIS - ok
14:25:49.0062 5508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:25:49.0078 5508 NdisIP - ok
14:25:49.0140 5508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:49.0156 5508 NdisTapi - ok
14:25:49.0218 5508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:49.0234 5508 Ndisuio - ok
14:25:49.0296 5508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:49.0328 5508 NdisWan - ok
14:25:49.0375 5508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:49.0390 5508 NDProxy - ok
14:25:49.0484 5508 NEOFLTR_630_14121 (d68beba9074c2aa5ce78560a1bb0fbf4) C:\WINDOWS\system32\Drivers\NEOFLTR_630_14121.SYS
14:25:49.0500 5508 NEOFLTR_630_14121 - ok
14:25:49.0562 5508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:49.0578 5508 NetBIOS - ok
14:25:49.0656 5508 NetBT (e67c98f0a21b745d50082ae9c095795b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:49.0687 5508 NetBT - ok
14:25:49.0843 5508 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:25:49.0875 5508 NIC1394 - ok
14:25:50.0109 5508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:25:50.0125 5508 Npfs - ok
14:25:50.0218 5508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:50.0281 5508 Ntfs - ok
14:25:50.0343 5508 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:25:50.0359 5508 NuidFltr - ok
14:25:50.0421 5508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:25:50.0437 5508 Null - ok
14:25:50.0578 5508 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:25:50.0703 5508 nv - ok
14:25:50.0859 5508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:50.0890 5508 NwlnkFlt - ok
14:25:50.0906 5508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:50.0937 5508 NwlnkFwd - ok
14:25:51.0203 5508 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:25:51.0218 5508 ohci1394 - ok
14:25:51.0281 5508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:51.0296 5508 Parport - ok
14:25:51.0328 5508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:51.0359 5508 PartMgr - ok
14:25:51.0406 5508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:51.0437 5508 ParVdm - ok
14:25:51.0578 5508 PBADRV (e3e6e724d6a82ab6a2afbcb21180ffce) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
14:25:51.0593 5508 PBADRV - ok
14:25:51.0687 5508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:51.0718 5508 PCI - ok
14:25:51.0734 5508 PCIDump - ok
14:25:51.0812 5508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:51.0828 5508 PCIIde - ok
14:25:51.0875 5508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:25:51.0906 5508 Pcmcia - ok
14:25:51.0953 5508 PDCOMP - ok
14:25:52.0031 5508 PDFRAME - ok
14:25:52.0062 5508 PDRELI - ok
14:25:52.0078 5508 PDRFRAME - ok
14:25:52.0109 5508 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:25:52.0140 5508 perc2 - ok
14:25:52.0156 5508 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:25:52.0171 5508 perc2hib - ok
14:25:52.0250 5508 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
14:25:52.0281 5508 pfc - ok
14:25:52.0328 5508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:52.0359 5508 PptpMiniport - ok
14:25:52.0421 5508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:52.0453 5508 PSched - ok
14:25:52.0515 5508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:52.0531 5508 Ptilink - ok
14:25:52.0593 5508 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:25:52.0625 5508 PxHelp20 - ok
14:25:52.0687 5508 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:25:52.0750 5508 ql1080 - ok
14:25:52.0765 5508 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:25:52.0796 5508 Ql10wnt - ok
14:25:52.0843 5508 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:25:52.0890 5508 ql12160 - ok
14:25:53.0000 5508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:25:53.0031 5508 ql1240 - ok
14:25:53.0062 5508 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:25:53.0093 5508 ql1280 - ok
14:25:53.0125 5508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:53.0156 5508 RasAcd - ok
14:25:53.0203 5508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:53.0218 5508 Rasl2tp - ok
14:25:53.0250 5508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:53.0281 5508 RasPppoe - ok
14:25:53.0343 5508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:53.0390 5508 Raspti - ok
14:25:53.0468 5508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:53.0500 5508 Rdbss - ok
14:25:53.0562 5508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:53.0578 5508 RDPCDD - ok
14:25:53.0656 5508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:25:53.0687 5508 rdpdr - ok
14:25:53.0781 5508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:53.0812 5508 RDPWD - ok
14:25:53.0875 5508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:53.0890 5508 redbook - ok
14:25:54.0171 5508 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\matt.thomas\Desktop\Misc1\Anti-Adware\SASDIFSV.SYS
14:25:54.0187 5508 SASDIFSV - ok
14:25:54.0187 5508 SASENUM - ok
14:25:54.0203 5508 SASKUTIL - ok
14:25:54.0375 5508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:54.0390 5508 Secdrv - ok
14:25:54.0515 5508 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:25:54.0531 5508 Ser2pl - ok
14:25:55.0046 5508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:55.0062 5508 serenum - ok
14:25:55.0250 5508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:55.0281 5508 Serial - ok
14:25:55.0343 5508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:55.0359 5508 Sfloppy - ok
14:25:55.0375 5508 Simbad - ok
14:25:55.0437 5508 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:25:55.0468 5508 sisagp - ok
14:25:55.0531 5508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:25:55.0562 5508 SLIP - ok
14:25:55.0671 5508 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
14:25:55.0703 5508 sonypvs1 - ok
14:25:55.0765 5508 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:25:55.0765 5508 SONYPVU1 - ok
14:25:55.0828 5508 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:25:55.0843 5508 Sparrow - ok
14:25:56.0046 5508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:25:56.0062 5508 splitter - ok
14:25:56.0140 5508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:56.0171 5508 sr - ok
14:25:56.0234 5508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:56.0296 5508 Srv - ok
14:25:56.0421 5508 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
14:25:56.0578 5508 STHDA - ok
14:25:56.0859 5508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:25:56.0875 5508 streamip - ok
14:25:56.0921 5508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:56.0937 5508 swenum - ok
14:25:56.0953 5508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:25:56.0984 5508 swmidi - ok
14:25:57.0031 5508 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:25:57.0046 5508 symc810 - ok
14:25:57.0093 5508 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:25:57.0109 5508 symc8xx - ok
14:25:57.0156 5508 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:25:57.0187 5508 sym_hi - ok
14:25:57.0218 5508 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:25:57.0234 5508 sym_u3 - ok
14:25:57.0421 5508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:25:57.0453 5508 sysaudio - ok
14:25:57.0531 5508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:25:57.0578 5508 Tcpip - ok
14:25:57.0640 5508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:25:57.0656 5508 TDPIPE - ok
14:25:57.0703 5508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:25:57.0718 5508 TDTCP - ok
14:25:57.0765 5508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:25:57.0796 5508 TermDD - ok
14:25:57.0859 5508 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
14:25:57.0890 5508 tmcomm - ok
14:25:57.0984 5508 TmFilter (3e615f370f0c7db414b6bcd1c18399d4) C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
14:25:58.0046 5508 TmFilter - ok
14:25:58.0078 5508 TmPreFilter (c7c7959ec0940e0eddfc881fed8ec214) C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
14:25:58.0109 5508 TmPreFilter - ok
14:25:58.0187 5508 TM_CFW (6ebec57eb4b4b29c8a90d3c32a588f3e) C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys
14:25:58.0484 5508 TM_CFW - ok
14:25:58.0625 5508 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:25:58.0640 5508 TosIde - ok
14:25:58.0703 5508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:25:58.0765 5508 Udfs - ok
14:25:58.0812 5508 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:25:58.0828 5508 ultra - ok
14:25:58.0906 5508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:25:58.0937 5508 Update - ok
14:25:59.0125 5508 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:25:59.0140 5508 USBAAPL - ok
14:25:59.0187 5508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:25:59.0218 5508 usbaudio - ok
14:25:59.0296 5508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:25:59.0312 5508 usbccgp - ok
14:25:59.0328 5508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:25:59.0359 5508 usbehci - ok
14:25:59.0390 5508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:25:59.0406 5508 usbhub - ok
14:25:59.0437 5508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:25:59.0453 5508 usbprint - ok
14:25:59.0531 5508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:25:59.0562 5508 usbscan - ok
14:25:59.0640 5508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:25:59.0671 5508 USBSTOR - ok
14:25:59.0718 5508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:25:59.0750 5508 usbuhci - ok
14:25:59.0796 5508 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:25:59.0812 5508 usb_rndisx - ok
14:25:59.0828 5508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:25:59.0843 5508 VgaSave - ok
14:25:59.0890 5508 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:25:59.0921 5508 viaagp - ok
14:25:59.0968 5508 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:25:59.0984 5508 ViaIde - ok
14:26:00.0031 5508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:00.0062 5508 VolSnap - ok
14:26:00.0296 5508 VSApiNt (60dfbc34228ca36221b03460789f5d4e) C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
14:26:00.0359 5508 VSApiNt - ok
14:26:00.0484 5508 vsdatant (57009a8610a4e1f5ed333f543224516a) C:\WINDOWS\system32\vsdatant.sys
14:26:00.0750 5508 vsdatant - ok
14:26:00.0906 5508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:00.0921 5508 Wanarp - ok
14:26:01.0000 5508 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:26:01.0078 5508 Wdf01000 - ok
14:26:01.0093 5508 WDICA - ok
14:26:01.0125 5508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:01.0140 5508 wdmaud - ok
14:26:01.0250 5508 WebDriveFSD (e5ca8571ff00fe7ee3d667fe0cc147c5) C:\Program Files\WebDrive\wdfsd.sys
14:26:01.0328 5508 WebDriveFSD - ok
14:26:01.0515 5508 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:26:01.0718 5508 winachsf - ok
14:26:01.0828 5508 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:26:01.0859 5508 WinUSB - ok
14:26:01.0937 5508 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:26:01.0937 5508 WmiAcpi - ok
14:26:02.0093 5508 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:26:02.0125 5508 WpdUsb - ok
14:26:02.0171 5508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:26:02.0187 5508 WS2IFSL - ok
14:26:02.0250 5508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:26:02.0265 5508 WSTCODEC - ok
14:26:02.0328 5508 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:26:02.0359 5508 WudfPf - ok
14:26:02.0390 5508 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:26:02.0437 5508 WudfRd - ok
14:26:02.0484 5508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:26:02.0640 5508 \Device\Harddisk0\DR0 - ok
14:26:02.0640 5508 Boot (0x1200) (fe6734fbb0c47b2335e6cd0179c90303) \Device\Harddisk0\DR0\Partition0
14:26:02.0640 5508 \Device\Harddisk0\DR0\Partition0 - ok
14:26:02.0640 5508 ============================================================
14:26:02.0640 5508 Scan finished
14:26:02.0640 5508 ============================================================
14:26:02.0656 5756 Detected object count: 0
14:26:02.0656 5756 Actual detected object count: 0




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8352

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2011 3:07:49 PM
mbam-log-2011-12-11 (15-07-49).txt

Scan type: Quick scan
Objects scanned: 221628
Time elapsed: 37 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 AM

Posted 11 December 2011 - 04:36 PM

Looks like a Zero Access rootkit may be at work here.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and

Malware Removal Logs
and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mattymatt

mattymatt
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 11 December 2011 - 09:13 PM

Thanks for your help! I followed your instructions and posted in the other thread.

Thanks again!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:49 AM

Posted 12 December 2011 - 05:08 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users