Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus


  • Please log in to reply
39 replies to this topic

#16 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 24 March 2012 - 10:27 PM

On TDSSKiller...

Please run it once again, and this time, when presented with the TDSS File System entry in Threats Detected, select: Delete

Please post the new TDSSKiller log in your reply.

Old duck...


BC AdBot (Login to Remove)

 


#17 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 26 March 2012 - 01:26 AM

When I scaned there were no threats detected. BUT, then I remembered to change parameters, checkmark the Detect TDLFS File System and ran again. One threat detected, I hit delete.
This is the log:
02:22:08.0875 2004 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
02:22:09.0250 2004 ============================================================
02:22:09.0250 2004 Current date / time: 2012/03/26 02:22:09.0250
02:22:09.0250 2004 SystemInfo:
02:22:09.0250 2004
02:22:09.0250 2004 OS Version: 5.1.2600 ServicePack: 2.0
02:22:09.0250 2004 Product type: Workstation
02:22:09.0250 2004 ComputerName: DAWNS-RFU
02:22:09.0250 2004 UserName: Dawn
02:22:09.0250 2004 Windows directory: C:\WINDOWS
02:22:09.0250 2004 System windows directory: C:\WINDOWS
02:22:09.0250 2004 Processor architecture: Intel x86
02:22:09.0250 2004 Number of processors: 1
02:22:09.0250 2004 Page size: 0x1000
02:22:09.0250 2004 Boot type: Normal boot
02:22:09.0250 2004 ============================================================
02:22:11.0046 2004 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:22:11.0062 2004 \Device\Harddisk0\DR0:
02:22:11.0062 2004 MBR used
02:22:11.0062 2004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9CE28, BlocksNum 0x980B1C4
02:22:11.0140 2004 Initialize success
02:22:11.0140 2004 ============================================================
02:22:24.0765 3808 ============================================================
02:22:24.0765 3808 Scan started
02:22:24.0765 3808 Mode: Manual;
02:22:24.0765 3808 ============================================================
02:22:25.0171 3808 Abiosdsk - ok
02:22:25.0234 3808 abp480n5 - ok
02:22:25.0328 3808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:22:25.0328 3808 ACPI - ok
02:22:25.0406 3808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:22:25.0406 3808 ACPIEC - ok
02:22:25.0484 3808 adpu160m - ok
02:22:25.0593 3808 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
02:22:25.0593 3808 aec - ok
02:22:25.0687 3808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
02:22:25.0687 3808 AFD - ok
02:22:25.0750 3808 Aha154x - ok
02:22:25.0812 3808 aic78u2 - ok
02:22:25.0906 3808 aic78xx - ok
02:22:26.0140 3808 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:22:26.0312 3808 ALCXWDM - ok
02:22:26.0406 3808 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
02:22:26.0406 3808 Alerter - ok
02:22:26.0515 3808 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
02:22:26.0515 3808 ALG - ok
02:22:26.0593 3808 AliIde - ok
02:22:26.0656 3808 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:22:26.0656 3808 AmdK7 - ok
02:22:26.0734 3808 amsint - ok
02:22:26.0875 3808 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:22:26.0875 3808 Apple Mobile Device - ok
02:22:26.0953 3808 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
02:22:26.0968 3808 AppMgmt - ok
02:22:27.0031 3808 asc - ok
02:22:27.0093 3808 asc3350p - ok
02:22:27.0156 3808 asc3550 - ok
02:22:27.0328 3808 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:22:27.0328 3808 aspnet_state - ok
02:22:27.0406 3808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:22:27.0406 3808 AsyncMac - ok
02:22:27.0500 3808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:22:27.0515 3808 atapi - ok
02:22:27.0562 3808 Atdisk - ok
02:22:27.0640 3808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:22:27.0640 3808 Atmarpc - ok
02:22:27.0734 3808 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
02:22:27.0734 3808 AudioSrv - ok
02:22:27.0796 3808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:22:27.0796 3808 audstub - ok
02:22:27.0953 3808 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
02:22:27.0968 3808 avg9wd - ok
02:22:28.0078 3808 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
02:22:28.0078 3808 AvgLdx86 - ok
02:22:28.0171 3808 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
02:22:28.0171 3808 AvgMfx86 - ok
02:22:28.0281 3808 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
02:22:28.0281 3808 AvgTdiX - ok
02:22:28.0421 3808 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
02:22:28.0421 3808 bbcap - ok
02:22:28.0515 3808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:22:28.0515 3808 Beep - ok
02:22:28.0640 3808 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
02:22:28.0671 3808 BITS - ok
02:22:28.0812 3808 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:22:28.0828 3808 Bonjour Service - ok
02:22:28.0921 3808 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
02:22:28.0937 3808 Browser - ok
02:22:29.0000 3808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:22:29.0015 3808 cbidf2k - ok
02:22:29.0078 3808 cd20xrnt - ok
02:22:29.0140 3808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:22:29.0140 3808 Cdaudio - ok
02:22:29.0203 3808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:22:29.0203 3808 Cdfs - ok
02:22:29.0250 3808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:22:29.0250 3808 Cdrom - ok
02:22:29.0312 3808 Changer - ok
02:22:29.0375 3808 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\System32\cisvc.exe
02:22:29.0375 3808 cisvc - ok
02:22:29.0421 3808 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
02:22:29.0437 3808 ClipSrv - ok
02:22:29.0531 3808 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:22:29.0546 3808 clr_optimization_v2.0.50727_32 - ok
02:22:29.0609 3808 CmdIde - ok
02:22:29.0718 3808 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
02:22:29.0781 3808 cmuda - ok
02:22:29.0843 3808 COMSysApp - ok
02:22:29.0953 3808 Cpqarray - ok
02:22:30.0046 3808 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
02:22:30.0046 3808 CryptSvc - ok
02:22:30.0109 3808 dac2w2k - ok
02:22:30.0171 3808 dac960nt - ok
02:22:30.0250 3808 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
02:22:30.0296 3808 DcomLaunch - ok
02:22:30.0390 3808 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
02:22:30.0390 3808 dg_ssudbus - ok
02:22:30.0484 3808 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
02:22:30.0484 3808 Dhcp - ok
02:22:30.0531 3808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:22:30.0562 3808 Disk - ok
02:22:30.0609 3808 dmadmin - ok
02:22:30.0703 3808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:22:30.0750 3808 dmboot - ok
02:22:30.0828 3808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:22:30.0843 3808 dmio - ok
02:22:30.0906 3808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:22:30.0906 3808 dmload - ok
02:22:30.0984 3808 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
02:22:30.0984 3808 dmserver - ok
02:22:31.0031 3808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:22:31.0031 3808 DMusic - ok
02:22:31.0109 3808 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
02:22:31.0109 3808 Dnscache - ok
02:22:31.0171 3808 dpti2o - ok
02:22:31.0250 3808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:22:31.0250 3808 drmkaud - ok
02:22:31.0312 3808 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
02:22:31.0328 3808 ERSvc - ok
02:22:31.0390 3808 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
02:22:31.0406 3808 Eventlog - ok
02:22:31.0468 3808 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
02:22:31.0484 3808 EventSystem - ok
02:22:31.0546 3808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:22:31.0546 3808 Fastfat - ok
02:22:31.0625 3808 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:22:31.0625 3808 FastUserSwitchingCompatibility - ok
02:22:31.0734 3808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:22:31.0734 3808 Fdc - ok
02:22:31.0796 3808 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
02:22:31.0796 3808 FETNDIS - ok
02:22:31.0875 3808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:22:31.0875 3808 Fips - ok
02:22:31.0968 3808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:22:31.0968 3808 Flpydisk - ok
02:22:32.0046 3808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
02:22:32.0062 3808 FltMgr - ok
02:22:32.0203 3808 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:22:32.0203 3808 FontCache3.0.0.0 - ok
02:22:32.0296 3808 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:22:32.0296 3808 fssfltr - ok
02:22:32.0468 3808 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:22:32.0531 3808 fsssvc - ok
02:22:32.0562 3808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:22:32.0562 3808 Fs_Rec - ok
02:22:32.0671 3808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:22:32.0671 3808 Ftdisk - ok
02:22:32.0734 3808 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:22:32.0734 3808 gameenum - ok
02:22:32.0828 3808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:22:32.0828 3808 GEARAspiWDM - ok
02:22:32.0906 3808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:22:32.0906 3808 Gpc - ok
02:22:33.0062 3808 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:22:33.0062 3808 gupdate - ok
02:22:33.0093 3808 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:22:33.0093 3808 gupdatem - ok
02:22:33.0156 3808 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:22:33.0156 3808 helpsvc - ok
02:22:33.0250 3808 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
02:22:33.0250 3808 HidServ - ok
02:22:33.0328 3808 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:22:33.0328 3808 HidUsb - ok
02:22:33.0375 3808 hpn - ok
02:22:33.0437 3808 hpt3xx - ok
02:22:33.0546 3808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
02:22:33.0546 3808 HTTP - ok
02:22:33.0625 3808 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
02:22:33.0625 3808 HTTPFilter - ok
02:22:33.0671 3808 i2omgmt - ok
02:22:33.0718 3808 i2omp - ok
02:22:33.0796 3808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:22:33.0812 3808 i8042prt - ok
02:22:33.0968 3808 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:22:34.0000 3808 idsvc - ok
02:22:34.0062 3808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:22:34.0078 3808 Imapi - ok
02:22:34.0140 3808 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
02:22:34.0140 3808 ImapiService - ok
02:22:34.0203 3808 ini910u - ok
02:22:34.0281 3808 IntelIde - ok
02:22:34.0343 3808 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:22:34.0343 3808 ip6fw - ok
02:22:34.0406 3808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:22:34.0406 3808 IpFilterDriver - ok
02:22:34.0484 3808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:22:34.0484 3808 IpInIp - ok
02:22:34.0562 3808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:22:34.0562 3808 IpNat - ok
02:22:34.0671 3808 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
02:22:34.0718 3808 iPod Service - ok
02:22:34.0812 3808 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:22:34.0812 3808 IPSec - ok
02:22:34.0890 3808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:22:34.0890 3808 IRENUM - ok
02:22:35.0015 3808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:22:35.0015 3808 isapnp - ok
02:22:35.0140 3808 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
02:22:35.0140 3808 JavaQuickStarterService - ok
02:22:35.0218 3808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:22:35.0218 3808 Kbdclass - ok
02:22:35.0328 3808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
02:22:35.0343 3808 kmixer - ok
02:22:35.0406 3808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
02:22:35.0406 3808 KSecDD - ok
02:22:35.0484 3808 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
02:22:35.0484 3808 lanmanserver - ok
02:22:35.0593 3808 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
02:22:35.0593 3808 lanmanworkstation - ok
02:22:35.0656 3808 lbrtfdc - ok
02:22:35.0812 3808 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
02:22:35.0812 3808 LmHosts - ok
02:22:35.0921 3808 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
02:22:35.0921 3808 Messenger - ok
02:22:35.0984 3808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:22:35.0984 3808 mnmdd - ok
02:22:36.0031 3808 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
02:22:36.0046 3808 mnmsrvc - ok
02:22:36.0093 3808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:22:36.0093 3808 Modem - ok
02:22:36.0140 3808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:22:36.0156 3808 Mouclass - ok
02:22:36.0203 3808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:22:36.0203 3808 mouhid - ok
02:22:36.0265 3808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:22:36.0265 3808 MountMgr - ok
02:22:36.0312 3808 mraid35x - ok
02:22:36.0375 3808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:22:36.0390 3808 MRxDAV - ok
02:22:36.0484 3808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:22:36.0500 3808 MRxSmb - ok
02:22:36.0593 3808 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
02:22:36.0593 3808 MSDTC - ok
02:22:36.0718 3808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:22:36.0718 3808 Msfs - ok
02:22:36.0781 3808 MSIServer - ok
02:22:36.0859 3808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:22:36.0859 3808 MSKSSRV - ok
02:22:36.0953 3808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:22:36.0953 3808 MSPCLOCK - ok
02:22:36.0984 3808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:22:37.0015 3808 MSPQM - ok
02:22:37.0078 3808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:22:37.0078 3808 mssmbios - ok
02:22:37.0140 3808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:22:37.0140 3808 Mup - ok
02:22:37.0218 3808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:22:37.0218 3808 NDIS - ok
02:22:37.0296 3808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:22:37.0296 3808 NdisTapi - ok
02:22:37.0343 3808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:22:37.0343 3808 Ndisuio - ok
02:22:37.0421 3808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:22:37.0421 3808 NdisWan - ok
02:22:37.0515 3808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:22:37.0515 3808 NDProxy - ok
02:22:37.0562 3808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:22:37.0562 3808 NetBIOS - ok
02:22:37.0625 3808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:22:37.0640 3808 NetBT - ok
02:22:37.0750 3808 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:22:37.0750 3808 NetDDE - ok
02:22:37.0812 3808 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:22:37.0812 3808 NetDDEdsdm - ok
02:22:37.0906 3808 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:22:37.0906 3808 Netlogon - ok
02:22:38.0031 3808 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
02:22:38.0031 3808 Netman - ok
02:22:38.0250 3808 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:22:38.0250 3808 NetTcpPortSharing - ok
02:22:38.0359 3808 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
02:22:38.0359 3808 Nla - ok
02:22:38.0484 3808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:22:38.0484 3808 Npfs - ok
02:22:38.0546 3808 npggsvc - ok
02:22:38.0609 3808 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
02:22:38.0625 3808 NPPTNT2 - ok
02:22:38.0734 3808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
02:22:38.0750 3808 Ntfs - ok
02:22:38.0843 3808 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:22:38.0843 3808 NtLmSsp - ok
02:22:38.0953 3808 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
02:22:38.0968 3808 NtmsSvc - ok
02:22:39.0031 3808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:22:39.0046 3808 Null - ok
02:22:39.0312 3808 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:22:39.0421 3808 nv - ok
02:22:39.0531 3808 NVSvc (60d62603950220b51df57e461a601659) C:\WINDOWS\system32\nvsvc32.exe
02:22:39.0546 3808 NVSvc - ok
02:22:39.0609 3808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:22:39.0609 3808 NwlnkFlt - ok
02:22:39.0656 3808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:22:39.0656 3808 NwlnkFwd - ok
02:22:39.0703 3808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:22:39.0718 3808 Parport - ok
02:22:39.0796 3808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:22:39.0796 3808 PartMgr - ok
02:22:39.0890 3808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:22:39.0890 3808 ParVdm - ok
02:22:39.0953 3808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:22:39.0968 3808 PCI - ok
02:22:40.0015 3808 PCIDump - ok
02:22:40.0109 3808 PCIIde - ok
02:22:40.0171 3808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:22:40.0187 3808 Pcmcia - ok
02:22:40.0281 3808 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
02:22:40.0281 3808 pcouffin - ok
02:22:40.0359 3808 PDCOMP - ok
02:22:40.0421 3808 PDFRAME - ok
02:22:40.0484 3808 PDRELI - ok
02:22:40.0546 3808 PDRFRAME - ok
02:22:40.0593 3808 perc2 - ok
02:22:40.0656 3808 perc2hib - ok
02:22:40.0796 3808 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
02:22:40.0796 3808 PlugPlay - ok
02:22:40.0843 3808 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:22:40.0859 3808 PolicyAgent - ok
02:22:40.0906 3808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:22:40.0906 3808 PptpMiniport - ok
02:22:40.0968 3808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
02:22:40.0968 3808 Processor - ok
02:22:41.0046 3808 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:22:41.0046 3808 ProtectedStorage - ok
02:22:41.0109 3808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:22:41.0125 3808 PSched - ok
02:22:41.0218 3808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:22:41.0218 3808 Ptilink - ok
02:22:41.0281 3808 ql1080 - ok
02:22:41.0343 3808 Ql10wnt - ok
02:22:41.0406 3808 ql12160 - ok
02:22:41.0453 3808 ql1240 - ok
02:22:41.0515 3808 ql1280 - ok
02:22:41.0578 3808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:22:41.0578 3808 RasAcd - ok
02:22:41.0640 3808 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
02:22:41.0640 3808 RasAuto - ok
02:22:41.0687 3808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:22:41.0687 3808 Rasl2tp - ok
02:22:41.0796 3808 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
02:22:41.0812 3808 RasMan - ok
02:22:41.0875 3808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:22:41.0875 3808 RasPppoe - ok
02:22:41.0968 3808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:22:41.0968 3808 Raspti - ok
02:22:42.0046 3808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:22:42.0046 3808 Rdbss - ok
02:22:42.0109 3808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:22:42.0125 3808 RDPCDD - ok
02:22:42.0187 3808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:22:42.0203 3808 rdpdr - ok
02:22:42.0281 3808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
02:22:42.0281 3808 RDPWD - ok
02:22:42.0359 3808 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
02:22:42.0375 3808 RDSessMgr - ok
02:22:42.0468 3808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:22:42.0468 3808 redbook - ok
02:22:42.0562 3808 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
02:22:42.0562 3808 RemoteAccess - ok
02:22:42.0656 3808 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
02:22:42.0671 3808 RemoteRegistry - ok
02:22:42.0781 3808 RoxioNow Service (f7e69a05751b24360bf2a17e9ef001b1) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
02:22:42.0796 3808 RoxioNow Service - ok
02:22:42.0890 3808 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
02:22:42.0890 3808 RpcLocator - ok
02:22:43.0000 3808 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
02:22:43.0000 3808 RpcSs - ok
02:22:43.0078 3808 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
02:22:43.0093 3808 RSVP - ok
02:22:43.0171 3808 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:22:43.0171 3808 SamSs - ok
02:22:43.0250 3808 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
02:22:43.0281 3808 SCardSvr - ok
02:22:43.0328 3808 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
02:22:43.0343 3808 Schedule - ok
02:22:43.0515 3808 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:22:43.0515 3808 SeaPort - ok
02:22:43.0609 3808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:22:43.0609 3808 Secdrv - ok
02:22:43.0687 3808 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
02:22:43.0687 3808 seclogon - ok
02:22:43.0765 3808 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
02:22:43.0765 3808 SENS - ok
02:22:43.0859 3808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:22:43.0859 3808 serenum - ok
02:22:43.0937 3808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:22:43.0937 3808 Serial - ok
02:22:44.0078 3808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:22:44.0078 3808 Sfloppy - ok
02:22:44.0171 3808 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
02:22:44.0171 3808 SharedAccess - ok
02:22:44.0265 3808 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:22:44.0281 3808 ShellHWDetection - ok
02:22:44.0328 3808 Simbad - ok
02:22:44.0406 3808 Sparrow - ok
02:22:44.0531 3808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
02:22:44.0531 3808 splitter - ok
02:22:44.0625 3808 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
02:22:44.0625 3808 Spooler - ok
02:22:44.0703 3808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:22:44.0703 3808 sr - ok
02:22:44.0796 3808 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
02:22:44.0796 3808 srservice - ok
02:22:44.0906 3808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
02:22:44.0921 3808 Srv - ok
02:22:45.0000 3808 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
02:22:45.0000 3808 SSDPSRV - ok
02:22:45.0078 3808 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
02:22:45.0093 3808 stisvc - ok
02:22:45.0125 3808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:22:45.0125 3808 swenum - ok
02:22:45.0187 3808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:22:45.0187 3808 swmidi - ok
02:22:45.0234 3808 SwPrv - ok
02:22:45.0359 3808 symc810 - ok
02:22:45.0421 3808 symc8xx - ok
02:22:45.0484 3808 sym_hi - ok
02:22:45.0546 3808 sym_u3 - ok
02:22:45.0640 3808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:22:45.0640 3808 sysaudio - ok
02:22:45.0718 3808 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
02:22:45.0718 3808 SysmonLog - ok
02:22:45.0828 3808 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
02:22:45.0828 3808 TapiSrv - ok
02:22:45.0937 3808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:22:45.0953 3808 Tcpip - ok
02:22:46.0015 3808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:22:46.0015 3808 TDPIPE - ok
02:22:46.0078 3808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:22:46.0093 3808 TDTCP - ok
02:22:46.0171 3808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:22:46.0171 3808 TermDD - ok
02:22:46.0265 3808 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
02:22:46.0265 3808 TermService - ok
02:22:46.0359 3808 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:22:46.0375 3808 Themes - ok
02:22:46.0437 3808 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
02:22:46.0453 3808 TlntSvr - ok
02:22:46.0515 3808 TosIde - ok
02:22:46.0593 3808 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
02:22:46.0609 3808 TrkWks - ok
02:22:46.0671 3808 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
02:22:46.0687 3808 uagp35 - ok
02:22:46.0796 3808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:22:46.0796 3808 Udfs - ok
02:22:46.0843 3808 ultra - ok
02:22:46.0906 3808 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:22:46.0937 3808 Update - ok
02:22:47.0015 3808 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
02:22:47.0031 3808 upnphost - ok
02:22:47.0078 3808 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
02:22:47.0078 3808 UPS - ok
02:22:47.0171 3808 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:22:47.0171 3808 USBAAPL - ok
02:22:47.0281 3808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:22:47.0281 3808 usbccgp - ok
02:22:47.0312 3808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:22:47.0312 3808 usbehci - ok
02:22:47.0359 3808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:22:47.0390 3808 usbhub - ok
02:22:47.0468 3808 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:22:47.0468 3808 usbscan - ok
02:22:47.0546 3808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:22:47.0546 3808 USBSTOR - ok
02:22:47.0593 3808 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:22:47.0593 3808 usbuhci - ok
02:22:47.0687 3808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:22:47.0687 3808 VgaSave - ok
02:22:47.0734 3808 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
02:22:47.0734 3808 ViaIde - ok
02:22:47.0812 3808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:22:47.0812 3808 VolSnap - ok
02:22:47.0890 3808 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
02:22:47.0906 3808 VSS - ok
02:22:47.0984 3808 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
02:22:48.0000 3808 W32Time - ok
02:22:48.0078 3808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:22:48.0078 3808 Wanarp - ok
02:22:48.0125 3808 WDICA - ok
02:22:48.0203 3808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
02:22:48.0203 3808 wdmaud - ok
02:22:48.0296 3808 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
02:22:48.0296 3808 WebClient - ok
02:22:48.0421 3808 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:22:48.0437 3808 winmgmt - ok
02:22:48.0562 3808 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
02:22:48.0562 3808 WmdmPmSN - ok
02:22:48.0671 3808 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
02:22:48.0687 3808 Wmi - ok
02:22:48.0796 3808 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:22:48.0796 3808 WmiApSrv - ok
02:22:48.0953 3808 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:22:49.0000 3808 WMPNetworkSvc - ok
02:22:49.0109 3808 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:22:49.0109 3808 WpdUsb - ok
02:22:49.0203 3808 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
02:22:49.0203 3808 wscsvc - ok
02:22:49.0281 3808 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
02:22:49.0296 3808 wuauserv - ok
02:22:49.0375 3808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:22:49.0375 3808 WudfPf - ok
02:22:49.0453 3808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:22:49.0453 3808 WudfRd - ok
02:22:49.0578 3808 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:22:49.0578 3808 WudfSvc - ok
02:22:49.0687 3808 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
02:22:49.0703 3808 WZCSVC - ok
02:22:49.0796 3808 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
02:22:49.0828 3808 xmlprov - ok
02:22:49.0906 3808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:22:50.0093 3808 \Device\Harddisk0\DR0 - ok
02:22:50.0156 3808 Boot (0x1200) (2cfb822adc883ab1332f27e73d1f437f) \Device\Harddisk0\DR0\Partition0
02:22:50.0156 3808 \Device\Harddisk0\DR0\Partition0 - ok
02:22:50.0171 3808 ============================================================
02:22:50.0171 3808 Scan finished
02:22:50.0171 3808 ============================================================
02:22:50.0250 2616 Detected object count: 0
02:22:50.0250 2616 Actual detected object count: 0
02:23:00.0593 0996 ============================================================
02:23:00.0593 0996 Scan started
02:23:00.0593 0996 Mode: Manual; TDLFS;
02:23:00.0593 0996 ============================================================
02:23:00.0937 0996 Abiosdsk - ok
02:23:01.0000 0996 abp480n5 - ok
02:23:01.0093 0996 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:23:01.0125 0996 ACPI - ok
02:23:01.0187 0996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:23:01.0187 0996 ACPIEC - ok
02:23:01.0250 0996 adpu160m - ok
02:23:01.0359 0996 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
02:23:01.0359 0996 aec - ok
02:23:01.0453 0996 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
02:23:01.0453 0996 AFD - ok
02:23:01.0515 0996 Aha154x - ok
02:23:01.0578 0996 aic78u2 - ok
02:23:01.0671 0996 aic78xx - ok
02:23:01.0937 0996 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:23:01.0984 0996 ALCXWDM - ok
02:23:02.0078 0996 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
02:23:02.0078 0996 Alerter - ok
02:23:02.0156 0996 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
02:23:02.0156 0996 ALG - ok
02:23:02.0218 0996 AliIde - ok
02:23:02.0312 0996 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:23:02.0312 0996 AmdK7 - ok
02:23:02.0375 0996 amsint - ok
02:23:02.0531 0996 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:23:02.0562 0996 Apple Mobile Device - ok
02:23:02.0625 0996 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
02:23:02.0640 0996 AppMgmt - ok
02:23:02.0703 0996 asc - ok
02:23:02.0765 0996 asc3350p - ok
02:23:02.0843 0996 asc3550 - ok
02:23:03.0015 0996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:23:03.0015 0996 aspnet_state - ok
02:23:03.0109 0996 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:23:03.0109 0996 AsyncMac - ok
02:23:03.0187 0996 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:23:03.0187 0996 atapi - ok
02:23:03.0250 0996 Atdisk - ok
02:23:03.0328 0996 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:23:03.0328 0996 Atmarpc - ok
02:23:03.0406 0996 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
02:23:03.0421 0996 AudioSrv - ok
02:23:03.0484 0996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:23:03.0484 0996 audstub - ok
02:23:03.0625 0996 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
02:23:03.0625 0996 avg9wd - ok
02:23:03.0718 0996 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
02:23:03.0718 0996 AvgLdx86 - ok
02:23:03.0796 0996 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
02:23:03.0796 0996 AvgMfx86 - ok
02:23:03.0921 0996 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
02:23:03.0921 0996 AvgTdiX - ok
02:23:04.0031 0996 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
02:23:04.0031 0996 bbcap - ok
02:23:04.0093 0996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:23:04.0093 0996 Beep - ok
02:23:04.0203 0996 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
02:23:04.0218 0996 BITS - ok
02:23:04.0375 0996 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:23:04.0390 0996 Bonjour Service - ok
02:23:04.0421 0996 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
02:23:04.0437 0996 Browser - ok
02:23:04.0484 0996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:23:04.0484 0996 cbidf2k - ok
02:23:04.0531 0996 cd20xrnt - ok
02:23:04.0609 0996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:23:04.0609 0996 Cdaudio - ok
02:23:04.0687 0996 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:23:04.0687 0996 Cdfs - ok
02:23:04.0734 0996 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:23:04.0734 0996 Cdrom - ok
02:23:04.0781 0996 Changer - ok
02:23:04.0859 0996 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\System32\cisvc.exe
02:23:04.0859 0996 cisvc - ok
02:23:04.0921 0996 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
02:23:04.0921 0996 ClipSrv - ok
02:23:05.0031 0996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:23:05.0031 0996 clr_optimization_v2.0.50727_32 - ok
02:23:05.0093 0996 CmdIde - ok
02:23:05.0234 0996 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
02:23:05.0265 0996 cmuda - ok
02:23:05.0312 0996 COMSysApp - ok
02:23:05.0421 0996 Cpqarray - ok
02:23:05.0531 0996 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
02:23:05.0531 0996 CryptSvc - ok
02:23:05.0593 0996 dac2w2k - ok
02:23:05.0656 0996 dac960nt - ok
02:23:05.0734 0996 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
02:23:05.0734 0996 DcomLaunch - ok
02:23:05.0859 0996 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
02:23:05.0859 0996 dg_ssudbus - ok
02:23:05.0953 0996 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
02:23:05.0953 0996 Dhcp - ok
02:23:06.0031 0996 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:23:06.0031 0996 Disk - ok
02:23:06.0078 0996 dmadmin - ok
02:23:06.0187 0996 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:23:06.0187 0996 dmboot - ok
02:23:06.0281 0996 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:23:06.0296 0996 dmio - ok
02:23:06.0359 0996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:23:06.0359 0996 dmload - ok
02:23:06.0437 0996 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
02:23:06.0437 0996 dmserver - ok
02:23:06.0515 0996 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:23:06.0515 0996 DMusic - ok
02:23:06.0578 0996 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
02:23:06.0578 0996 Dnscache - ok
02:23:06.0640 0996 dpti2o - ok
02:23:06.0687 0996 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:23:06.0687 0996 drmkaud - ok
02:23:06.0750 0996 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
02:23:06.0750 0996 ERSvc - ok
02:23:06.0828 0996 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
02:23:06.0828 0996 Eventlog - ok
02:23:06.0875 0996 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
02:23:06.0875 0996 EventSystem - ok
02:23:06.0953 0996 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:23:06.0968 0996 Fastfat - ok
02:23:07.0046 0996 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:23:07.0046 0996 FastUserSwitchingCompatibility - ok
02:23:07.0140 0996 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:23:07.0140 0996 Fdc - ok
02:23:07.0187 0996 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
02:23:07.0187 0996 FETNDIS - ok
02:23:07.0250 0996 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:23:07.0250 0996 Fips - ok
02:23:07.0296 0996 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:23:07.0296 0996 Flpydisk - ok
02:23:07.0359 0996 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
02:23:07.0359 0996 FltMgr - ok
02:23:07.0484 0996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:23:07.0484 0996 FontCache3.0.0.0 - ok
02:23:07.0531 0996 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:23:07.0546 0996 fssfltr - ok
02:23:07.0734 0996 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:23:07.0734 0996 fsssvc - ok
02:23:07.0796 0996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:23:07.0796 0996 Fs_Rec - ok
02:23:07.0875 0996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:23:07.0875 0996 Ftdisk - ok
02:23:07.0968 0996 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:23:07.0968 0996 gameenum - ok
02:23:08.0046 0996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:23:08.0046 0996 GEARAspiWDM - ok
02:23:08.0093 0996 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:23:08.0093 0996 Gpc - ok
02:23:08.0234 0996 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:23:08.0234 0996 gupdate - ok
02:23:08.0296 0996 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:23:08.0296 0996 gupdatem - ok
02:23:08.0390 0996 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:23:08.0390 0996 helpsvc - ok
02:23:08.0468 0996 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
02:23:08.0468 0996 HidServ - ok
02:23:08.0515 0996 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:23:08.0515 0996 HidUsb - ok
02:23:08.0562 0996 hpn - ok
02:23:08.0656 0996 hpt3xx - ok
02:23:08.0750 0996 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
02:23:08.0750 0996 HTTP - ok
02:23:08.0843 0996 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
02:23:08.0843 0996 HTTPFilter - ok
02:23:08.0906 0996 i2omgmt - ok
02:23:09.0000 0996 i2omp - ok
02:23:09.0062 0996 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:23:09.0062 0996 i8042prt - ok
02:23:09.0296 0996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:23:09.0312 0996 idsvc - ok
02:23:09.0375 0996 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:23:09.0375 0996 Imapi - ok
02:23:09.0468 0996 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
02:23:09.0468 0996 ImapiService - ok
02:23:09.0546 0996 ini910u - ok
02:23:09.0656 0996 IntelIde - ok
02:23:09.0718 0996 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:23:09.0718 0996 ip6fw - ok
02:23:09.0796 0996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:23:09.0796 0996 IpFilterDriver - ok
02:23:09.0843 0996 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:23:09.0843 0996 IpInIp - ok
02:23:09.0906 0996 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:23:09.0906 0996 IpNat - ok
02:23:10.0015 0996 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
02:23:10.0031 0996 iPod Service - ok
02:23:10.0078 0996 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:23:10.0078 0996 IPSec - ok
02:23:10.0125 0996 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:23:10.0125 0996 IRENUM - ok
02:23:10.0203 0996 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:23:10.0203 0996 isapnp - ok
02:23:10.0312 0996 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
02:23:10.0312 0996 JavaQuickStarterService - ok
02:23:10.0406 0996 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:23:10.0406 0996 Kbdclass - ok
02:23:10.0453 0996 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
02:23:10.0453 0996 kmixer - ok
02:23:10.0500 0996 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
02:23:10.0515 0996 KSecDD - ok
02:23:10.0578 0996 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
02:23:10.0578 0996 lanmanserver - ok
02:23:10.0640 0996 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
02:23:10.0656 0996 lanmanworkstation - ok
02:23:10.0718 0996 lbrtfdc - ok
02:23:10.0859 0996 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
02:23:10.0859 0996 LmHosts - ok
02:23:10.0968 0996 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
02:23:10.0968 0996 Messenger - ok
02:23:11.0031 0996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:23:11.0031 0996 mnmdd - ok
02:23:11.0109 0996 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
02:23:11.0109 0996 mnmsrvc - ok
02:23:11.0171 0996 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:23:11.0171 0996 Modem - ok
02:23:11.0234 0996 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:23:11.0234 0996 Mouclass - ok
02:23:11.0265 0996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:23:11.0265 0996 mouhid - ok
02:23:11.0328 0996 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:23:11.0343 0996 MountMgr - ok
02:23:11.0390 0996 mraid35x - ok
02:23:11.0421 0996 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:23:11.0421 0996 MRxDAV - ok
02:23:11.0515 0996 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:23:11.0531 0996 MRxSmb - ok
02:23:11.0609 0996 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
02:23:11.0609 0996 MSDTC - ok
02:23:11.0734 0996 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:23:11.0734 0996 Msfs - ok
02:23:11.0796 0996 MSIServer - ok
02:23:11.0859 0996 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:23:11.0859 0996 MSKSSRV - ok
02:23:11.0953 0996 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:23:11.0953 0996 MSPCLOCK - ok
02:23:12.0015 0996 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:23:12.0015 0996 MSPQM - ok
02:23:12.0078 0996 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:23:12.0078 0996 mssmbios - ok
02:23:12.0156 0996 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:23:12.0156 0996 Mup - ok
02:23:12.0250 0996 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:23:12.0250 0996 NDIS - ok
02:23:12.0328 0996 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:23:12.0328 0996 NdisTapi - ok
02:23:12.0390 0996 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:23:12.0390 0996 Ndisuio - ok
02:23:12.0468 0996 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:23:12.0468 0996 NdisWan - ok
02:23:12.0562 0996 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:23:12.0562 0996 NDProxy - ok
02:23:12.0625 0996 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:23:12.0625 0996 NetBIOS - ok
02:23:12.0703 0996 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:23:12.0703 0996 NetBT - ok
02:23:12.0781 0996 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:23:12.0781 0996 NetDDE - ok
02:23:12.0828 0996 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:23:12.0828 0996 NetDDEdsdm - ok
02:23:12.0921 0996 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:23:12.0921 0996 Netlogon - ok
02:23:13.0015 0996 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
02:23:13.0015 0996 Netman - ok
02:23:13.0218 0996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:23:13.0218 0996 NetTcpPortSharing - ok
02:23:13.0328 0996 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
02:23:13.0343 0996 Nla - ok
02:23:13.0437 0996 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:23:13.0437 0996 Npfs - ok
02:23:13.0500 0996 npggsvc - ok
02:23:13.0578 0996 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
02:23:13.0578 0996 NPPTNT2 - ok
02:23:13.0687 0996 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
02:23:13.0687 0996 Ntfs - ok
02:23:13.0750 0996 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:23:13.0765 0996 NtLmSsp - ok
02:23:13.0875 0996 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
02:23:13.0875 0996 NtmsSvc - ok
02:23:13.0968 0996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:23:13.0968 0996 Null - ok
02:23:14.0187 0996 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:23:14.0265 0996 nv - ok
02:23:14.0359 0996 NVSvc (60d62603950220b51df57e461a601659) C:\WINDOWS\system32\nvsvc32.exe
02:23:14.0375 0996 NVSvc - ok
02:23:14.0453 0996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:23:14.0453 0996 NwlnkFlt - ok
02:23:14.0531 0996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:23:14.0531 0996 NwlnkFwd - ok
02:23:14.0593 0996 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:23:14.0593 0996 Parport - ok
02:23:14.0640 0996 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:23:14.0671 0996 PartMgr - ok
02:23:14.0765 0996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:23:14.0765 0996 ParVdm - ok
02:23:14.0828 0996 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:23:14.0828 0996 PCI - ok
02:23:14.0890 0996 PCIDump - ok
02:23:14.0953 0996 PCIIde - ok
02:23:15.0046 0996 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:23:15.0046 0996 Pcmcia - ok
02:23:15.0156 0996 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
02:23:15.0156 0996 pcouffin - ok
02:23:15.0218 0996 PDCOMP - ok
02:23:15.0296 0996 PDFRAME - ok
02:23:15.0359 0996 PDRELI - ok
02:23:15.0421 0996 PDRFRAME - ok
02:23:15.0484 0996 perc2 - ok
02:23:15.0546 0996 perc2hib - ok
02:23:15.0750 0996 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
02:23:15.0765 0996 PlugPlay - ok
02:23:15.0843 0996 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:23:15.0843 0996 PolicyAgent - ok
02:23:15.0906 0996 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:23:15.0906 0996 PptpMiniport - ok
02:23:15.0984 0996 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
02:23:15.0984 0996 Processor - ok
02:23:16.0062 0996 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:23:16.0062 0996 ProtectedStorage - ok
02:23:16.0125 0996 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:23:16.0140 0996 PSched - ok
02:23:16.0203 0996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:23:16.0218 0996 Ptilink - ok
02:23:16.0281 0996 ql1080 - ok
02:23:16.0328 0996 Ql10wnt - ok
02:23:16.0406 0996 ql12160 - ok
02:23:16.0484 0996 ql1240 - ok
02:23:16.0546 0996 ql1280 - ok
02:23:16.0609 0996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:23:16.0609 0996 RasAcd - ok
02:23:16.0718 0996 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
02:23:16.0718 0996 RasAuto - ok
02:23:16.0781 0996 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:23:16.0781 0996 Rasl2tp - ok
02:23:16.0890 0996 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
02:23:16.0890 0996 RasMan - ok
02:23:16.0984 0996 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:23:16.0984 0996 RasPppoe - ok
02:23:17.0046 0996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:23:17.0046 0996 Raspti - ok
02:23:17.0125 0996 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:23:17.0125 0996 Rdbss - ok
02:23:17.0187 0996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:23:17.0187 0996 RDPCDD - ok
02:23:17.0312 0996 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:23:17.0312 0996 rdpdr - ok
02:23:17.0406 0996 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
02:23:17.0406 0996 RDPWD - ok
02:23:17.0515 0996 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
02:23:17.0531 0996 RDSessMgr - ok
02:23:17.0578 0996 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:23:17.0578 0996 redbook - ok
02:23:17.0671 0996 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
02:23:17.0671 0996 RemoteAccess - ok
02:23:17.0765 0996 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
02:23:17.0781 0996 RemoteRegistry - ok
02:23:17.0906 0996 RoxioNow Service (f7e69a05751b24360bf2a17e9ef001b1) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
02:23:17.0921 0996 RoxioNow Service - ok
02:23:18.0000 0996 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
02:23:18.0015 0996 RpcLocator - ok
02:23:18.0109 0996 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
02:23:18.0109 0996 RpcSs - ok
02:23:18.0203 0996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
02:23:18.0203 0996 RSVP - ok
02:23:18.0281 0996 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:23:18.0281 0996 SamSs - ok
02:23:18.0375 0996 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
02:23:18.0375 0996 SCardSvr - ok
02:23:18.0468 0996 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
02:23:18.0468 0996 Schedule - ok
02:23:18.0625 0996 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:23:18.0625 0996 SeaPort - ok
02:23:18.0718 0996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:23:18.0718 0996 Secdrv - ok
02:23:18.0796 0996 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
02:23:18.0796 0996 seclogon - ok
02:23:18.0859 0996 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
02:23:18.0859 0996 SENS - ok
02:23:18.0937 0996 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:23:18.0937 0996 serenum - ok
02:23:19.0015 0996 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:23:19.0015 0996 Serial - ok
02:23:19.0140 0996 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:23:19.0140 0996 Sfloppy - ok
02:23:19.0203 0996 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
02:23:19.0218 0996 SharedAccess - ok
02:23:19.0296 0996 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:23:19.0296 0996 ShellHWDetection - ok
02:23:19.0359 0996 Simbad - ok
02:23:19.0468 0996 Sparrow - ok
02:23:19.0546 0996 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
02:23:19.0546 0996 splitter - ok
02:23:19.0640 0996 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
02:23:19.0640 0996 Spooler - ok
02:23:19.0734 0996 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:23:19.0734 0996 sr - ok
02:23:19.0843 0996 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
02:23:19.0843 0996 srservice - ok
02:23:19.0921 0996 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
02:23:19.0937 0996 Srv - ok
02:23:20.0031 0996 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
02:23:20.0031 0996 SSDPSRV - ok
02:23:20.0125 0996 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
02:23:20.0140 0996 stisvc - ok
02:23:20.0171 0996 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:23:20.0171 0996 swenum - ok
02:23:20.0265 0996 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:23:20.0265 0996 swmidi - ok
02:23:20.0312 0996 SwPrv - ok
02:23:20.0421 0996 symc810 - ok
02:23:20.0484 0996 symc8xx - ok
02:23:20.0562 0996 sym_hi - ok
02:23:20.0609 0996 sym_u3 - ok
02:23:20.0703 0996 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:23:20.0703 0996 sysaudio - ok
02:23:20.0781 0996 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
02:23:20.0781 0996 SysmonLog - ok
02:23:20.0906 0996 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
02:23:20.0906 0996 TapiSrv - ok
02:23:21.0000 0996 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:23:21.0000 0996 Tcpip - ok
02:23:21.0093 0996 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:23:21.0093 0996 TDPIPE - ok
02:23:21.0156 0996 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:23:21.0156 0996 TDTCP - ok
02:23:21.0234 0996 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:23:21.0234 0996 TermDD - ok
02:23:21.0328 0996 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
02:23:21.0359 0996 TermService - ok
02:23:21.0453 0996 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
02:23:21.0453 0996 Themes - ok
02:23:21.0562 0996 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
02:23:21.0562 0996 TlntSvr - ok
02:23:21.0640 0996 TosIde - ok
02:23:21.0718 0996 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
02:23:21.0734 0996 TrkWks - ok
02:23:21.0828 0996 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
02:23:21.0828 0996 uagp35 - ok
02:23:21.0921 0996 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:23:21.0921 0996 Udfs - ok
02:23:21.0984 0996 ultra - ok
02:23:22.0046 0996 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:23:22.0062 0996 Update - ok
02:23:22.0125 0996 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
02:23:22.0140 0996 upnphost - ok
02:23:22.0234 0996 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
02:23:22.0234 0996 UPS - ok
02:23:22.0328 0996 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:23:22.0328 0996 USBAAPL - ok
02:23:22.0437 0996 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:23:22.0437 0996 usbccgp - ok
02:23:22.0515 0996 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:23:22.0515 0996 usbehci - ok
02:23:22.0578 0996 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:23:22.0578 0996 usbhub - ok
02:23:22.0656 0996 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:23:22.0656 0996 usbscan - ok
02:23:22.0750 0996 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:23:22.0750 0996 USBSTOR - ok
02:23:22.0812 0996 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:23:22.0812 0996 usbuhci - ok
02:23:22.0921 0996 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:23:22.0921 0996 VgaSave - ok
02:23:23.0000 0996 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
02:23:23.0000 0996 ViaIde - ok
02:23:23.0046 0996 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:23:23.0046 0996 VolSnap - ok
02:23:23.0125 0996 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
02:23:23.0140 0996 VSS - ok
02:23:23.0187 0996 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
02:23:23.0187 0996 W32Time - ok
02:23:23.0265 0996 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:23:23.0265 0996 Wanarp - ok
02:23:23.0343 0996 WDICA - ok
02:23:23.0406 0996 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
02:23:23.0406 0996 wdmaud - ok
02:23:23.0500 0996 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
02:23:23.0500 0996 WebClient - ok
02:23:23.0671 0996 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:23:23.0671 0996 winmgmt - ok
02:23:23.0859 0996 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
02:23:23.0875 0996 WmdmPmSN - ok
02:23:23.0984 0996 Wmi (1081c185aed0660b2b5f173c3e023b23) C:\WINDOWS\System32\advapi32.dll
02:23:23.0984 0996 Wmi - ok
02:23:24.0093 0996 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:23:24.0093 0996 WmiApSrv - ok
02:23:24.0218 0996 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:23:24.0234 0996 WMPNetworkSvc - ok
02:23:24.0328 0996 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:23:24.0328 0996 WpdUsb - ok
02:23:24.0390 0996 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
02:23:24.0406 0996 wscsvc - ok
02:23:24.0453 0996 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
02:23:24.0453 0996 wuauserv - ok
02:23:24.0515 0996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:23:24.0515 0996 WudfPf - ok
02:23:24.0578 0996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:23:24.0578 0996 WudfRd - ok
02:23:24.0625 0996 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:23:24.0625 0996 WudfSvc - ok
02:23:24.0718 0996 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
02:23:24.0734 0996 WZCSVC - ok
02:23:24.0796 0996 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
02:23:24.0812 0996 xmlprov - ok
02:23:24.0890 0996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:23:25.0078 0996 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:23:25.0078 0996 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:23:25.0140 0996 Boot (0x1200) (2cfb822adc883ab1332f27e73d1f437f) \Device\Harddisk0\DR0\Partition0
02:23:25.0156 0996 \Device\Harddisk0\DR0\Partition0 - ok
02:23:25.0171 0996 ============================================================
02:23:25.0171 0996 Scan finished
02:23:25.0171 0996 ============================================================
02:23:25.0250 0624 Detected object count: 1
02:23:25.0250 0624 Actual detected object count: 1
02:24:01.0203 0624 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
02:24:01.0218 0624 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
02:24:01.0218 0624 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
02:24:01.0234 0624 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
02:24:01.0234 0624 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
02:24:01.0234 0624 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
02:24:01.0234 0624 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
02:24:01.0359 0624 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
02:24:01.0359 0624 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
02:24:01.0390 0624 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
02:24:01.0390 0624 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
02:24:01.0390 0624 \Device\Harddisk0\DR0\TDLFS - deleted
02:24:01.0390 0624 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

I can't thank you enough for helping me out through this. It is a long process.
-Dawn

#18 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 27 March 2012 - 12:14 AM

:thumbup2:

Please close all windows and browsers
•XP: Double-click RogueKiller to run it

•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please copy/paste the new RKreport.txt (Mode: Scan), and provide it in your reply.


Also, please provide an update as to how the computer is doing. :busy:

Old duck...


#19 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 March 2012 - 01:24 AM

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Dawn [Admin rights]
Mode: Scan -- Date: 03/27/2012 02:21:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6Y080P0 +++++
--- User ---
[MBR] d9d7314065b6f4cbd1280aa02ca2fdbe
[BSP] 2de82c202d5e8a2d8b91600c8f20d280 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 642600 | Size: 77846 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt


There is still some lag and the occasional window in IE opens ( I don't use IE, I have firefox). Much better now but still not...right.
I really appreciate all this help :-)

Edit - I forgot to add that sometimes when I click a link it takes me to a different page still. Never used to do that until this virus. It just happened a minute ago, that's why I remembered.

Edited by dawnmomoffour, 27 March 2012 - 01:26 AM.


#20 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 27 March 2012 - 09:52 PM

Lets follow up with the following...

Download an updated version of ComboFix

Save ComboFix.exe to the Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Note: For information on how to disable protective programs, refer to this link

If you have AVG AntiVirus installed, please stop, and post back. The situation is different.

If not, run ComboFix by double-clicking on the program.

For XP only, when given the option, DO install the Recovery Console .
This program allows for repair options that are not available in certain problem situations.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.


Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Old duck...


#21 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 28 March 2012 - 12:55 AM

Before I do anything (I did already download the combofix) I am posting to tell you I have AVG AntiVirus. What do I do?
Thanks
-Dawn

#22 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 28 March 2012 - 11:56 PM

ComboFix may not run properly until AVG is uninstalled, as a protective measure against the AntiVirus.

This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat, and may remove these files. This results in the tool not working correctly, and, in turn, can cause damaging or "unpredictable results".

AVG can be reinstalled later, though, after malware removal is done.

For now, please uninstall AVG via Add/Remove Programs (XP) in your Control Panel. When done, reboot.

Then, run ComboFix by double-clicking on the program.

If ComboFix still detects AVG after uninstalling and rebooting, try removing its remnants with AVG Remover

Run it to remove all leftovers from AVG.
After this, please restart your computer.

Run ComboFix again.

If ComboFix still detects AVG, stop and post back before pressing on.

If not...press on with the instructions.

Old duck...


#23 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 March 2012 - 12:58 AM

Removed AVG and rebooted.
Ran ComboFix. Here is the log that popped up when it was done:
ComboFix 12-03-27.03 - Dawn 03/29/2012 1:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.535 [GMT -4:00]
Running from: c:\documents and settings\Dawn\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~1w36Jz3MnNa2Hn
c:\documents and settings\All Users\Application Data\~1w36Jz3MnNa2Hnr
c:\documents and settings\All Users\Application Data\1w36Jz3MnNa2Hn
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\A73EAFFB.TMP
c:\documents and settings\Dawn\Favorites\Thumbs.db
c:\documents and settings\Dawn\My Documents\~WRL0001.tmp
c:\documents and settings\Dawn\My Documents\~WRL0003.tmp
c:\documents and settings\Dawn\My Documents\~WRL0004.tmp
c:\documents and settings\Dawn\WINDOWS
c:\documents and settings\LocalService\Application Data\alot
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\LocalService\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\LocalService\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\LocalService\Application Data\alot\products\products.xml
c:\documents and settings\LocalService\Application Data\alot\products\products.xml.backup
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\LocalService\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\LocalService\Application Data\alot\Updater\Updater.xml
c:\documents and settings\LocalService\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Owner\Favorites\Thumbs.db
c:\program files\185775-timdem.exe
c:\program files\avg_free_stf_en_8_138a1332.exe
c:\program files\igames2020setup.exe
c:\program files\LastChaos_Install_20091121_csd.exe
c:\program files\LcInstallUSA_80708_dna.exe
c:\program files\TotalRecipeSearch_14EI
c:\program files\TotalRecipeSearch_14EI\Installr\2.bin\14EIPlug.dll
c:\program files\windowsxp-kb936929-sp3-x86-enu.exe
c:\program files\WolfTeam_IS_20080918_Ver262.exe
c:\program files\WoW-2.4.3.8568-to-3.0.2.8916-enUS-downloader.exe
c:\program files\X12-30247.exe
c:\windows\offitems.log
c:\windows\system32\SET188C.tmp
c:\windows\system32\SET188E.tmp
c:\windows\system32\SET1892.tmp
c:\windows\system32\SET189A.tmp
c:\windows\system32\SET18D7.tmp
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-27 00:26 . 2012-03-27 00:26 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\WinZip
2012-03-27 00:26 . 2012-03-27 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2012-03-24 21:09 . 2012-03-26 06:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 02:51 . 2012-03-16 01:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar
2012-03-06 03:00 . 2012-03-06 03:00 -------- d-----w- c:\program files\iPod
2012-03-06 03:00 . 2012-03-06 03:02 -------- d-----w- c:\program files\iTunes
2012-03-06 02:57 . 2012-03-06 02:57 -------- d-----w- c:\program files\Apple Software Update
2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:\program files\Bonjour
2012-03-04 01:07 . 2012-03-04 01:07 -------- d-----w- c:\program files\Calibre2
2012-03-04 00:19 . 2012-03-04 00:19 -------- d-----w- c:\documents and settings\Dawn\Application Data\BabylonToolbar
2012-03-02 18:59 . 2012-03-02 18:59 -------- d-----w- c:\program files\BabylonToolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 21:13 . 2011-05-23 12:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 20:40 . 2012-02-16 20:40 54703432 ----a-w- c:\program files\winzip160.exe
2012-02-01 21:46 . 2012-02-01 21:46 45383984 ----a-w- c:\program files\calibre-0.8.37.msi
2012-01-26 00:12 . 2012-01-26 00:12 10606592 ----a-w- c:\program files\creator.msi
2012-01-24 03:42 . 2012-01-24 03:39 112767312 ----a-w- c:\program files\DrawPlusStarterEdition.exe
2011-11-29 21:25 . 2011-11-29 21:25 6055875 ----a-w- c:\program files\SetupImgBurn_2.5.6.0.exe
2011-11-26 16:40 . 2011-11-26 16:40 42059920 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2011-11-25 21:42 . 2011-11-25 21:42 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe
2011-11-25 21:21 . 2011-11-25 21:21 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2011-11-25 21:20 . 2011-11-25 21:20 1528184 ----a-w- c:\program files\GenuineCheck.exe
2011-11-25 21:10 . 2011-11-25 21:10 12951423 ----a-w- c:\program files\dvdflick_setup_1.3.0.7.exe
2011-11-07 03:52 . 2011-11-07 03:52 4997298 ----a-w- c:\program files\wordzap7setup.exe
2011-11-07 03:50 . 2011-11-07 03:50 4131403 ----a-w- c:\program files\wzapload.exe
2011-08-20 01:26 . 2011-08-20 01:26 290512 ----a-w- c:\program files\syschecker.exe
2011-08-15 02:25 . 2011-08-15 02:25 641912 ----a-w- c:\program files\utorrent.exe
2011-07-28 02:59 . 2011-07-28 02:59 429736 ----a-w- c:\program files\Roblox.exe
2011-07-25 03:37 . 2011-07-25 03:37 906768 ----a-w- c:\program files\PokerStarsInstallPM.exe
2011-07-18 21:38 . 2011-07-18 21:38 9457991 ----a-w- c:\program files\MCEdit-stable15-win32-setup.exe
2011-06-14 12:06 . 2011-06-14 12:06 3080864 ----a-w- c:\program files\install_flash_player.exe
2011-05-17 00:20 . 2011-05-17 00:20 10744816 ----a-w- c:\program files\bbfbex2.exe
2011-05-06 04:01 . 2011-05-06 04:01 16212232 ----a-w- c:\program files\Dropbox 1.1.31.exe
2011-01-18 17:56 . 2011-01-18 17:56 9602456 ----a-w- c:\program files\ps2pdf995.exe
2011-01-18 17:56 . 2011-01-18 17:56 2684312 ----a-w- c:\program files\pdf995s.exe
2011-01-18 17:55 . 2011-01-18 17:55 1344920 ----a-w- c:\program files\pdfedit.exe
2011-01-12 09:13 . 2011-01-12 09:12 39359488 ----a-w- c:\program files\calibre-0.7.38.msi
2011-01-10 03:47 . 2011-01-10 03:47 12850600 ----a-w- c:\program files\KindleForPC-installer.exe
2010-12-21 15:54 . 2010-12-21 15:54 884000 ----a-w- c:\program files\jxpiinstall.exe
2010-12-21 05:59 . 2010-12-21 05:59 232501 ----a-w- c:\program files\Minecraft.exe
2010-11-25 02:57 . 2010-11-25 02:57 1004072 ----a-w- c:\program files\KeyFinderInstaller.exe
2010-11-21 00:06 . 2010-11-21 00:05 34452784 ----a-w- c:\program files\QuickTimeInstaller.exe
2010-10-22 04:17 . 2010-10-22 04:17 1247056 ----a-w- c:\program files\wlsetup-web.exe
2010-10-18 00:02 . 2010-10-18 00:02 568832 ----a-w- c:\program files\googleupdatesetup.exe
2010-10-17 23:49 . 2010-10-17 23:50 568664 ----a-w- c:\program files\GoogleEarthPluginSetup.exe
2010-10-13 02:47 . 2010-10-13 02:46 31833208 ----a-w- c:\program files\WoW-4.0.0-WOW-enUS-Installer.exe
2010-09-21 18:33 . 2010-09-21 18:32 19841702 ----a-w- c:\program files\FullTiltPokerNetSetup.exe
2010-09-16 18:53 . 2010-09-16 18:52 21033309 ----a-w- c:\program files\FullTiltSetup.exe
2010-05-26 07:51 . 2010-05-26 07:51 8354440 ----a-w- c:\program files\Firefox Setup 3.6.3.exe
2010-05-20 18:01 . 2010-05-20 18:01 2131808 ----a-w- c:\program files\avg_free_stb_all_9_114_cnet.exe
2010-04-04 15:06 . 2010-04-04 15:06 10396046 ----a-w- c:\program files\Civ3v129f.exe
2010-03-29 20:23 . 2010-03-29 20:23 47768 ----a-w- c:\program files\InstallSmashMashApplication.exe
2010-03-25 03:46 . 2010-03-25 03:46 430775 ----a-w- c:\program files\InstantEyedropper.exe
2010-01-25 09:24 . 2010-01-25 09:24 51038360 ----a-w- c:\program files\natura.exe
2010-01-02 03:09 . 2010-01-02 03:09 2594072 ----a-w- c:\program files\cc95.exe
2009-12-31 22:32 . 2009-12-31 22:32 30444200 ----a-w- c:\program files\Word_Riot_Deluxe-setup.exe
2009-12-30 06:32 . 2009-12-30 06:32 54788591 ----a-w- c:\program files\StanzaSetup.exe
2009-11-09 11:22 . 2009-11-09 11:22 157484384 ----a-w- c:\program files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
2009-10-27 11:18 . 2009-10-27 11:18 4045528 ----a-w- c:\program files\mbam-setup.exe
2008-12-06 19:51 . 2008-12-06 19:51 823231671 ----a-w- c:\program files\12SkySetup.exe
2008-07-22 00:24 . 2008-07-22 00:24 2869536 ----a-w- c:\program files\spywareblastersetup41.exe
1997-10-20 17:27 . 1997-10-20 17:27 278016 ----a-r- c:\program files\PHMAKER3.DS
1997-10-18 23:53 . 1997-10-18 23:53 163328 ----a-r- c:\program files\PHMAKER3.UI
1997-07-28 15:59 . 1997-07-28 15:59 176640 ----a-r- c:\program files\OEM.DLL
1995-09-12 15:03 . 2010-01-26 22:28 450560 ----a-w- c:\program files\TIMDEMO.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-18 7630848]
"nwiz"="nwiz.exe" [2006-09-18 1519616]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-18 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMgAzADkAMAAxADkAMAAwADUALQBUADUALQBVADgANQArADEALQBCAEEAKwAxAC0AWABMACsAMQAtAEYAUAA5ADIAKwA0AC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\ConduitEngine" [X]
.
c:\documents and settings\Dawn\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
PowerReg Scheduler.exe [2010-8-28 256000]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 06:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=
"c:\\Documents and Settings\\Dawn\\Igames 2020\\client\\ig2020client.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56152:TCP"= 56152:TCP:Pando Media Booster
"56152:UDP"= 56152:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
.
R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/4/2011 9:00 PM 400368]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [5/16/2011 8:22 PM 4096]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/28/2011 10:23 AM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/17/2010 7:50 PM 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/18/2011 3:43 AM 78136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/17/2010 7:50 PM 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 23:50]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6c9750bc000000000000000b6a1ffc8e
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
Trusted Zone: cinemanow.com
Trusted Zone: cineplex.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Dawn\Application Data\Mozilla\Firefox\Profiles\f3bihcd9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.id - 6c9750bc000000000000000b6a1ffc8e
FF - user.js: extensions.BabylonToolbar_i.hardId - 6c9750bc000000000000000b6a1ffc8e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15401
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
AddRemove-Cube - c:\program files\Cube\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 01:50
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2012-03-29 01:52:53
ComboFix-quarantined-files.txt 2012-03-29 05:52
.
Pre-Run: 12,027,912,192 bytes free
Post-Run: 14,596,673,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 53B2C48B33853B2A1E09B138FFF7952F

Thanks again!
-Dawn

#24 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 29 March 2012 - 08:25 PM

Let's press on and run the ESET Online Scanner:

Please disable your AntiVirus program and any AntiSpyware programs while performing the scan.
It precludes conflicts, and will speed up scan time.

For information on how to disable protective programs, refer to this link:
http://www.bleepingcomputer.com/forums/topic114351.html

You will need to use Internet Explorer for this scan, since the scanner is implemented as an ActiveX control.
However, compatibility with other browsers (Firefox, Opera, Netscape, etc.) was added if you agree to the installation
of the ESET Smart Installer, an application which will install and launch ESET Online Scanner in a new browser window.

Download ESET Online Scanner

Press the ESET Online Scanner download button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked.
  • Click Scan
  • Wait for the scan to finish
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.

Old duck...


#25 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 March 2012 - 06:06 AM

I didn't have to disable my AVG as I have removed it as per one of the other steps, should I reinstall it now?
Here is the contents of the ESET Scan file:
C:\Documents and Settings\Dawn\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Dawn\My Documents\Downloads\SoftonicDownloader_for_minecraft.exe a variant of Win32/SoftonicDownloader.A application
C:\FOUND.007\FILE0000.CHK HTML/Iframe.B.Gen virus
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\2.bin\14EIPlug.dll.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP402\A0024780.exe a variant of Win32/ExpressFiles application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025112.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025113.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025114.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025115.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025117.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP407\A0025169.exe Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP408\A0025190.exe Win32/Adware.MediaFinder.B application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP424\A0030040.exe Win32/Adware.HDDRescue.AB application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036112.dll Win32/Toolbar.MyWebSearch application
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0004.dta probably a variant of Win32/Agent.FJFPNNI trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AIB trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0004.dta probably a variant of Win32/Agent.FJFPNNI trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0006.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0007.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AIB trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S748B80K\channel-reward-central_com[1].htm HTML/ScrInject.B.Gen virus
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X86EVA7T\channel-reward-central_com[1].htm HTML/ScrInject.B.Gen virus
Operating memory Win32/Toolbar.Babylon application

Many thanks for your ongoing help.
-Dawn

#26 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 30 March 2012 - 02:44 PM

The entries on the ESET report are, for the most part, contained in:
C:\Qoobox\Quarantine
C:\System Volume Information\_restore
C:\TDSSKiller_Quarantine
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files

We will take care of those when we wrap up.

The remainder of the entries we will have ESET remove, or, we will use an program uninstall to take care of them.

Let's start with the following:
Please uninstall the Babylon Toolbar. It is considered Adware.
Normally, it gets installed by other software, and installs itself to the system, Internet Explorer, Firefox and Google Chrome.


To uninstall:

Right-click the Babylon icon on the TaskBar (lower right of your screen next to the system clock) and click: Exit
To confirm, click: Yes

Next, click: Start, type appwiz.cpl in the Search field, and press: Enter
This brings you to the Contro Panel programs window displaying programs installed on the computer.
Scroll through the list and click: Babylon Toolbar
Click: Uninstall
To confirm the uninstall process, click: Yes

Next, click Start, select Computer, and open the Local Disk C: drive.
Open the Programs Files folder
Right-click the Babylon folder it and click: Delete
To confirm your choice, click: Yes
Empty the Recycle Bin.


Now, let's clean out Temporary Files...

Download CCleaner

Double-click the downloaded file to run the program
Run the setup wizard.
If given you the option to install Yahoo toolbar, uncheck the box next to it!

At the CCleaner console...
Select the Windows tab
Leave the checked items under Internet Explorer and Windows explorer as they are.
Under System, only check Empty Recycle Bin and Temporary Files.
Select the Application tab
Leave the checked items as they are.

Click: Run Cleaner

Agree to remove the files.
When done, close CCleaner.

Restart the computer.

Run ESET once again.
•Make sure that the option Remove found threats is unticked.

Please provide the contents of the new ESET Scan in your reply.

Also, please provide feedback as to how the computer is running.
If you are still having malware problems, please specify what they are.

Old duck...


#27 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 March 2012 - 05:30 PM

I uninstalled the toolbar (Babylon) which I didn't even realize was there as I no longer (only kids ever did) use IE.
Ran CC and followed instructions you left.
Rebooted.
Ran ESET. Here is the log:
C:\Documents and Settings\Dawn\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Dawn\My Documents\Downloads\SoftonicDownloader_for_minecraft.exe a variant of Win32/SoftonicDownloader.A application
C:\FOUND.007\FILE0000.CHK HTML/Iframe.B.Gen virus
C:\Qoobox\Quarantine\C\Program Files\TotalRecipeSearch_14EI\Installr\2.bin\14EIPlug.dll.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP402\A0024780.exe a variant of Win32/ExpressFiles application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025112.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025113.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025114.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025115.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP405\A0025117.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP407\A0025169.exe Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP408\A0025190.exe Win32/Adware.MediaFinder.B application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP424\A0030040.exe Win32/Adware.HDDRescue.AB application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036112.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036188.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036189.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036190.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036191.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{72D7EFA2-B4DF-4F87-9D6F-42FB95A66B60}\RP436\A0036193.exe probably a variant of Win32/Toolbar.Babylon application
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0004.dta probably a variant of Win32/Agent.FJFPNNI trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan
C:\TDSSKiller_Quarantine\24.03.2012_17.08.17\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AIB trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0004.dta probably a variant of Win32/Agent.FJFPNNI trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0006.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0007.dta Win64/Olmarik.D trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan
C:\TDSSKiller_Quarantine\26.03.2012_02.22.09\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AIB trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S748B80K\channel-reward-central_com[1].htm HTML/ScrInject.B.Gen virus
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X86EVA7T\channel-reward-central_com[1].htm HTML/ScrInject.B.Gen virus

I'm still getting some redirecting when I click on links (Not always), sometimes there is way more than usual lag, sometimes the cpu is completely used with the browser where it never was before. I think that's about it.
Thanks again
-Dawn

#28 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 30 March 2012 - 09:20 PM

If FireFox is your main browser, please download GooredFix

Save to the Desktop.
Ensure all FireFox windows are closed!

To run the tool, double-click it.

When prompted to run the scan, click: Yes

GooredFix checks for infections, and, when done, a log appears on your Desktop.

Please post the Goored.txt in your reply.

Old duck...


#29 dawnmomoffour

dawnmomoffour
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 31 March 2012 - 12:17 AM

Here is the Goored.txt log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:16 on 31/03/2012 (Dawn)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:08 25/11/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [15:57 21/12/2010]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [21:23 14/03/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [07:42 22/07/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [12:41 17/12/2011]

C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\f3bihcd9.default\extensions\
engine@conduit.com [18:37 25/01/2011]
ffxtlbr@babylon.com [19:04 23/02/2012]
{20a82645-c095-46ed-80e3-08825760534b} [23:03 08/10/2010]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [02:26 15/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:54 04/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [12:18 25/09/2009]

---------- Old Logs ----------
GooredFix[05.16.08_31-03-2012].txt

-=E.O.F=-

#30 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:58 PM

Posted 31 March 2012 - 12:03 PM

Let's disable Add-ons in FireFox and Chrome (if used).


FireFox:

Go to Start > All Programs > Mozilla, and select: Mozilla Firefox (Safe Mode)
Once FireFox has started, a window pops up:

Posted Image

Check the option: Disable all add-ons
Select: Make Changes and Restart



Chrome:

Start Chrome, and in the address bar please type: chrome://extensions/

A lsit with the installed extensions pops up.
Please disable all of them.


After running GooredFix, and completing the steps above related to Add-ons, are you still getting redirected?

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users