Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, symptoms include Google redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 tanstaaffl

tanstaaffl

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 25 March 2012 - 11:09 PM

I became infected with something a few days ago. The immediate symptom was multiple error windows opening up saying "Delayed Write Failed" and something about a hard drive error. All of my desktop and start menu icons suddenly disappeared. I rebooted in Safe Mode with Networking and ran a quick scan of Malwarebytes. It found a few infections and cleared them. I then ran a full scan and it found one more. After rebooting into normal mode, none of my icons had returned. Using this website I downloaded and ran Unhide which brought them back but did not return my customized thinks like desktop background and some of the customizable start menu items like control panel and search.

There is definitely something still on my system because I am experiencing the following symtoms:

1) Booting into safe mode with networking gives the following error: svchost.exe - Application Error The instruction at "0x00fe2110" referred memory at "0x10f7aa60". The memory could not be "read".

2) Searching with Google occasionally redirects to sites like Lycos and music download sites.

3) I occasionally get a message that windows explorer has shut down and is restarting. This does not interrupt my web browsing but causes a "refresh" of the desktop.

4) I cannot run rkill. I have tried all of the download formats available and cannot get it to run, even in safe mode. I don't get an error message, but the command prompt window only blinks open for a second before disappearing. The rkill process runs indefinitely unless I kill it with Task Manager but does not seem to be working.

Here are my DDS logs and my GMER log. Note that when I run GMER I get an error: LoadDriver ("c:\DOCU~\Temp\pwtdipow.sys") error 0xC000010E Cannot create a stable subkey under a volatile parent key. I was still able to run a scan but could not check several of the boxes on the right side (they were grayed out and unavailable).

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Amanda at 18:29:13 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1246 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\Amanda\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\amanda\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\amanda\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1298328211603
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265869276170
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9B5FF520-16CB-485A-9796-BF1F5B2CFC23} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\amanda\application data\mozilla\firefox\profiles\x8v8k2j8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2006-11-4 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2006-11-4 38528]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-28 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-10-1 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-7-1 172032]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-20 218688]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2008-11-8 9216]
S1 82668157;82668157;c:\windows\system32\drivers\82668157.sys [2009-7-6 0]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-10-1 14976]
.
=============== Created Last 30 ================
.
2012-03-18 15:48:36 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 15:48:36 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-02-21 14:07:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:41:23.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 26 March 2012 - 08:22 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 27 March 2012 - 12:08 AM

Hi Gringo,

Ok I ran Combofix and the log is posted below. Google is still redirecting searches. I also noticed that when I open Firefox, it gives me the "Firefox is not currently your default browser" message even though I have not opened any other browser.

ComboFix 12-03-26.02 - Amanda 03/26/2012 19:36:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1236 [GMT -7:00]
Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Amanda\Application Data\Adobe\usanaz.exe
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\MSI7F.tmp.4049d4c9.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Amanda\Application Data\inst.exe
c:\documents and settings\Amanda\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Amanda\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Amanda\Local Settings\Application Data\{199DC0C5-F6AA-4690-B301-E247B5E6129F}\chrome.manifest
c:\documents and settings\Amanda\Local Settings\Application Data\{199DC0C5-F6AA-4690-B301-E247B5E6129F}\chrome\content\_cfg.js
c:\documents and settings\Amanda\Local Settings\Application Data\{199DC0C5-F6AA-4690-B301-E247B5E6129F}\chrome\content\c.js
c:\documents and settings\Amanda\Local Settings\Application Data\{199DC0C5-F6AA-4690-B301-E247B5E6129F}\chrome\content\overlay.xul
c:\documents and settings\Amanda\Local Settings\Application Data\{199DC0C5-F6AA-4690-B301-E247B5E6129F}\install.rdf
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\ehExtHost.exe.fa7bea74.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\EHShell.exe.a87fcbb.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\Launcher.exe.33c15faa.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b7231ca1.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\MSI7F.tmp.4049d4c9.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\SL462.tmp.e9783442.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\tunerpriority.exe.61272669.ini
c:\documents and settings\Amanda\Local Settings\Application Data\ApplicationHistory\uccc.exe.8ab524e5.ini
c:\documents and settings\Amanda\Local Settings\Application Data\mfcUserServ\usbnetmm.dll
c:\program files\Common Files\Microsoft Shared\MSInfo\paramstr.txt
c:\program files\Microsoft Office\Office11\OSA.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\kb913800.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\accs.txt
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MSI7F.tmp.4049d4c9.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini
c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
c:\windows\wiaservim.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_WINDOWS_NETWORK_LOG_MANAGE
-------\Service_npf
-------\Service_Windows Network Log Manage
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-26 00:39 . 2012-03-26 00:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-23 15:25 . 2012-03-23 15:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-18 15:48 . 2012-03-18 15:48 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 15:48 . 2012-03-18 15:48 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 14:07 . 2011-06-15 12:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:34 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 15:48 . 2011-09-17 05:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
c:\documents and settings\Amanda\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Amanda\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 23:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 15:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2007-10-22 20:52 75584 ----a-w- c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 23:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/17/2008 04:11 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 04:11 PM 55024]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/4/2006 05:13 PM 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/4/2006 05:13 PM 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/28/2009 12:09 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/1/2008 02:53 AM 98304]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/20/2011 11:47 PM 218688]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [11/8/2008 08:58 AM 9216]
S1 82668157;82668157;c:\windows\system32\drivers\82668157.sys [7/6/2009 06:03 PM 0]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/25/2007 09:13 PM 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 04:11 PM 7408]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/1/2008 02:54 AM 14976]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\x8v8k2j8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ekERQlcaDjdmJgi - c:\documents and settings\All Users\Application Data\ekERQlcaDjdmJgi.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-HijackThis - C:\HijackThis.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,d3,9d,e7,9b,08,da,43,a0,8f,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,d3,9d,e7,9b,08,da,43,a0,8f,b7,\
.
[HKEY_USERS\S-1-5-21-2776097877-1824206826-302293271-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,f3,04,3b,59,f0,d3,51,70,c4,4c,7f,37,47,d4,21,7c,09,27,d1,e9,b0,87,
f9,ae,c9,b9,cf,22,70,46,bb,50,bf,7b,8e,37,b1,10,b8,9a,be,f2,33,65,28,f6,f0,\
"??"=hex:f4,9d,d7,7c,bf,d2,b6,a0,55,4e,c9,16,1e,a9,d0,f5
.
[HKEY_USERS\S-1-5-21-2776097877-1824206826-302293271-1006\Software\SecuROM\License information*]
"datasecu"=hex:5b,02,fe,53,66,74,77,b3,f0,26,b0,82,ca,e2,f9,a1,65,3b,88,da,a1,
4e,4f,76,49,2d,b3,20,4a,f3,f0,8b,41,dc,7d,eb,ce,7b,3b,f4,91,86,27,f8,2c,bc,\
"rkeysecu"=hex:fa,1a,0f,a1,4b,1c,6c,a5,2c,f0,ce,25,01,b6,e9,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-03-26 20:26:10
ComboFix-quarantined-files.txt 2012-03-27 03:25
.
Pre-Run: 15,375,736,832 bytes free
Post-Run: 16,552,292,352 bytes free
.
- - End Of File - - F589914A519E954CF173AB38C008C87E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 March 2012 - 12:15 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 27 March 2012 - 08:21 PM

OK, I ran those two programs and the log files are posted below. TDSSKiller found one infected file and I used the CURE option. It then asked to reboot, which I did. aswMBR also found a suspicious file: System32\DLA\DLAResN.sys but I took no action, just saved the log.

I ran a couple of quick searches just now and nothing was redirecting at the moment. I did run across an error (before I ran both the programs) where a window popped up that said the following:

Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\WINDOWS\explorer.exe
This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.

Here are the logs:

17:16:45.0313 3460 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:16:45.0875 3460 ============================================================
17:16:45.0875 3460 Current date / time: 2012/03/27 17:16:45.0875
17:16:45.0875 3460 SystemInfo:
17:16:45.0875 3460
17:16:45.0875 3460 OS Version: 5.1.2600 ServicePack: 3.0
17:16:45.0875 3460 Product type: Workstation
17:16:45.0875 3460 ComputerName: TURTLE
17:16:45.0875 3460 UserName: Amanda
17:16:45.0875 3460 Windows directory: C:\WINDOWS
17:16:45.0875 3460 System windows directory: C:\WINDOWS
17:16:45.0875 3460 Processor architecture: Intel x86
17:16:45.0875 3460 Number of processors: 2
17:16:45.0875 3460 Page size: 0x1000
17:16:45.0875 3460 Boot type: Normal boot
17:16:45.0875 3460 ============================================================
17:16:46.0266 3460 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:16:46.0266 3460 \Device\Harddisk0\DR0:
17:16:46.0282 3460 MBR used
17:16:46.0282 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x1C838DD2
17:16:46.0328 3460 Initialize success
17:16:46.0328 3460 ============================================================
17:16:48.0766 3996 ============================================================
17:16:48.0766 3996 Scan started
17:16:48.0766 3996 Mode: Manual;
17:16:48.0766 3996 ============================================================
17:16:51.0141 3996 82668157 - ok
17:16:51.0157 3996 Abiosdsk - ok
17:16:51.0219 3996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:16:51.0219 3996 abp480n5 - ok
17:16:51.0282 3996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:16:51.0282 3996 ACPI - ok
17:16:51.0313 3996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:16:51.0313 3996 ACPIEC - ok
17:16:51.0375 3996 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:16:51.0375 3996 Adobe LM Service - ok
17:16:51.0391 3996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:16:51.0407 3996 adpu160m - ok
17:16:51.0469 3996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:16:51.0469 3996 aec - ok
17:16:51.0532 3996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:16:51.0547 3996 AFD - ok
17:16:51.0594 3996 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:16:51.0594 3996 agp440 - ok
17:16:51.0610 3996 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:16:51.0610 3996 agpCPQ - ok
17:16:51.0625 3996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:16:51.0625 3996 Aha154x - ok
17:16:51.0641 3996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:16:51.0641 3996 aic78u2 - ok
17:16:51.0641 3996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:16:51.0641 3996 aic78xx - ok
17:16:51.0703 3996 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:16:51.0735 3996 Alerter - ok
17:16:51.0782 3996 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:16:51.0782 3996 ALG - ok
17:16:51.0813 3996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:16:51.0813 3996 AliIde - ok
17:16:51.0860 3996 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:16:51.0860 3996 alim1541 - ok
17:16:51.0875 3996 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:16:51.0875 3996 amdagp - ok
17:16:51.0875 3996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:16:51.0875 3996 amsint - ok
17:16:51.0922 3996 AnyDVD (d90fa12a6eceb522f2fc58dd7fdd1480) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:16:51.0922 3996 AnyDVD - ok
17:16:52.0047 3996 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:16:52.0047 3996 Apple Mobile Device - ok
17:16:52.0110 3996 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:16:52.0110 3996 AppMgmt - ok
17:16:52.0188 3996 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:16:52.0188 3996 Arp1394 - ok
17:16:52.0235 3996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:16:52.0235 3996 asc - ok
17:16:52.0250 3996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:16:52.0250 3996 asc3350p - ok
17:16:52.0266 3996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:16:52.0266 3996 asc3550 - ok
17:16:52.0344 3996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:16:52.0391 3996 aspnet_state - ok
17:16:52.0453 3996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:16:52.0453 3996 AsyncMac - ok
17:16:52.0469 3996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:16:52.0469 3996 atapi - ok
17:16:52.0485 3996 Atdisk - ok
17:16:52.0547 3996 Ati HotKey Poller (2a27a3a8634fb9e29f539d6d3ed3646a) C:\WINDOWS\system32\Ati2evxx.exe
17:16:52.0563 3996 Ati HotKey Poller - ok
17:16:52.0641 3996 ATI Smart (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe
17:16:52.0657 3996 ATI Smart - ok
17:16:52.0797 3996 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:16:52.0891 3996 ati2mtag - ok
17:16:52.0985 3996 ATIAVPCI (03df0df1edeb7c7dd03b97d9ffc0ba4e) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
17:16:53.0000 3996 ATIAVPCI - ok
17:16:53.0063 3996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:16:53.0063 3996 Atmarpc - ok
17:16:53.0125 3996 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:16:53.0125 3996 AudioSrv - ok
17:16:53.0157 3996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:16:53.0157 3996 audstub - ok
17:16:53.0188 3996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:16:53.0188 3996 Beep - ok
17:16:53.0250 3996 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:16:53.0391 3996 BITS - ok
17:16:53.0516 3996 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:16:53.0532 3996 Bonjour Service - ok
17:16:53.0610 3996 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:16:53.0610 3996 Browser - ok
17:16:53.0688 3996 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:16:53.0688 3996 BVRPMPR5 - ok
17:16:53.0703 3996 bvrp_pci - ok
17:16:53.0782 3996 catchme - ok
17:16:53.0828 3996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:16:53.0828 3996 cbidf - ok
17:16:53.0828 3996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:16:53.0828 3996 cbidf2k - ok
17:16:53.0875 3996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:16:53.0875 3996 CCDECODE - ok
17:16:53.0891 3996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:16:53.0891 3996 cd20xrnt - ok
17:16:53.0922 3996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:16:53.0938 3996 Cdaudio - ok
17:16:53.0985 3996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:16:53.0985 3996 Cdfs - ok
17:16:54.0016 3996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:16:54.0016 3996 Cdrom - ok
17:16:54.0032 3996 Changer - ok
17:16:54.0078 3996 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:16:54.0078 3996 CiSvc - ok
17:16:54.0125 3996 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:16:54.0125 3996 ClipSrv - ok
17:16:54.0219 3996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:54.0266 3996 clr_optimization_v2.0.50727_32 - ok
17:16:54.0328 3996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:16:54.0328 3996 CmdIde - ok
17:16:54.0360 3996 COMSysApp - ok
17:16:54.0407 3996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:16:54.0407 3996 Cpqarray - ok
17:16:54.0453 3996 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:16:54.0453 3996 CryptSvc - ok
17:16:54.0500 3996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:16:54.0500 3996 dac2w2k - ok
17:16:54.0532 3996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:16:54.0532 3996 dac960nt - ok
17:16:54.0578 3996 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:16:54.0594 3996 DcomLaunch - ok
17:16:54.0672 3996 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:16:54.0672 3996 Dhcp - ok
17:16:54.0735 3996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:16:54.0735 3996 Disk - ok
17:16:54.0766 3996 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:16:54.0766 3996 DLABOIOM - ok
17:16:54.0766 3996 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:16:54.0766 3996 DLACDBHM - ok
17:16:54.0797 3996 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:16:54.0797 3996 DLADResN - ok
17:16:54.0797 3996 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:16:54.0797 3996 DLAIFS_M - ok
17:16:54.0844 3996 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:16:54.0844 3996 DLAOPIOM - ok
17:16:54.0844 3996 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:16:54.0844 3996 DLAPoolM - ok
17:16:54.0860 3996 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:16:54.0860 3996 DLARTL_N - ok
17:16:54.0860 3996 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:16:54.0860 3996 DLAUDFAM - ok
17:16:54.0875 3996 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:16:54.0875 3996 DLAUDF_M - ok
17:16:54.0875 3996 dlcc_device - ok
17:16:54.0891 3996 dmadmin - ok
17:16:54.0953 3996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:16:54.0985 3996 dmboot - ok
17:16:55.0016 3996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:16:55.0016 3996 dmio - ok
17:16:55.0032 3996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:16:55.0032 3996 dmload - ok
17:16:55.0094 3996 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:16:55.0094 3996 dmserver - ok
17:16:55.0141 3996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:16:55.0141 3996 DMusic - ok
17:16:55.0172 3996 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:16:55.0172 3996 Dnscache - ok
17:16:55.0250 3996 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:16:55.0250 3996 Dot3svc - ok
17:16:55.0313 3996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:16:55.0313 3996 dpti2o - ok
17:16:55.0360 3996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:55.0360 3996 drmkaud - ok
17:16:55.0422 3996 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:16:55.0422 3996 DRVMCDB - ok
17:16:55.0438 3996 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:16:55.0438 3996 DRVNDDM - ok
17:16:55.0500 3996 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:16:55.0500 3996 DSproct - ok
17:16:55.0563 3996 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:16:55.0563 3996 dtsoftbus01 - ok
17:16:55.0610 3996 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:16:55.0625 3996 E100B - ok
17:16:55.0688 3996 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:16:55.0688 3996 e1express - ok
17:16:55.0750 3996 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:16:55.0750 3996 EapHost - ok
17:16:55.0828 3996 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
17:16:55.0828 3996 ehRecvr - ok
17:16:55.0860 3996 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
17:16:55.0860 3996 ehSched - ok
17:16:55.0907 3996 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:16:55.0907 3996 ElbyCDIO - ok
17:16:55.0938 3996 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:16:55.0938 3996 ERSvc - ok
17:16:55.0969 3996 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:16:56.0000 3996 Eventlog - ok
17:16:56.0047 3996 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:16:56.0047 3996 EventSystem - ok
17:16:56.0110 3996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:16:56.0110 3996 Fastfat - ok
17:16:56.0188 3996 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:16:56.0188 3996 FastUserSwitchingCompatibility - ok
17:16:56.0250 3996 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:16:56.0250 3996 Fax - ok
17:16:56.0313 3996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:16:56.0313 3996 Fdc - ok
17:16:56.0344 3996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:16:56.0360 3996 Fips - ok
17:16:56.0391 3996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:16:56.0391 3996 Flpydisk - ok
17:16:56.0469 3996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:16:56.0469 3996 FltMgr - ok
17:16:56.0578 3996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:16:56.0578 3996 FontCache3.0.0.0 - ok
17:16:56.0641 3996 FStarForce (798992a237cdb5e68dca42c4714a9d84) C:\WINDOWS\system32\DRIVERS\FStarForce.sys
17:16:56.0657 3996 FStarForce - ok
17:16:56.0703 3996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:16:56.0703 3996 Fs_Rec - ok
17:16:56.0750 3996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:16:56.0750 3996 Ftdisk - ok
17:16:56.0813 3996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:16:56.0813 3996 GEARAspiWDM - ok
17:16:56.0860 3996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:16:56.0860 3996 Gpc - ok
17:16:56.0953 3996 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:16:56.0953 3996 gusvc - ok
17:16:57.0016 3996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:16:57.0016 3996 HDAudBus - ok
17:16:57.0063 3996 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:16:57.0063 3996 helpsvc - ok
17:16:57.0094 3996 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
17:16:57.0110 3996 HidIr - ok
17:16:57.0125 3996 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:16:57.0125 3996 HidServ - ok
17:16:57.0188 3996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:16:57.0203 3996 HidUsb - ok
17:16:57.0282 3996 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:16:57.0282 3996 hkmsvc - ok
17:16:57.0313 3996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:16:57.0313 3996 hpn - ok
17:16:57.0360 3996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:16:57.0360 3996 HSFHWBS2 - ok
17:16:57.0407 3996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:16:57.0438 3996 HSF_DP - ok
17:16:57.0500 3996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:16:57.0500 3996 HTTP - ok
17:16:57.0563 3996 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:16:57.0578 3996 HTTPFilter - ok
17:16:57.0610 3996 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:16:57.0610 3996 i2omgmt - ok
17:16:57.0641 3996 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:16:57.0641 3996 i2omp - ok
17:16:57.0672 3996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:16:57.0672 3996 i8042prt - ok
17:16:57.0766 3996 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:16:57.0766 3996 IAANTMON - ok
17:16:57.0828 3996 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
17:16:57.0844 3996 iastor - ok
17:16:58.0016 3996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:16:58.0032 3996 idsvc - ok
17:16:58.0078 3996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:16:58.0078 3996 Imapi - ok
17:16:58.0141 3996 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:16:58.0157 3996 ImapiService - ok
17:16:58.0188 3996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:16:58.0188 3996 ini910u - ok
17:16:58.0219 3996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:16:58.0219 3996 IntelIde - ok
17:16:58.0282 3996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:16:58.0282 3996 intelppm - ok
17:16:58.0313 3996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:16:58.0313 3996 Ip6Fw - ok
17:16:58.0360 3996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:16:58.0360 3996 IpFilterDriver - ok
17:16:58.0407 3996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:16:58.0422 3996 IpInIp - ok
17:16:58.0469 3996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:16:58.0469 3996 IpNat - ok
17:16:58.0563 3996 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
17:16:58.0578 3996 iPod Service - ok
17:16:58.0641 3996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:16:58.0657 3996 IPSec - ok
17:16:58.0703 3996 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
17:16:58.0703 3996 IrBus - ok
17:16:58.0750 3996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:16:58.0750 3996 IRENUM - ok
17:16:58.0813 3996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:16:58.0813 3996 isapnp - ok
17:16:58.0907 3996 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
17:16:58.0907 3996 JavaQuickStarterService - ok
17:16:58.0938 3996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:58.0938 3996 Kbdclass - ok
17:16:58.0953 3996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:16:58.0969 3996 kbdhid - ok
17:16:59.0000 3996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:16:59.0000 3996 kmixer - ok
17:16:59.0047 3996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:59.0047 3996 KSecDD - ok
17:16:59.0078 3996 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:16:59.0094 3996 lanmanserver - ok
17:16:59.0141 3996 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:16:59.0141 3996 lanmanworkstation - ok
17:16:59.0141 3996 lbrtfdc - ok
17:16:59.0203 3996 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:16:59.0203 3996 LmHosts - ok
17:16:59.0235 3996 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
17:16:59.0235 3996 McrdSvc - ok
17:16:59.0313 3996 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:16:59.0313 3996 MDM - ok
17:16:59.0375 3996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:16:59.0375 3996 mdmxsdk - ok
17:16:59.0407 3996 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:16:59.0407 3996 Messenger - ok
17:16:59.0469 3996 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
17:16:59.0469 3996 MHN - ok
17:16:59.0532 3996 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:16:59.0532 3996 MHNDRV - ok
17:16:59.0547 3996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:59.0547 3996 mnmdd - ok
17:16:59.0594 3996 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:16:59.0594 3996 mnmsrvc - ok
17:16:59.0657 3996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:16:59.0657 3996 Modem - ok
17:16:59.0719 3996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:16:59.0719 3996 MODEMCSA - ok
17:16:59.0766 3996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:59.0766 3996 Mouclass - ok
17:16:59.0828 3996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:59.0828 3996 mouhid - ok
17:16:59.0891 3996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:59.0891 3996 MountMgr - ok
17:16:59.0922 3996 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:16:59.0922 3996 MPE - ok
17:16:59.0969 3996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:16:59.0969 3996 mraid35x - ok
17:17:00.0016 3996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:17:00.0032 3996 MRxDAV - ok
17:17:00.0078 3996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:17:00.0094 3996 MRxSmb - ok
17:17:00.0141 3996 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:17:00.0141 3996 MSDTC - ok
17:17:00.0172 3996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:17:00.0172 3996 Msfs - ok
17:17:00.0188 3996 MSIServer - ok
17:17:00.0219 3996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:17:00.0219 3996 MSKSSRV - ok
17:17:00.0266 3996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:17:00.0266 3996 MSPCLOCK - ok
17:17:00.0282 3996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:17:00.0282 3996 MSPQM - ok
17:17:00.0344 3996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:17:00.0344 3996 mssmbios - ok
17:17:00.0391 3996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:17:00.0391 3996 MSTEE - ok
17:17:00.0469 3996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:17:00.0469 3996 Mup - ok
17:17:00.0532 3996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:17:00.0532 3996 NABTSFEC - ok
17:17:00.0594 3996 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
17:17:00.0594 3996 NAL - ok
17:17:00.0657 3996 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:17:00.0657 3996 napagent - ok
17:17:00.0672 3996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:17:00.0672 3996 NDIS - ok
17:17:00.0719 3996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:17:00.0719 3996 NdisIP - ok
17:17:00.0766 3996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:17:00.0766 3996 NdisTapi - ok
17:17:00.0782 3996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:17:00.0782 3996 Ndisuio - ok
17:17:00.0813 3996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:17:00.0813 3996 NdisWan - ok
17:17:00.0860 3996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:17:00.0860 3996 NDProxy - ok
17:17:00.0860 3996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:17:00.0860 3996 NetBIOS - ok
17:17:00.0907 3996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:17:00.0922 3996 NetBT - ok
17:17:00.0969 3996 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:17:00.0969 3996 NetDDE - ok
17:17:00.0985 3996 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:17:00.0985 3996 NetDDEdsdm - ok
17:17:01.0047 3996 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:01.0047 3996 Netlogon - ok
17:17:01.0094 3996 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:17:01.0094 3996 Netman - ok
17:17:01.0188 3996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:17:01.0188 3996 NetTcpPortSharing - ok
17:17:01.0235 3996 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:17:01.0235 3996 NIC1394 - ok
17:17:01.0297 3996 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:17:01.0297 3996 Nla - ok
17:17:01.0344 3996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:17:01.0344 3996 Npfs - ok
17:17:01.0375 3996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:17:01.0391 3996 Ntfs - ok
17:17:01.0407 3996 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:01.0407 3996 NtLmSsp - ok
17:17:01.0469 3996 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:17:01.0500 3996 NtmsSvc - ok
17:17:01.0547 3996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:17:01.0547 3996 Null - ok
17:17:01.0657 3996 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:17:01.0703 3996 nv - ok
17:17:01.0735 3996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:17:01.0735 3996 NwlnkFlt - ok
17:17:01.0782 3996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:17:01.0782 3996 NwlnkFwd - ok
17:17:01.0844 3996 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:17:01.0844 3996 ohci1394 - ok
17:17:01.0922 3996 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:01.0922 3996 ose - ok
17:17:01.0953 3996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:17:01.0953 3996 Parport - ok
17:17:01.0969 3996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:17:01.0969 3996 PartMgr - ok
17:17:02.0016 3996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:17:02.0016 3996 ParVdm - ok
17:17:02.0047 3996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:17:02.0047 3996 PCI - ok
17:17:02.0063 3996 PCIDump - ok
17:17:02.0094 3996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:17:02.0094 3996 PCIIde - ok
17:17:02.0157 3996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:17:02.0157 3996 Pcmcia - ok
17:17:02.0219 3996 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:17:02.0250 3996 pcouffin - ok
17:17:02.0266 3996 PDCOMP - ok
17:17:02.0282 3996 PDFRAME - ok
17:17:02.0282 3996 PDRELI - ok
17:17:02.0297 3996 PDRFRAME - ok
17:17:02.0328 3996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:17:02.0328 3996 perc2 - ok
17:17:02.0360 3996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:17:02.0360 3996 perc2hib - ok
17:17:02.0438 3996 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:17:02.0438 3996 PlugPlay - ok
17:17:02.0516 3996 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
17:17:02.0516 3996 PnkBstrA - ok
17:17:02.0594 3996 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:02.0594 3996 PolicyAgent - ok
17:17:02.0657 3996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:17:02.0657 3996 PptpMiniport - ok
17:17:02.0672 3996 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:02.0672 3996 ProtectedStorage - ok
17:17:02.0672 3996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:17:02.0688 3996 PSched - ok
17:17:02.0688 3996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:17:02.0688 3996 Ptilink - ok
17:17:02.0750 3996 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:17:02.0750 3996 PxHelp20 - ok
17:17:02.0813 3996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:17:02.0813 3996 ql1080 - ok
17:17:02.0875 3996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:17:02.0875 3996 Ql10wnt - ok
17:17:02.0891 3996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:17:02.0891 3996 ql12160 - ok
17:17:02.0938 3996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:17:02.0938 3996 ql1240 - ok
17:17:03.0000 3996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:17:03.0000 3996 ql1280 - ok
17:17:03.0063 3996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:17:03.0063 3996 RasAcd - ok
17:17:03.0125 3996 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:17:03.0125 3996 RasAuto - ok
17:17:03.0188 3996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:17:03.0188 3996 Rasl2tp - ok
17:17:03.0235 3996 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:17:03.0235 3996 RasMan - ok
17:17:03.0266 3996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:17:03.0266 3996 RasPppoe - ok
17:17:03.0266 3996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:17:03.0266 3996 Raspti - ok
17:17:03.0328 3996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:17:03.0328 3996 Rdbss - ok
17:17:03.0391 3996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:17:03.0391 3996 RDPCDD - ok
17:17:03.0407 3996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:17:03.0407 3996 rdpdr - ok
17:17:03.0453 3996 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:17:03.0453 3996 RDPWD - ok
17:17:03.0516 3996 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:17:03.0516 3996 RDSessMgr - ok
17:17:03.0578 3996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:17:03.0578 3996 redbook - ok
17:17:03.0625 3996 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:17:03.0625 3996 RemoteAccess - ok
17:17:03.0688 3996 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:17:03.0703 3996 RemoteRegistry - ok
17:17:03.0719 3996 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:17:03.0719 3996 RpcLocator - ok
17:17:03.0766 3996 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:17:03.0766 3996 RpcSs - ok
17:17:03.0813 3996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:17:03.0813 3996 RSVP - ok
17:17:03.0860 3996 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:03.0860 3996 SamSs - ok
17:17:03.0922 3996 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:17:03.0938 3996 SASDIFSV - ok
17:17:03.0969 3996 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:17:03.0969 3996 SASENUM - ok
17:17:03.0985 3996 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:17:03.0985 3996 SASKUTIL - ok
17:17:04.0063 3996 SAVAdminService (36dd75ce0a157fdf408477cb69c18815) c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
17:17:04.0078 3996 SAVAdminService - ok
17:17:04.0110 3996 SAVOnAccessControl (e8fa00e75ef670122a25ee361b1075e0) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
17:17:04.0141 3996 SAVOnAccessControl - ok
17:17:04.0141 3996 SAVOnAccessFilter (184d53b4dc51808d7cceda51bf0f5440) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
17:17:04.0157 3996 SAVOnAccessFilter - ok
17:17:04.0203 3996 SAVService (2e83ad127667aa4e704011f71aa1351b) c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
17:17:04.0235 3996 SAVService - ok
17:17:04.0266 3996 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:17:04.0282 3996 SCardSvr - ok
17:17:04.0297 3996 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:17:04.0297 3996 SCDEmu - ok
17:17:04.0360 3996 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:17:04.0360 3996 Schedule - ok
17:17:04.0422 3996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:17:04.0422 3996 Secdrv - ok
17:17:04.0469 3996 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:17:04.0469 3996 seclogon - ok
17:17:04.0532 3996 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:17:04.0532 3996 SENS - ok
17:17:04.0594 3996 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:17:04.0594 3996 serenum - ok
17:17:04.0641 3996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:17:04.0641 3996 Serial - ok
17:17:04.0703 3996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:17:04.0703 3996 Sfloppy - ok
17:17:04.0750 3996 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:17:04.0782 3996 SharedAccess - ok
17:17:04.0828 3996 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:17:04.0844 3996 ShellHWDetection - ok
17:17:04.0844 3996 Simbad - ok
17:17:04.0891 3996 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:17:04.0907 3996 sisagp - ok
17:17:04.0922 3996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:17:04.0922 3996 SLIP - ok
17:17:05.0016 3996 Sophos AutoUpdate Service (eee9e1702e8d20f532776c88b3818a8c) c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
17:17:05.0016 3996 Sophos AutoUpdate Service - ok
17:17:05.0063 3996 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
17:17:05.0110 3996 SophosBootDriver - ok
17:17:05.0141 3996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:17:05.0141 3996 Sparrow - ok
17:17:05.0172 3996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:17:05.0172 3996 splitter - ok
17:17:05.0235 3996 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:17:05.0235 3996 Spooler - ok
17:17:05.0235 3996 sptd - ok
17:17:05.0266 3996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:17:05.0266 3996 sr - ok
17:17:05.0313 3996 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:17:05.0313 3996 srservice - ok
17:17:05.0360 3996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:17:05.0375 3996 Srv - ok
17:17:05.0422 3996 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:17:05.0422 3996 SSDPSRV - ok
17:17:05.0516 3996 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:17:05.0516 3996 StarWindServiceAE - ok
17:17:05.0594 3996 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
17:17:05.0625 3996 STHDA - ok
17:17:05.0688 3996 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:17:05.0703 3996 stisvc - ok
17:17:05.0750 3996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:17:05.0750 3996 streamip - ok
17:17:05.0782 3996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:17:05.0782 3996 swenum - ok
17:17:05.0782 3996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:17:05.0782 3996 swmidi - ok
17:17:05.0797 3996 SwPrv - ok
17:17:05.0813 3996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:17:05.0813 3996 symc810 - ok
17:17:05.0828 3996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:17:05.0828 3996 symc8xx - ok
17:17:05.0844 3996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:17:05.0844 3996 sym_hi - ok
17:17:05.0875 3996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:17:05.0875 3996 sym_u3 - ok
17:17:05.0938 3996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:17:05.0938 3996 sysaudio - ok
17:17:05.0985 3996 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:17:05.0985 3996 SysmonLog - ok
17:17:06.0047 3996 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:17:06.0047 3996 TapiSrv - ok
17:17:06.0110 3996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:17:06.0110 3996 Tcpip - ok
17:17:06.0157 3996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:17:06.0157 3996 TDPIPE - ok
17:17:06.0219 3996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:17:06.0219 3996 TDTCP - ok
17:17:06.0266 3996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:17:06.0266 3996 TermDD - ok
17:17:06.0328 3996 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:17:06.0344 3996 TermService - ok
17:17:06.0407 3996 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:17:06.0407 3996 Themes - ok
17:17:06.0453 3996 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:17:06.0453 3996 TlntSvr - ok
17:17:06.0485 3996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:17:06.0485 3996 TosIde - ok
17:17:06.0500 3996 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:17:06.0500 3996 TrkWks - ok
17:17:06.0563 3996 truecrypt (c9dc435873509e3c223e395853b771ca) C:\WINDOWS\system32\Drivers\truecrypt.sys
17:17:06.0563 3996 truecrypt - ok
17:17:06.0610 3996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:17:06.0610 3996 Udfs - ok
17:17:06.0625 3996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:17:06.0641 3996 ultra - ok
17:17:06.0688 3996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:17:06.0703 3996 Update - ok
17:17:06.0719 3996 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:17:06.0735 3996 upnphost - ok
17:17:06.0750 3996 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:17:06.0750 3996 UPS - ok
17:17:06.0813 3996 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:17:06.0813 3996 USBAAPL - ok
17:17:06.0828 3996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:17:06.0828 3996 usbccgp - ok
17:17:06.0891 3996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:17:06.0891 3996 usbehci - ok
17:17:06.0907 3996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:17:06.0907 3996 usbhub - ok
17:17:06.0907 3996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:17:06.0907 3996 usbprint - ok
17:17:06.0922 3996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:17:06.0922 3996 usbscan - ok
17:17:06.0938 3996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:17:06.0938 3996 USBSTOR - ok
17:17:06.0985 3996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:17:06.0985 3996 usbuhci - ok
17:17:07.0047 3996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:17:07.0047 3996 VgaSave - ok
17:17:07.0094 3996 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:17:07.0094 3996 viaagp - ok
17:17:07.0157 3996 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:17:07.0157 3996 ViaIde - ok
17:17:07.0157 3996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:17:07.0157 3996 VolSnap - ok
17:17:07.0203 3996 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:17:07.0219 3996 VSS - ok
17:17:07.0282 3996 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:17:07.0282 3996 w32time - ok
17:17:07.0328 3996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:17:07.0328 3996 Wanarp - ok
17:17:07.0344 3996 wanatw - ok
17:17:07.0344 3996 WDICA - ok
17:17:07.0391 3996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:17:07.0391 3996 wdmaud - ok
17:17:07.0407 3996 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:17:07.0407 3996 WebClient - ok
17:17:07.0438 3996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:17:07.0453 3996 winachsf - ok
17:17:07.0516 3996 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:17:07.0532 3996 winmgmt - ok
17:17:07.0578 3996 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:17:07.0578 3996 WmdmPmSN - ok
17:17:07.0657 3996 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:17:07.0688 3996 Wmi - ok
17:17:07.0719 3996 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:17:07.0719 3996 WmiApSrv - ok
17:17:07.0828 3996 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:17:07.0844 3996 WMPNetworkSvc - ok
17:17:07.0907 3996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:17:07.0907 3996 WpdUsb - ok
17:17:08.0172 3996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:17:08.0172 3996 WS2IFSL - ok
17:17:08.0250 3996 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:17:08.0250 3996 wscsvc - ok
17:17:08.0313 3996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:17:08.0313 3996 WSTCODEC - ok
17:17:08.0360 3996 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:17:08.0375 3996 wuauserv - ok
17:17:08.0438 3996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:17:08.0438 3996 WudfPf - ok
17:17:08.0453 3996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:17:08.0453 3996 WudfRd - ok
17:17:08.0516 3996 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:17:08.0516 3996 WudfSvc - ok
17:17:08.0578 3996 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:17:08.0672 3996 WZCSVC - ok
17:17:08.0735 3996 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:17:08.0750 3996 xmlprov - ok
17:17:08.0782 3996 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:17:08.0813 3996 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:17:08.0813 3996 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:17:08.0844 3996 Boot (0x1200) (ed074c608602d378e69d5e3f13b998a3) \Device\Harddisk0\DR0\Partition0
17:17:08.0844 3996 \Device\Harddisk0\DR0\Partition0 - ok
17:17:08.0844 3996 ============================================================
17:17:08.0844 3996 Scan finished
17:17:08.0844 3996 ============================================================
17:17:08.0860 2296 Detected object count: 1
17:17:08.0860 2296 Actual detected object count: 1
17:17:21.0063 2296 \Device\Harddisk0\DR0\# - copied to quarantine
17:17:21.0063 2296 \Device\Harddisk0\DR0 - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:17:21.0203 2296 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
17:17:21.0297 2296 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
17:17:21.0313 2296 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
17:17:21.0328 2296 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
17:17:21.0328 2296 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
17:17:21.0422 2296 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
17:17:21.0422 2296 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:17:21.0422 2296 \Device\Harddisk0\DR0 - ok
17:17:24.0110 2296 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:17:28.0313 2744 Deinitialize success

17:16:45.0313 3460 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:16:45.0875 3460 ============================================================
17:16:45.0875 3460 Current date / time: 2012/03/27 17:16:45.0875
17:16:45.0875 3460 SystemInfo:
17:16:45.0875 3460
17:16:45.0875 3460 OS Version: 5.1.2600 ServicePack: 3.0
17:16:45.0875 3460 Product type: Workstation
17:16:45.0875 3460 ComputerName: TURTLE
17:16:45.0875 3460 UserName: Amanda
17:16:45.0875 3460 Windows directory: C:\WINDOWS
17:16:45.0875 3460 System windows directory: C:\WINDOWS
17:16:45.0875 3460 Processor architecture: Intel x86
17:16:45.0875 3460 Number of processors: 2
17:16:45.0875 3460 Page size: 0x1000
17:16:45.0875 3460 Boot type: Normal boot
17:16:45.0875 3460 ============================================================
17:16:46.0266 3460 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:16:46.0266 3460 \Device\Harddisk0\DR0:
17:16:46.0282 3460 MBR used
17:16:46.0282 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x1C838DD2
17:16:46.0328 3460 Initialize success
17:16:46.0328 3460 ============================================================
17:16:48.0766 3996 ============================================================
17:16:48.0766 3996 Scan started
17:16:48.0766 3996 Mode: Manual;
17:16:48.0766 3996 ============================================================
17:16:51.0141 3996 82668157 - ok
17:16:51.0157 3996 Abiosdsk - ok
17:16:51.0219 3996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:16:51.0219 3996 abp480n5 - ok
17:16:51.0282 3996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:16:51.0282 3996 ACPI - ok
17:16:51.0313 3996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:16:51.0313 3996 ACPIEC - ok
17:16:51.0375 3996 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:16:51.0375 3996 Adobe LM Service - ok
17:16:51.0391 3996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:16:51.0407 3996 adpu160m - ok
17:16:51.0469 3996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:16:51.0469 3996 aec - ok
17:16:51.0532 3996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:16:51.0547 3996 AFD - ok
17:16:51.0594 3996 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:16:51.0594 3996 agp440 - ok
17:16:51.0610 3996 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:16:51.0610 3996 agpCPQ - ok
17:16:51.0625 3996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:16:51.0625 3996 Aha154x - ok
17:16:51.0641 3996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:16:51.0641 3996 aic78u2 - ok
17:16:51.0641 3996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:16:51.0641 3996 aic78xx - ok
17:16:51.0703 3996 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:16:51.0735 3996 Alerter - ok
17:16:51.0782 3996 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:16:51.0782 3996 ALG - ok
17:16:51.0813 3996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:16:51.0813 3996 AliIde - ok
17:16:51.0860 3996 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:16:51.0860 3996 alim1541 - ok
17:16:51.0875 3996 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:16:51.0875 3996 amdagp - ok
17:16:51.0875 3996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:16:51.0875 3996 amsint - ok
17:16:51.0922 3996 AnyDVD (d90fa12a6eceb522f2fc58dd7fdd1480) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:16:51.0922 3996 AnyDVD - ok
17:16:52.0047 3996 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:16:52.0047 3996 Apple Mobile Device - ok
17:16:52.0110 3996 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:16:52.0110 3996 AppMgmt - ok
17:16:52.0188 3996 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:16:52.0188 3996 Arp1394 - ok
17:16:52.0235 3996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:16:52.0235 3996 asc - ok
17:16:52.0250 3996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:16:52.0250 3996 asc3350p - ok
17:16:52.0266 3996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:16:52.0266 3996 asc3550 - ok
17:16:52.0344 3996 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:16:52.0391 3996 aspnet_state - ok
17:16:52.0453 3996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:16:52.0453 3996 AsyncMac - ok
17:16:52.0469 3996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:16:52.0469 3996 atapi - ok
17:16:52.0485 3996 Atdisk - ok
17:16:52.0547 3996 Ati HotKey Poller (2a27a3a8634fb9e29f539d6d3ed3646a) C:\WINDOWS\system32\Ati2evxx.exe
17:16:52.0563 3996 Ati HotKey Poller - ok
17:16:52.0641 3996 ATI Smart (72810c6a63076a480abce0e0ba0bc981) C:\WINDOWS\system32\ati2sgag.exe
17:16:52.0657 3996 ATI Smart - ok
17:16:52.0797 3996 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:16:52.0891 3996 ati2mtag - ok
17:16:52.0985 3996 ATIAVPCI (03df0df1edeb7c7dd03b97d9ffc0ba4e) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
17:16:53.0000 3996 ATIAVPCI - ok
17:16:53.0063 3996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:16:53.0063 3996 Atmarpc - ok
17:16:53.0125 3996 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:16:53.0125 3996 AudioSrv - ok
17:16:53.0157 3996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:16:53.0157 3996 audstub - ok
17:16:53.0188 3996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:16:53.0188 3996 Beep - ok
17:16:53.0250 3996 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:16:53.0391 3996 BITS - ok
17:16:53.0516 3996 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:16:53.0532 3996 Bonjour Service - ok
17:16:53.0610 3996 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:16:53.0610 3996 Browser - ok
17:16:53.0688 3996 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:16:53.0688 3996 BVRPMPR5 - ok
17:16:53.0703 3996 bvrp_pci - ok
17:16:53.0782 3996 catchme - ok
17:16:53.0828 3996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:16:53.0828 3996 cbidf - ok
17:16:53.0828 3996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:16:53.0828 3996 cbidf2k - ok
17:16:53.0875 3996 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:16:53.0875 3996 CCDECODE - ok
17:16:53.0891 3996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:16:53.0891 3996 cd20xrnt - ok
17:16:53.0922 3996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:16:53.0938 3996 Cdaudio - ok
17:16:53.0985 3996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:16:53.0985 3996 Cdfs - ok
17:16:54.0016 3996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:16:54.0016 3996 Cdrom - ok
17:16:54.0032 3996 Changer - ok
17:16:54.0078 3996 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:16:54.0078 3996 CiSvc - ok
17:16:54.0125 3996 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:16:54.0125 3996 ClipSrv - ok
17:16:54.0219 3996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:54.0266 3996 clr_optimization_v2.0.50727_32 - ok
17:16:54.0328 3996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:16:54.0328 3996 CmdIde - ok
17:16:54.0360 3996 COMSysApp - ok
17:16:54.0407 3996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:16:54.0407 3996 Cpqarray - ok
17:16:54.0453 3996 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:16:54.0453 3996 CryptSvc - ok
17:16:54.0500 3996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:16:54.0500 3996 dac2w2k - ok
17:16:54.0532 3996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:16:54.0532 3996 dac960nt - ok
17:16:54.0578 3996 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:16:54.0594 3996 DcomLaunch - ok
17:16:54.0672 3996 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:16:54.0672 3996 Dhcp - ok
17:16:54.0735 3996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:16:54.0735 3996 Disk - ok
17:16:54.0766 3996 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:16:54.0766 3996 DLABOIOM - ok
17:16:54.0766 3996 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:16:54.0766 3996 DLACDBHM - ok
17:16:54.0797 3996 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:16:54.0797 3996 DLADResN - ok
17:16:54.0797 3996 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:16:54.0797 3996 DLAIFS_M - ok
17:16:54.0844 3996 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:16:54.0844 3996 DLAOPIOM - ok
17:16:54.0844 3996 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:16:54.0844 3996 DLAPoolM - ok
17:16:54.0860 3996 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:16:54.0860 3996 DLARTL_N - ok
17:16:54.0860 3996 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:16:54.0860 3996 DLAUDFAM - ok
17:16:54.0875 3996 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:16:54.0875 3996 DLAUDF_M - ok
17:16:54.0875 3996 dlcc_device - ok
17:16:54.0891 3996 dmadmin - ok
17:16:54.0953 3996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:16:54.0985 3996 dmboot - ok
17:16:55.0016 3996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:16:55.0016 3996 dmio - ok
17:16:55.0032 3996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:16:55.0032 3996 dmload - ok
17:16:55.0094 3996 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:16:55.0094 3996 dmserver - ok
17:16:55.0141 3996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:16:55.0141 3996 DMusic - ok
17:16:55.0172 3996 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:16:55.0172 3996 Dnscache - ok
17:16:55.0250 3996 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:16:55.0250 3996 Dot3svc - ok
17:16:55.0313 3996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:16:55.0313 3996 dpti2o - ok
17:16:55.0360 3996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:55.0360 3996 drmkaud - ok
17:16:55.0422 3996 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:16:55.0422 3996 DRVMCDB - ok
17:16:55.0438 3996 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:16:55.0438 3996 DRVNDDM - ok
17:16:55.0500 3996 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:16:55.0500 3996 DSproct - ok
17:16:55.0563 3996 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:16:55.0563 3996 dtsoftbus01 - ok
17:16:55.0610 3996 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:16:55.0625 3996 E100B - ok
17:16:55.0688 3996 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:16:55.0688 3996 e1express - ok
17:16:55.0750 3996 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:16:55.0750 3996 EapHost - ok
17:16:55.0828 3996 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
17:16:55.0828 3996 ehRecvr - ok
17:16:55.0860 3996 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
17:16:55.0860 3996 ehSched - ok
17:16:55.0907 3996 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:16:55.0907 3996 ElbyCDIO - ok
17:16:55.0938 3996 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:16:55.0938 3996 ERSvc - ok
17:16:55.0969 3996 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:16:56.0000 3996 Eventlog - ok
17:16:56.0047 3996 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:16:56.0047 3996 EventSystem - ok
17:16:56.0110 3996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:16:56.0110 3996 Fastfat - ok
17:16:56.0188 3996 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:16:56.0188 3996 FastUserSwitchingCompatibility - ok
17:16:56.0250 3996 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:16:56.0250 3996 Fax - ok
17:16:56.0313 3996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:16:56.0313 3996 Fdc - ok
17:16:56.0344 3996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:16:56.0360 3996 Fips - ok
17:16:56.0391 3996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:16:56.0391 3996 Flpydisk - ok
17:16:56.0469 3996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:16:56.0469 3996 FltMgr - ok
17:16:56.0578 3996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:16:56.0578 3996 FontCache3.0.0.0 - ok
17:16:56.0641 3996 FStarForce (798992a237cdb5e68dca42c4714a9d84) C:\WINDOWS\system32\DRIVERS\FStarForce.sys
17:16:56.0657 3996 FStarForce - ok
17:16:56.0703 3996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:16:56.0703 3996 Fs_Rec - ok
17:16:56.0750 3996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:16:56.0750 3996 Ftdisk - ok
17:16:56.0813 3996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:16:56.0813 3996 GEARAspiWDM - ok
17:16:56.0860 3996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:16:56.0860 3996 Gpc - ok
17:16:56.0953 3996 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:16:56.0953 3996 gusvc - ok
17:16:57.0016 3996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:16:57.0016 3996 HDAudBus - ok
17:16:57.0063 3996 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:16:57.0063 3996 helpsvc - ok
17:16:57.0094 3996 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
17:16:57.0110 3996 HidIr - ok
17:16:57.0125 3996 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:16:57.0125 3996 HidServ - ok
17:16:57.0188 3996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:16:57.0203 3996 HidUsb - ok
17:16:57.0282 3996 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:16:57.0282 3996 hkmsvc - ok
17:16:57.0313 3996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:16:57.0313 3996 hpn - ok
17:16:57.0360 3996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:16:57.0360 3996 HSFHWBS2 - ok
17:16:57.0407 3996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:16:57.0438 3996 HSF_DP - ok
17:16:57.0500 3996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:16:57.0500 3996 HTTP - ok
17:16:57.0563 3996 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:16:57.0578 3996 HTTPFilter - ok
17:16:57.0610 3996 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:16:57.0610 3996 i2omgmt - ok
17:16:57.0641 3996 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:16:57.0641 3996 i2omp - ok
17:16:57.0672 3996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:16:57.0672 3996 i8042prt - ok
17:16:57.0766 3996 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:16:57.0766 3996 IAANTMON - ok
17:16:57.0828 3996 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iastor.sys
17:16:57.0844 3996 iastor - ok
17:16:58.0016 3996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:16:58.0032 3996 idsvc - ok
17:16:58.0078 3996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:16:58.0078 3996 Imapi - ok
17:16:58.0141 3996 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:16:58.0157 3996 ImapiService - ok
17:16:58.0188 3996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:16:58.0188 3996 ini910u - ok
17:16:58.0219 3996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:16:58.0219 3996 IntelIde - ok
17:16:58.0282 3996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:16:58.0282 3996 intelppm - ok
17:16:58.0313 3996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:16:58.0313 3996 Ip6Fw - ok
17:16:58.0360 3996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:16:58.0360 3996 IpFilterDriver - ok
17:16:58.0407 3996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:16:58.0422 3996 IpInIp - ok
17:16:58.0469 3996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:16:58.0469 3996 IpNat - ok
17:16:58.0563 3996 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
17:16:58.0578 3996 iPod Service - ok
17:16:58.0641 3996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:16:58.0657 3996 IPSec - ok
17:16:58.0703 3996 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
17:16:58.0703 3996 IrBus - ok
17:16:58.0750 3996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:16:58.0750 3996 IRENUM - ok
17:16:58.0813 3996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:16:58.0813 3996 isapnp - ok
17:16:58.0907 3996 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
17:16:58.0907 3996 JavaQuickStarterService - ok
17:16:58.0938 3996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:58.0938 3996 Kbdclass - ok
17:16:58.0953 3996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:16:58.0969 3996 kbdhid - ok
17:16:59.0000 3996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:16:59.0000 3996 kmixer - ok
17:16:59.0047 3996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:59.0047 3996 KSecDD - ok
17:16:59.0078 3996 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:16:59.0094 3996 lanmanserver - ok
17:16:59.0141 3996 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:16:59.0141 3996 lanmanworkstation - ok
17:16:59.0141 3996 lbrtfdc - ok
17:16:59.0203 3996 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:16:59.0203 3996 LmHosts - ok
17:16:59.0235 3996 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
17:16:59.0235 3996 McrdSvc - ok
17:16:59.0313 3996 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:16:59.0313 3996 MDM - ok
17:16:59.0375 3996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:16:59.0375 3996 mdmxsdk - ok
17:16:59.0407 3996 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:16:59.0407 3996 Messenger - ok
17:16:59.0469 3996 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
17:16:59.0469 3996 MHN - ok
17:16:59.0532 3996 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:16:59.0532 3996 MHNDRV - ok
17:16:59.0547 3996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:59.0547 3996 mnmdd - ok
17:16:59.0594 3996 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:16:59.0594 3996 mnmsrvc - ok
17:16:59.0657 3996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:16:59.0657 3996 Modem - ok
17:16:59.0719 3996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:16:59.0719 3996 MODEMCSA - ok
17:16:59.0766 3996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:59.0766 3996 Mouclass - ok
17:16:59.0828 3996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:59.0828 3996 mouhid - ok
17:16:59.0891 3996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:59.0891 3996 MountMgr - ok
17:16:59.0922 3996 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:16:59.0922 3996 MPE - ok
17:16:59.0969 3996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:16:59.0969 3996 mraid35x - ok
17:17:00.0016 3996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:17:00.0032 3996 MRxDAV - ok
17:17:00.0078 3996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:17:00.0094 3996 MRxSmb - ok
17:17:00.0141 3996 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:17:00.0141 3996 MSDTC - ok
17:17:00.0172 3996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:17:00.0172 3996 Msfs - ok
17:17:00.0188 3996 MSIServer - ok
17:17:00.0219 3996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:17:00.0219 3996 MSKSSRV - ok
17:17:00.0266 3996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:17:00.0266 3996 MSPCLOCK - ok
17:17:00.0282 3996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:17:00.0282 3996 MSPQM - ok
17:17:00.0344 3996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:17:00.0344 3996 mssmbios - ok
17:17:00.0391 3996 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:17:00.0391 3996 MSTEE - ok
17:17:00.0469 3996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:17:00.0469 3996 Mup - ok
17:17:00.0532 3996 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:17:00.0532 3996 NABTSFEC - ok
17:17:00.0594 3996 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
17:17:00.0594 3996 NAL - ok
17:17:00.0657 3996 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:17:00.0657 3996 napagent - ok
17:17:00.0672 3996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:17:00.0672 3996 NDIS - ok
17:17:00.0719 3996 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:17:00.0719 3996 NdisIP - ok
17:17:00.0766 3996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:17:00.0766 3996 NdisTapi - ok
17:17:00.0782 3996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:17:00.0782 3996 Ndisuio - ok
17:17:00.0813 3996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:17:00.0813 3996 NdisWan - ok
17:17:00.0860 3996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:17:00.0860 3996 NDProxy - ok
17:17:00.0860 3996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:17:00.0860 3996 NetBIOS - ok
17:17:00.0907 3996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:17:00.0922 3996 NetBT - ok
17:17:00.0969 3996 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:17:00.0969 3996 NetDDE - ok
17:17:00.0985 3996 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:17:00.0985 3996 NetDDEdsdm - ok
17:17:01.0047 3996 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:01.0047 3996 Netlogon - ok
17:17:01.0094 3996 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:17:01.0094 3996 Netman - ok
17:17:01.0188 3996 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:17:01.0188 3996 NetTcpPortSharing - ok
17:17:01.0235 3996 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:17:01.0235 3996 NIC1394 - ok
17:17:01.0297 3996 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:17:01.0297 3996 Nla - ok
17:17:01.0344 3996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:17:01.0344 3996 Npfs - ok
17:17:01.0375 3996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:17:01.0391 3996 Ntfs - ok
17:17:01.0407 3996 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:01.0407 3996 NtLmSsp - ok
17:17:01.0469 3996 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:17:01.0500 3996 NtmsSvc - ok
17:17:01.0547 3996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:17:01.0547 3996 Null - ok
17:17:01.0657 3996 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:17:01.0703 3996 nv - ok
17:17:01.0735 3996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:17:01.0735 3996 NwlnkFlt - ok
17:17:01.0782 3996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:17:01.0782 3996 NwlnkFwd - ok
17:17:01.0844 3996 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:17:01.0844 3996 ohci1394 - ok
17:17:01.0922 3996 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:01.0922 3996 ose - ok
17:17:01.0953 3996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:17:01.0953 3996 Parport - ok
17:17:01.0969 3996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:17:01.0969 3996 PartMgr - ok
17:17:02.0016 3996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:17:02.0016 3996 ParVdm - ok
17:17:02.0047 3996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:17:02.0047 3996 PCI - ok
17:17:02.0063 3996 PCIDump - ok
17:17:02.0094 3996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:17:02.0094 3996 PCIIde - ok
17:17:02.0157 3996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:17:02.0157 3996 Pcmcia - ok
17:17:02.0219 3996 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
17:17:02.0250 3996 pcouffin - ok
17:17:02.0266 3996 PDCOMP - ok
17:17:02.0282 3996 PDFRAME - ok
17:17:02.0282 3996 PDRELI - ok
17:17:02.0297 3996 PDRFRAME - ok
17:17:02.0328 3996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:17:02.0328 3996 perc2 - ok
17:17:02.0360 3996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:17:02.0360 3996 perc2hib - ok
17:17:02.0438 3996 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:17:02.0438 3996 PlugPlay - ok
17:17:02.0516 3996 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
17:17:02.0516 3996 PnkBstrA - ok
17:17:02.0594 3996 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:02.0594 3996 PolicyAgent - ok
17:17:02.0657 3996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:17:02.0657 3996 PptpMiniport - ok
17:17:02.0672 3996 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:02.0672 3996 ProtectedStorage - ok
17:17:02.0672 3996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:17:02.0688 3996 PSched - ok
17:17:02.0688 3996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:17:02.0688 3996 Ptilink - ok
17:17:02.0750 3996 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:17:02.0750 3996 PxHelp20 - ok
17:17:02.0813 3996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:17:02.0813 3996 ql1080 - ok
17:17:02.0875 3996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:17:02.0875 3996 Ql10wnt - ok
17:17:02.0891 3996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:17:02.0891 3996 ql12160 - ok
17:17:02.0938 3996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:17:02.0938 3996 ql1240 - ok
17:17:03.0000 3996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:17:03.0000 3996 ql1280 - ok
17:17:03.0063 3996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:17:03.0063 3996 RasAcd - ok
17:17:03.0125 3996 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:17:03.0125 3996 RasAuto - ok
17:17:03.0188 3996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:17:03.0188 3996 Rasl2tp - ok
17:17:03.0235 3996 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:17:03.0235 3996 RasMan - ok
17:17:03.0266 3996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:17:03.0266 3996 RasPppoe - ok
17:17:03.0266 3996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:17:03.0266 3996 Raspti - ok
17:17:03.0328 3996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:17:03.0328 3996 Rdbss - ok
17:17:03.0391 3996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:17:03.0391 3996 RDPCDD - ok
17:17:03.0407 3996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:17:03.0407 3996 rdpdr - ok
17:17:03.0453 3996 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:17:03.0453 3996 RDPWD - ok
17:17:03.0516 3996 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:17:03.0516 3996 RDSessMgr - ok
17:17:03.0578 3996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:17:03.0578 3996 redbook - ok
17:17:03.0625 3996 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:17:03.0625 3996 RemoteAccess - ok
17:17:03.0688 3996 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:17:03.0703 3996 RemoteRegistry - ok
17:17:03.0719 3996 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:17:03.0719 3996 RpcLocator - ok
17:17:03.0766 3996 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:17:03.0766 3996 RpcSs - ok
17:17:03.0813 3996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:17:03.0813 3996 RSVP - ok
17:17:03.0860 3996 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:17:03.0860 3996 SamSs - ok
17:17:03.0922 3996 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:17:03.0938 3996 SASDIFSV - ok
17:17:03.0969 3996 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:17:03.0969 3996 SASENUM - ok
17:17:03.0985 3996 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:17:03.0985 3996 SASKUTIL - ok
17:17:04.0063 3996 SAVAdminService (36dd75ce0a157fdf408477cb69c18815) c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
17:17:04.0078 3996 SAVAdminService - ok
17:17:04.0110 3996 SAVOnAccessControl (e8fa00e75ef670122a25ee361b1075e0) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
17:17:04.0141 3996 SAVOnAccessControl - ok
17:17:04.0141 3996 SAVOnAccessFilter (184d53b4dc51808d7cceda51bf0f5440) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
17:17:04.0157 3996 SAVOnAccessFilter - ok
17:17:04.0203 3996 SAVService (2e83ad127667aa4e704011f71aa1351b) c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
17:17:04.0235 3996 SAVService - ok
17:17:04.0266 3996 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:17:04.0282 3996 SCardSvr - ok
17:17:04.0297 3996 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:17:04.0297 3996 SCDEmu - ok
17:17:04.0360 3996 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:17:04.0360 3996 Schedule - ok
17:17:04.0422 3996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:17:04.0422 3996 Secdrv - ok
17:17:04.0469 3996 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:17:04.0469 3996 seclogon - ok
17:17:04.0532 3996 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:17:04.0532 3996 SENS - ok
17:17:04.0594 3996 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:17:04.0594 3996 serenum - ok
17:17:04.0641 3996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:17:04.0641 3996 Serial - ok
17:17:04.0703 3996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:17:04.0703 3996 Sfloppy - ok
17:17:04.0750 3996 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:17:04.0782 3996 SharedAccess - ok
17:17:04.0828 3996 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:17:04.0844 3996 ShellHWDetection - ok
17:17:04.0844 3996 Simbad - ok
17:17:04.0891 3996 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:17:04.0907 3996 sisagp - ok
17:17:04.0922 3996 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:17:04.0922 3996 SLIP - ok
17:17:05.0016 3996 Sophos AutoUpdate Service (eee9e1702e8d20f532776c88b3818a8c) c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
17:17:05.0016 3996 Sophos AutoUpdate Service - ok
17:17:05.0063 3996 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
17:17:05.0110 3996 SophosBootDriver - ok
17:17:05.0141 3996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:17:05.0141 3996 Sparrow - ok
17:17:05.0172 3996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:17:05.0172 3996 splitter - ok
17:17:05.0235 3996 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:17:05.0235 3996 Spooler - ok
17:17:05.0235 3996 sptd - ok
17:17:05.0266 3996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:17:05.0266 3996 sr - ok
17:17:05.0313 3996 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:17:05.0313 3996 srservice - ok
17:17:05.0360 3996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:17:05.0375 3996 Srv - ok
17:17:05.0422 3996 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:17:05.0422 3996 SSDPSRV - ok
17:17:05.0516 3996 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
17:17:05.0516 3996 StarWindServiceAE - ok
17:17:05.0594 3996 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
17:17:05.0625 3996 STHDA - ok
17:17:05.0688 3996 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:17:05.0703 3996 stisvc - ok
17:17:05.0750 3996 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:17:05.0750 3996 streamip - ok
17:17:05.0782 3996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:17:05.0782 3996 swenum - ok
17:17:05.0782 3996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:17:05.0782 3996 swmidi - ok
17:17:05.0797 3996 SwPrv - ok
17:17:05.0813 3996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:17:05.0813 3996 symc810 - ok
17:17:05.0828 3996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:17:05.0828 3996 symc8xx - ok
17:17:05.0844 3996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:17:05.0844 3996 sym_hi - ok
17:17:05.0875 3996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:17:05.0875 3996 sym_u3 - ok
17:17:05.0938 3996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:17:05.0938 3996 sysaudio - ok
17:17:05.0985 3996 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:17:05.0985 3996 SysmonLog - ok
17:17:06.0047 3996 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:17:06.0047 3996 TapiSrv - ok
17:17:06.0110 3996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:17:06.0110 3996 Tcpip - ok
17:17:06.0157 3996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:17:06.0157 3996 TDPIPE - ok
17:17:06.0219 3996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:17:06.0219 3996 TDTCP - ok
17:17:06.0266 3996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:17:06.0266 3996 TermDD - ok
17:17:06.0328 3996 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:17:06.0344 3996 TermService - ok
17:17:06.0407 3996 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:17:06.0407 3996 Themes - ok
17:17:06.0453 3996 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:17:06.0453 3996 TlntSvr - ok
17:17:06.0485 3996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:17:06.0485 3996 TosIde - ok
17:17:06.0500 3996 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:17:06.0500 3996 TrkWks - ok
17:17:06.0563 3996 truecrypt (c9dc435873509e3c223e395853b771ca) C:\WINDOWS\system32\Drivers\truecrypt.sys
17:17:06.0563 3996 truecrypt - ok
17:17:06.0610 3996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:17:06.0610 3996 Udfs - ok
17:17:06.0625 3996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:17:06.0641 3996 ultra - ok
17:17:06.0688 3996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:17:06.0703 3996 Update - ok
17:17:06.0719 3996 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:17:06.0735 3996 upnphost - ok
17:17:06.0750 3996 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:17:06.0750 3996 UPS - ok
17:17:06.0813 3996 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:17:06.0813 3996 USBAAPL - ok
17:17:06.0828 3996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:17:06.0828 3996 usbccgp - ok
17:17:06.0891 3996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:17:06.0891 3996 usbehci - ok
17:17:06.0907 3996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:17:06.0907 3996 usbhub - ok
17:17:06.0907 3996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:17:06.0907 3996 usbprint - ok
17:17:06.0922 3996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:17:06.0922 3996 usbscan - ok
17:17:06.0938 3996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:17:06.0938 3996 USBSTOR - ok
17:17:06.0985 3996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:17:06.0985 3996 usbuhci - ok
17:17:07.0047 3996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:17:07.0047 3996 VgaSave - ok
17:17:07.0094 3996 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:17:07.0094 3996 viaagp - ok
17:17:07.0157 3996 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:17:07.0157 3996 ViaIde - ok
17:17:07.0157 3996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:17:07.0157 3996 VolSnap - ok
17:17:07.0203 3996 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:17:07.0219 3996 VSS - ok
17:17:07.0282 3996 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:17:07.0282 3996 w32time - ok
17:17:07.0328 3996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:17:07.0328 3996 Wanarp - ok
17:17:07.0344 3996 wanatw - ok
17:17:07.0344 3996 WDICA - ok
17:17:07.0391 3996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:17:07.0391 3996 wdmaud - ok
17:17:07.0407 3996 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:17:07.0407 3996 WebClient - ok
17:17:07.0438 3996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:17:07.0453 3996 winachsf - ok
17:17:07.0516 3996 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:17:07.0532 3996 winmgmt - ok
17:17:07.0578 3996 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:17:07.0578 3996 WmdmPmSN - ok
17:17:07.0657 3996 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:17:07.0688 3996 Wmi - ok
17:17:07.0719 3996 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:17:07.0719 3996 WmiApSrv - ok
17:17:07.0828 3996 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:17:07.0844 3996 WMPNetworkSvc - ok
17:17:07.0907 3996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:17:07.0907 3996 WpdUsb - ok
17:17:08.0172 3996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:17:08.0172 3996 WS2IFSL - ok
17:17:08.0250 3996 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:17:08.0250 3996 wscsvc - ok
17:17:08.0313 3996 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:17:08.0313 3996 WSTCODEC - ok
17:17:08.0360 3996 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:17:08.0375 3996 wuauserv - ok
17:17:08.0438 3996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:17:08.0438 3996 WudfPf - ok
17:17:08.0453 3996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:17:08.0453 3996 WudfRd - ok
17:17:08.0516 3996 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:17:08.0516 3996 WudfSvc - ok
17:17:08.0578 3996 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:17:08.0672 3996 WZCSVC - ok
17:17:08.0735 3996 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:17:08.0750 3996 xmlprov - ok
17:17:08.0782 3996 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:17:08.0813 3996 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
17:17:08.0813 3996 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
17:17:08.0844 3996 Boot (0x1200) (ed074c608602d378e69d5e3f13b998a3) \Device\Harddisk0\DR0\Partition0
17:17:08.0844 3996 \Device\Harddisk0\DR0\Partition0 - ok
17:17:08.0844 3996 ============================================================
17:17:08.0844 3996 Scan finished
17:17:08.0844 3996 ============================================================
17:17:08.0860 2296 Detected object count: 1
17:17:08.0860 2296 Actual detected object count: 1
17:17:21.0063 2296 \Device\Harddisk0\DR0\# - copied to quarantine
17:17:21.0063 2296 \Device\Harddisk0\DR0 - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
17:17:21.0172 2296 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
17:17:21.0203 2296 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
17:17:21.0235 2296 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
17:17:21.0297 2296 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
17:17:21.0313 2296 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
17:17:21.0328 2296 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
17:17:21.0328 2296 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
17:17:21.0422 2296 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
17:17:21.0422 2296 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
17:17:21.0422 2296 \Device\Harddisk0\DR0 - ok
17:17:24.0110 2296 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
17:17:28.0313 2744 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 March 2012 - 08:52 PM

Hello


you sent me the TDSSKiller report twice

let me have aswMBR report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 27 March 2012 - 10:02 PM

Sorry about that. Here you go:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 17:25:30
-----------------------------
17:25:30.359 OS Version: Windows 5.1.2600 Service Pack 3
17:25:30.359 Number of processors: 2 586 0xF06
17:25:30.359 ComputerName: TURTLE UserName: Amanda
17:25:31.640 Initialize success
17:25:44.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
17:25:44.953 Disk 0 Vendor: WDC_WD25 10.0 Size: 238418MB BusType: 3
17:25:44.968 Disk 0 MBR read successfully
17:25:44.968 Disk 0 MBR scan
17:25:44.968 Disk 0 unknown MBR code
17:25:44.968 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
17:25:44.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233585 MB offset 128520
17:25:45.000 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 478528155
17:25:45.000 Disk 0 scanning sectors +488263545
17:25:45.062 Disk 0 scanning C:\WINDOWS\system32\drivers
17:25:56.265 Service scanning
17:26:11.546 Modules scanning
17:26:17.578 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:26:18.296 Disk 0 trace - called modules:
17:26:18.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:26:18.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8b5030]
17:26:18.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a89f030]
17:26:18.312 Scan finished successfully
18:14:18.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\MBR.dat"
18:14:18.828 The log file has been saved successfully to "C:\Documents and Settings\Amanda\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 March 2012 - 10:35 PM

Greetings

that file is fine

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 28 March 2012 - 01:15 AM

Hi Gringo,

Here is my new ComboFix log. I have not noticed any symptoms since those last two programs were run. No searches have been redirected thus far. I will continue to monitor it and let you know tomorrow if anything is still wrong. Thank you

ComboFix 12-03-26.02 - Amanda 03/27/2012 22:24:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -7:00]
Running from: c:\documents and settings\Amanda\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amanda\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 00:17 . 2012-03-28 00:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 00:39 . 2012-03-26 00:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-23 15:25 . 2012-03-23 15:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-18 15:48 . 2012-03-18 15:48 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 15:48 . 2012-03-18 15:48 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 14:07 . 2011-06-15 12:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2005-08-16 10:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 03:34 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2005-08-16 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 15:48 . 2011-09-17 05:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_03.10.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 00:19 . 2012-03-28 00:19 16384 c:\windows\temp\Perflib_Perfdata_64c.dat
+ 2005-08-16 10:18 . 2012-03-28 00:23 72282 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2012-03-27 01:42 72282 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2012-03-28 00:23 443208 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2012-03-27 01:42 443208 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
c:\documents and settings\Amanda\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Amanda\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-7-1 245760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 23:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 15:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2007-10-22 20:52 75584 ----a-w- c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 23:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/17/2008 04:11 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 04:11 PM 55024]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [11/4/2006 05:13 PM 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [11/4/2006 05:13 PM 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/28/2009 12:09 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/1/2008 02:53 AM 98304]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/20/2011 11:47 PM 218688]
R3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [11/8/2008 08:58 AM 9216]
S1 82668157;82668157;c:\windows\system32\drivers\82668157.sys [7/6/2009 06:03 PM 0]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/25/2007 09:13 PM 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 04:11 PM 7408]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/1/2008 02:54 AM 14976]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Amanda\Application Data\Mozilla\Firefox\Profiles\x8v8k2j8.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 22:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,d3,9d,e7,9b,08,da,43,a0,8f,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,d3,9d,e7,9b,08,da,43,a0,8f,b7,\
.
[HKEY_USERS\S-1-5-21-2776097877-1824206826-302293271-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,f3,04,3b,59,f0,d3,51,70,c4,4c,7f,37,47,d4,21,7c,09,27,d1,e9,b0,87,
f9,ae,c9,b9,cf,22,70,46,bb,50,bf,7b,8e,37,b1,10,b8,9a,be,f2,33,65,28,f6,f0,\
"??"=hex:f4,9d,d7,7c,bf,d2,b6,a0,55,4e,c9,16,1e,a9,d0,f5
.
[HKEY_USERS\S-1-5-21-2776097877-1824206826-302293271-1006\Software\SecuROM\License information*]
"datasecu"=hex:5b,02,fe,53,66,74,77,b3,f0,26,b0,82,ca,e2,f9,a1,65,3b,88,da,a1,
4e,4f,76,49,2d,b3,20,4a,f3,f0,8b,41,dc,7d,eb,ce,7b,3b,f4,91,86,27,f8,2c,bc,\
"rkeysecu"=hex:fa,1a,0f,a1,4b,1c,6c,a5,2c,f0,ce,25,01,b6,e9,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\documents and settings\Amanda\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-27 22:39:17
ComboFix-quarantined-files.txt 2012-03-28 05:39
ComboFix2.txt 2012-03-27 03:26
.
Pre-Run: 16,237,326,336 bytes free
Post-Run: 16,482,205,696 bytes free
.
- - End Of File - - 369AD7FE0B32205A0CC2C2A3E017B394

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 28 March 2012 - 02:05 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 28 March 2012 - 10:39 PM

Hi Gringo. Malwarebytes gave no indication of finding anything and I have not noticed any symptoms. Here are the mbam and hijack logs.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Amanda :: TURTLE [administrator]

3/28/2012 07:14:10
mbam-log-2012-03-28 (19-14-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204553
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:36:54, on 3/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SWSC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Amanda\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1298328211603
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265869276170
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7232 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 28 March 2012 - 10:58 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
      O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Amanda\Application Data\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 29 March 2012 - 09:10 AM

Here are my Eset Online Scanner results:

C:\Documents and Settings\Amanda\My Documents\My Games\Call of Duty 4\call_of_duty_4_crackfix_and_keygen-razor1911.tar Win32/Keygen.DK application
C:\Program Files\Inspiration 8 Trial\patch.exe a variant of Win32/Keygen.CS application
C:\Qoobox\Quarantine\C\Documents and Settings\Amanda\Local Settings\Application Data\mfcUserServ\usbnetmm.dll.vir a variant of Win32/Sefnit.BN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\27.03.2012_17.16.45\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan
F:\Programs\Scott Programs\DVD-R\content creation\Macromedia.StudioMX.zip a variant of Win32/Keygen.AQ application
F:\Programs\Scott Programs\DVD-R\util\CloneCD v4.2.0.2.zip probably a variant of Win32/IRCBot.BVAJEYN trojan
F:\Programs\Scott Programs\DVD-R\util\NeoMonitor_2.0.zip Win32/Tool.TPE.A application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 29 March 2012 - 11:52 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Amanda\My Documents\My Games\Call of Duty 4\call_of_duty_4_crackfix_and_keygen-razor1911.tar"
    del /f /s /q "C:\Program Files\Inspiration 8 Trial\patch.exe"
    del /f /s /q "F:\Programs\Scott Programs\DVD-R\content creation\Macromedia.StudioMX.zip"
    del /f /s /q "F:\Programs\Scott Programs\DVD-R\util\CloneCD v4.2.0.2.zip"
    del /f /s /q "F:\Programs\Scott Programs\DVD-R\util\NeoMonitor_2.0.zip"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tanstaaffl

tanstaaffl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 30 March 2012 - 07:06 PM

Thank you very much for your help Gringo. I do have one question. You mentioned that these final steps would reset System Restore and create a new restore point. Which step did that because I want to make sure this happens?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users