Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus called vipsearch.net


  • Please log in to reply
5 replies to this topic

#1 07crv

07crv

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 11 April 2012 - 04:57 PM

Hello,

First off, thanks for taking the time to review my question. I have this virus called vipsearch on my desktop. Everytime that I go to google and click on a link it would redirect me to the vipsearch link. I have tried several free malware & spyware programs and nothing has worked. It has been a very fustrating thing, I hope that there is somebody that can help, and again thanks for your time.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 PM

Posted 11 April 2012 - 06:12 PM

Hello and welocome... Please do these..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Mext run MBAM... if you already have then update and rerun and post the log.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 07crv

07crv
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 11 April 2012 - 09:58 PM

thanks for your quick response, and here is what you asked for in order:

MiniToolBox by Farbar Version: 18-01-2012
Ran by HP_Administrator (administrator) on 11-04-2012 at 22:26:15
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


94.63.147.16 www.google.com
94.63.147.17 www.bing.com


========================= IP Configuration: ================================

3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) = Local Area Connection 2 (Disconnected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Saysouly

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-15-F2-92-D2-96

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 74.132.178.3

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 74.132.176.1

DHCP Server . . . . . . . . . . . : 74.128.18.194

DNS Servers . . . . . . . . . . . : 74.128.19.102

74.128.17.114

Lease Obtained. . . . . . . . . . : Wednesday, April 11, 2012 9:02:56 AM

Lease Expires . . . . . . . . . . : Thursday, April 26, 2012 9:02:56 AM

Server: cache2.insightbb.com
Address: 74.128.19.102

Name: google.com
Addresses: 173.194.68.102, 173.194.68.113, 173.194.68.138, 173.194.68.139
173.194.68.100, 173.194.68.101



Pinging google.com [173.194.68.139] with 32 bytes of data:



Reply from 173.194.68.139: bytes=32 time=48ms TTL=45

Reply from 173.194.68.139: bytes=32 time=57ms TTL=45



Ping statistics for 173.194.68.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 57ms, Average = 52ms

Server: cache2.insightbb.com
Address: 74.128.19.102

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=75ms TTL=50

Reply from 72.30.38.140: bytes=32 time=124ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 124ms, Average = 99ms

Server: cache2.insightbb.com
Address: 74.128.19.102

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 92 d2 96 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 74.132.176.1 74.132.178.3 20
74.132.176.0 255.255.252.0 74.132.178.3 74.132.178.3 20
74.132.178.3 255.255.255.255 127.0.0.1 127.0.0.1 20
74.255.255.255 255.255.255.255 74.132.178.3 74.132.178.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 74.132.178.3 74.132.178.3 20
224.0.0.0 240.0.0.0 74.132.178.3 74.132.178.3 20
255.255.255.255 255.255.255.255 74.132.178.3 74.132.178.3 1
Default Gateway: 74.132.176.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/11/2012 07:19:50 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:18:19 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:17:49 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:16:29 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:13:53 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:13:05 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:07:29 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/11/2012 07:06:17 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Error: (04/11/2012 07:05:02 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.

Error: (04/11/2012 07:02:14 PM) (Source: MsiInstaller) (User: HP_Administrator)HP_Administrator
Description: Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.


System errors:
=============
Error: (04/11/2012 03:01:39 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error: (04/09/2012 11:39:46 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error: (04/09/2012 00:04:37 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error: (04/08/2012 10:00:49 AM) (Source: DCOM) (User: HP_Administrator)
Description: The server {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} did not register with DCOM within the required timeout.

Error: (04/08/2012 10:00:18 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (04/08/2012 09:16:29 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (04/08/2012 09:16:27 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

Error: (04/07/2012 11:53:53 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

Error: (04/07/2012 04:47:04 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.

Error: (04/07/2012 03:01:57 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.


Microsoft Office Sessions:
=========================
Error: (04/11/2012 07:19:50 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:18:19 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:17:49 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:16:29 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:13:53 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:13:05 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:07:29 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:06:17 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:05:02 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (04/11/2012 07:02:14 PM) (Source: MsiInstaller)(User: HP_Administrator)HP_Administrator
Description: Product: PhotoGallery -- Error 1706.No valid source could be found for product PhotoGallery. The Windows Installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel (Version: 6.14.10.5166)
ATI Display Driver (Version: 8.17-050813a1-025991C-HP)
Barnyard Invasion from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm (Version: 130.0.331.000)
ccCommon (Version: 103.5.0.90)
CCleaner (Version: 3.17)
Chuzzle Deluxe from HP Media Center (remove only)
Citrix online plug-in - web (Version: 12.1.44.1)
Citrix online plug-in (DV) (Version: 12.1.44.1)
Citrix online plug-in (HDX) (Version: 12.1.44.1)
Citrix online plug-in (USB) (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
Copy (Version: 130.0.366.000)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
cp_LightScribeConfig (Version: 53.0.24.000)
cp_LightScribePlugin (Version: 53.0.24.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
Crystal Maze from HP Media Center (remove only)
CueTour (Version: 53.0.13.000)
Data Fax SoftModem with SmartCP
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000)
DocProc (Version: 5.2.0.0)
F4400 (Version: 130.0.448.000)
Family Feud (Version: 10/24/2005 10:21 AM)
FATE from HP Media Center (remove only)
GemMaster Mystic
Google Toolbar for Internet Explorer
GPBaseService2 (Version: 130.0.371.000)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
H&R Block Kentucky 2011 (Version: 1.11.2601)
HiJackThis (Version: 1.0.0)
HP Boot Optimizer (Version: 2.0.5.1)
HP Customer Participation Program 13.0 (Version: 13.0)
HP DigitalMedia Archive (Version: 1.2)
HP Game Console and games
HP Image Zone 5.3 (Version: 5.3)
HP Image Zone for Media Center PC
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Multimedia Keyboard Software
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HpSdpAppCoreApp (Version: 3.00.0000)
hpWLPGInstaller (Version: 130.0.303.000)
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 53.0.13.000)
InterVideo WinDVD Player (Version: 5.0-B11.896)
iTunes (Version: 10.5.1.42)
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1 (Version: 1.4.52.1)
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Compact Framework 2.0 SP1 (Version: 2.0.6129)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Money 2005 (Version: 14)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
muvee autoProducer 4.5 (Version: 4.50.050)
muvee autoProducer unPlugged 1.2 (Version: 1.20.100)
Netscape Browser (remove only)
Norton Internet Security (Version: 8.3.0.5)
Otto
PanoStandAlone (Version: 53.0.13.000)
PC-Doctor 5 for Windows (Version: 5.00.3187.03)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PhotoGallery (Version: 53.0.13.000)
Picasa 3 (Version: 3.8)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.1.29)
QuickTime (Version: 7.70.80.34)
RandMap (Version: 53.0.13.000)
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan (Version: 140.0.80.000)
ScannerCopy (Version: 5.2.0.0)
SCRABBLE from HP Media Center (remove only)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1 (Version: 53.0.13.000)
Slingo Deluxe from HP Media Center (remove only)
SmartWebPrinting (Version: 130.0.373.000)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter (Version: 130.0.373.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.4)
Sonic RecordNow Copy (Version: 2.0.4)
Sonic RecordNow Data (Version: 2.0.4)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 53.0.13.000)
Status (Version: 130.0.373.000)
Super Granny from HP Media Center (remove only)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.3.1.0)
Toolbox (Version: 130.0.648.000)
Tradewinds from HP Media Center (remove only)
TrayApp (Version: 130.0.376.000)
Trend Micro Titanium Internet Security (Version: 3.1.1109)
Trend Micro™ Titanium™ Internet Security (Version: 3.00)
TurboTax 2010
TurboTax 2010 winiper (Version: 010.000.1284)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wkyiper (Version: 010.000.1269)
TurboTax 2010 wrapper (Version: 010.000.0157)
Unload (Version: 5.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Updates from HP (remove only)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Media Format Runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 24.5.2012)
XML Paper Specification Shared Components Pack 1.0
Zuma Deluxe from HP Media Center (remove only)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 958.48 MB
Available physical RAM: 468.7 MB
Total Pagefile: 2312.96 MB
Available Pagefile: 1718.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.38 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.37 GB) (Free:152.12 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.5 GB) (Free:1.15 GB) FAT32

========================= Users: ========================================

User accounts for \\SAYSOULY

Administrator ASPNET Guest
HelpAssistant HP_Administrator SUPPORT_388945a0
SUPPORT_fddfa904


**** End of log ****


22:29:21.0421 0944 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:29:22.0343 0944 ============================================================
22:29:22.0343 0944 Current date / time: 2012/04/11 22:29:22.0343
22:29:22.0343 0944 SystemInfo:
22:29:22.0343 0944
22:29:22.0343 0944 OS Version: 5.1.2600 ServicePack: 3.0
22:29:22.0343 0944 Product type: Workstation
22:29:22.0343 0944 ComputerName: SAYSOULY
22:29:22.0343 0944 UserName: HP_Administrator
22:29:22.0343 0944 Windows directory: C:\WINDOWS
22:29:22.0343 0944 System windows directory: C:\WINDOWS
22:29:22.0343 0944 Processor architecture: Intel x86
22:29:22.0343 0944 Number of processors: 1
22:29:22.0343 0944 Page size: 0x1000
22:29:22.0343 0944 Boot type: Normal boot
22:29:22.0343 0944 ============================================================
22:29:24.0156 0944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:29:24.0234 0944 \Device\Harddisk0\DR0:
22:29:24.0234 0944 MBR used
22:29:24.0234 0944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
22:29:24.0234 0944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x1C0BAF29
22:29:24.0281 0944 Initialize success
22:29:24.0281 0944 ============================================================
22:29:35.0859 3864 ============================================================
22:29:35.0859 3864 Scan started
22:29:35.0859 3864 Mode: Manual;
22:29:35.0859 3864 ============================================================
22:29:36.0265 3864 Abiosdsk - ok
22:29:36.0296 3864 abp480n5 - ok
22:29:36.0375 3864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:29:36.0375 3864 ACPI - ok
22:29:36.0421 3864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:29:36.0437 3864 ACPIEC - ok
22:29:36.0453 3864 adpu160m - ok
22:29:36.0500 3864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:29:36.0500 3864 aec - ok
22:29:36.0578 3864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:29:36.0656 3864 AFD - ok
22:29:36.0671 3864 Aha154x - ok
22:29:36.0687 3864 aic78u2 - ok
22:29:36.0703 3864 aic78xx - ok
22:29:36.0890 3864 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:29:37.0046 3864 ALCXWDM - ok
22:29:37.0093 3864 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:29:37.0093 3864 Alerter - ok
22:29:37.0140 3864 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:29:37.0140 3864 ALG - ok
22:29:37.0156 3864 AliIde - ok
22:29:37.0171 3864 amsint - ok
22:29:37.0406 3864 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:29:37.0421 3864 Amsp - ok
22:29:37.0609 3864 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:29:37.0609 3864 Apple Mobile Device - ok
22:29:37.0781 3864 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:29:37.0796 3864 AppMgmt - ok
22:29:37.0937 3864 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
22:29:37.0937 3864 aracpi - ok
22:29:38.0000 3864 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
22:29:38.0031 3864 arhidfltr - ok
22:29:38.0062 3864 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
22:29:38.0062 3864 arkbcfltr - ok
22:29:38.0078 3864 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
22:29:38.0078 3864 armoucfltr - ok
22:29:38.0156 3864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:29:38.0171 3864 Arp1394 - ok
22:29:38.0187 3864 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
22:29:38.0187 3864 ARPolicy - ok
22:29:38.0250 3864 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
22:29:38.0375 3864 ARSVC - ok
22:29:38.0390 3864 asc - ok
22:29:38.0406 3864 asc3350p - ok
22:29:38.0421 3864 asc3550 - ok
22:29:38.0625 3864 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:29:38.0656 3864 aspnet_state - ok
22:29:38.0875 3864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:29:38.0875 3864 AsyncMac - ok
22:29:39.0000 3864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:29:39.0000 3864 atapi - ok
22:29:39.0015 3864 Atdisk - ok
22:29:39.0093 3864 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
22:29:39.0109 3864 Ati HotKey Poller - ok
22:29:39.0218 3864 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:29:39.0281 3864 ati2mtag - ok
22:29:39.0312 3864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:29:39.0312 3864 Atmarpc - ok
22:29:39.0375 3864 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:29:39.0375 3864 AudioSrv - ok
22:29:39.0453 3864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:29:39.0453 3864 audstub - ok
22:29:39.0500 3864 AVGIDSShim - ok
22:29:39.0515 3864 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
22:29:39.0515 3864 bb-run - ok
22:29:39.0562 3864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:29:39.0562 3864 Beep - ok
22:29:39.0593 3864 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:29:39.0687 3864 BITS - ok
22:29:39.0875 3864 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:29:39.0890 3864 Bonjour Service - ok
22:29:39.0968 3864 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:29:39.0968 3864 Browser - ok
22:29:39.0984 3864 catchme - ok
22:29:40.0140 3864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:29:40.0140 3864 cbidf2k - ok
22:29:40.0312 3864 ccEvtMgr (dfdc3b9ba65377b0711403a868dc27c8) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
22:29:40.0312 3864 ccEvtMgr - ok
22:29:40.0343 3864 ccPwdSvc (6360c7009b54e51b72823df684dbdb4f) c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
22:29:40.0359 3864 ccPwdSvc - ok
22:29:40.0390 3864 ccSetMgr (f7f0ac93c31458d44064bbe29aa42347) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
22:29:40.0390 3864 ccSetMgr - ok
22:29:40.0484 3864 cd20xrnt - ok
22:29:40.0500 3864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:29:40.0515 3864 Cdaudio - ok
22:29:40.0578 3864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:29:40.0593 3864 Cdfs - ok
22:29:40.0609 3864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:29:40.0609 3864 Cdrom - ok
22:29:40.0625 3864 Changer - ok
22:29:40.0703 3864 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:29:40.0703 3864 CiSvc - ok
22:29:40.0750 3864 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:29:40.0765 3864 ClipSrv - ok
22:29:40.0890 3864 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:29:40.0984 3864 clr_optimization_v2.0.50727_32 - ok
22:29:41.0000 3864 CmdIde - ok
22:29:41.0015 3864 COMSysApp - ok
22:29:41.0031 3864 Cpqarray - ok
22:29:41.0078 3864 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:29:41.0093 3864 CryptSvc - ok
22:29:41.0156 3864 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
22:29:41.0156 3864 ctxusbm - ok
22:29:41.0265 3864 dac2w2k - ok
22:29:41.0281 3864 dac960nt - ok
22:29:41.0343 3864 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:29:41.0359 3864 DcomLaunch - ok
22:29:41.0421 3864 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:29:41.0421 3864 Dhcp - ok
22:29:41.0562 3864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:29:41.0562 3864 Disk - ok
22:29:41.0578 3864 dmadmin - ok
22:29:41.0640 3864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:29:41.0656 3864 dmboot - ok
22:29:41.0703 3864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:29:41.0703 3864 dmio - ok
22:29:41.0750 3864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:29:41.0750 3864 dmload - ok
22:29:41.0796 3864 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:29:41.0796 3864 dmserver - ok
22:29:41.0875 3864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:29:41.0875 3864 DMusic - ok
22:29:41.0953 3864 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:29:41.0953 3864 Dnscache - ok
22:29:42.0015 3864 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:29:42.0015 3864 Dot3svc - ok
22:29:42.0031 3864 dpti2o - ok
22:29:42.0078 3864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:29:42.0078 3864 drmkaud - ok
22:29:42.0125 3864 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:29:42.0140 3864 EapHost - ok
22:29:42.0250 3864 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
22:29:42.0250 3864 ehRecvr - ok
22:29:42.0406 3864 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:29:42.0406 3864 ehSched - ok
22:29:42.0468 3864 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:29:42.0468 3864 EL90XBC - ok
22:29:42.0500 3864 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:29:42.0500 3864 ERSvc - ok
22:29:42.0546 3864 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:29:42.0546 3864 Eventlog - ok
22:29:42.0640 3864 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:29:42.0656 3864 EventSystem - ok
22:29:42.0781 3864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:29:42.0796 3864 Fastfat - ok
22:29:42.0875 3864 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:42.0875 3864 FastUserSwitchingCompatibility - ok
22:29:42.0953 3864 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:29:42.0953 3864 Fax - ok
22:29:43.0031 3864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:29:43.0031 3864 Fdc - ok
22:29:43.0109 3864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:29:43.0109 3864 Fips - ok
22:29:43.0125 3864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:29:43.0125 3864 Flpydisk - ok
22:29:43.0203 3864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:29:43.0203 3864 FltMgr - ok
22:29:43.0421 3864 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:29:43.0421 3864 FontCache3.0.0.0 - ok
22:29:43.0437 3864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:29:43.0437 3864 Fs_Rec - ok
22:29:43.0484 3864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:29:43.0484 3864 Ftdisk - ok
22:29:43.0515 3864 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
22:29:43.0515 3864 ftsata2 - ok
22:29:43.0578 3864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:29:43.0578 3864 GEARAspiWDM - ok
22:29:43.0718 3864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:29:43.0718 3864 Gpc - ok
22:29:43.0875 3864 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:29:43.0906 3864 gusvc - ok
22:29:44.0046 3864 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:29:44.0046 3864 helpsvc - ok
22:29:44.0093 3864 HidServ - ok
22:29:44.0156 3864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:29:44.0156 3864 HidUsb - ok
22:29:44.0218 3864 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:29:44.0218 3864 hkmsvc - ok
22:29:44.0234 3864 hpn - ok
22:29:44.0281 3864 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:29:44.0296 3864 HPZid412 - ok
22:29:44.0343 3864 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:29:44.0343 3864 HPZipr12 - ok
22:29:44.0390 3864 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:29:44.0390 3864 HPZius12 - ok
22:29:44.0437 3864 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:29:44.0453 3864 HSFHWBS2 - ok
22:29:44.0515 3864 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:29:44.0546 3864 HSF_DP - ok
22:29:44.0625 3864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:29:44.0625 3864 HTTP - ok
22:29:44.0734 3864 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:29:44.0734 3864 HTTPFilter - ok
22:29:44.0750 3864 i2omgmt - ok
22:29:44.0765 3864 i2omp - ok
22:29:44.0812 3864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:29:44.0812 3864 i8042prt - ok
22:29:44.0921 3864 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:29:44.0953 3864 iaStor - ok
22:29:45.0187 3864 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:29:45.0218 3864 idsvc - ok
22:29:45.0296 3864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:29:45.0296 3864 Imapi - ok
22:29:45.0375 3864 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:29:45.0375 3864 ImapiService - ok
22:29:45.0406 3864 ini910u - ok
22:29:45.0421 3864 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:29:45.0421 3864 IntelIde - ok
22:29:45.0468 3864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:29:45.0468 3864 intelppm - ok
22:29:45.0703 3864 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:29:45.0703 3864 IntuitUpdateService - ok
22:29:45.0750 3864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:29:45.0750 3864 Ip6Fw - ok
22:29:45.0843 3864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:29:45.0843 3864 IpFilterDriver - ok
22:29:45.0875 3864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:29:45.0875 3864 IpInIp - ok
22:29:45.0921 3864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:29:45.0921 3864 IpNat - ok
22:29:46.0015 3864 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
22:29:46.0046 3864 iPod Service - ok
22:29:46.0171 3864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:29:46.0171 3864 IPSec - ok
22:29:46.0218 3864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:29:46.0218 3864 IRENUM - ok
22:29:46.0265 3864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:29:46.0265 3864 isapnp - ok
22:29:46.0281 3864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:29:46.0281 3864 Kbdclass - ok
22:29:46.0359 3864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:29:46.0359 3864 kbdhid - ok
22:29:46.0468 3864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:29:46.0468 3864 kmixer - ok
22:29:46.0515 3864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:29:46.0515 3864 KSecDD - ok
22:29:46.0578 3864 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:29:46.0578 3864 lanmanserver - ok
22:29:46.0640 3864 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:29:46.0656 3864 lanmanworkstation - ok
22:29:46.0671 3864 lbrtfdc - ok
22:29:46.0765 3864 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:29:46.0765 3864 LmHosts - ok
22:29:46.0953 3864 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:29:46.0953 3864 McrdSvc - ok
22:29:47.0187 3864 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:29:47.0203 3864 MDM - ok
22:29:47.0265 3864 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:29:47.0265 3864 mdmxsdk - ok
22:29:47.0312 3864 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:29:47.0312 3864 Messenger - ok
22:29:47.0343 3864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:29:47.0343 3864 mnmdd - ok
22:29:47.0437 3864 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:29:47.0437 3864 mnmsrvc - ok
22:29:47.0484 3864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:29:47.0484 3864 Modem - ok
22:29:47.0531 3864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:29:47.0531 3864 Mouclass - ok
22:29:47.0546 3864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:29:47.0562 3864 mouhid - ok
22:29:47.0671 3864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:29:47.0671 3864 MountMgr - ok
22:29:47.0687 3864 mraid35x - ok
22:29:47.0718 3864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:29:47.0718 3864 MRxDAV - ok
22:29:47.0796 3864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:29:47.0812 3864 MRxSmb - ok
22:29:47.0859 3864 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:29:47.0859 3864 MSDTC - ok
22:29:47.0906 3864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:29:47.0906 3864 Msfs - ok
22:29:47.0921 3864 MSIServer - ok
22:29:47.0968 3864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:29:47.0968 3864 MSKSSRV - ok
22:29:48.0093 3864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:29:48.0093 3864 MSPCLOCK - ok
22:29:48.0109 3864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:29:48.0109 3864 MSPQM - ok
22:29:48.0203 3864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:29:48.0203 3864 mssmbios - ok
22:29:48.0281 3864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:29:48.0281 3864 Mup - ok
22:29:48.0343 3864 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:29:48.0359 3864 napagent - ok
22:29:48.0406 3864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:29:48.0406 3864 NDIS - ok
22:29:48.0468 3864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:29:48.0468 3864 NdisTapi - ok
22:29:48.0531 3864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:29:48.0531 3864 Ndisuio - ok
22:29:48.0546 3864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:29:48.0562 3864 NdisWan - ok
22:29:48.0593 3864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:29:48.0593 3864 NDProxy - ok
22:29:48.0609 3864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:29:48.0609 3864 NetBIOS - ok
22:29:48.0671 3864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:29:48.0671 3864 NetBT - ok
22:29:48.0718 3864 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:29:48.0718 3864 NetDDE - ok
22:29:48.0734 3864 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:29:48.0734 3864 NetDDEdsdm - ok
22:29:48.0781 3864 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:48.0796 3864 Netlogon - ok
22:29:48.0859 3864 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:29:48.0859 3864 Netman - ok
22:29:49.0078 3864 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:29:49.0078 3864 NetTcpPortSharing - ok
22:29:49.0156 3864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:29:49.0156 3864 NIC1394 - ok
22:29:49.0250 3864 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:29:49.0250 3864 Nla - ok
22:29:49.0312 3864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:29:49.0312 3864 Npfs - ok
22:29:49.0390 3864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:29:49.0406 3864 Ntfs - ok
22:29:49.0453 3864 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:49.0453 3864 NtLmSsp - ok
22:29:49.0500 3864 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:29:49.0515 3864 NtmsSvc - ok
22:29:49.0578 3864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:29:49.0578 3864 Null - ok
22:29:49.0625 3864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:29:49.0625 3864 NwlnkFlt - ok
22:29:49.0656 3864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:29:49.0656 3864 NwlnkFwd - ok
22:29:49.0687 3864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:29:49.0687 3864 ohci1394 - ok
22:29:49.0750 3864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:29:49.0750 3864 Parport - ok
22:29:49.0765 3864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:29:49.0781 3864 PartMgr - ok
22:29:49.0828 3864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:29:49.0828 3864 ParVdm - ok
22:29:49.0875 3864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:29:49.0875 3864 PCI - ok
22:29:49.0890 3864 PCIDump - ok
22:29:49.0906 3864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:29:49.0906 3864 PCIIde - ok
22:29:49.0953 3864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:29:49.0953 3864 Pcmcia - ok
22:29:50.0015 3864 PDCOMP - ok
22:29:50.0031 3864 PDFRAME - ok
22:29:50.0046 3864 PDRELI - ok
22:29:50.0062 3864 PDRFRAME - ok
22:29:50.0078 3864 perc2 - ok
22:29:50.0093 3864 perc2hib - ok
22:29:50.0171 3864 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:29:50.0187 3864 PlugPlay - ok
22:29:50.0234 3864 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:50.0234 3864 PolicyAgent - ok
22:29:50.0281 3864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:29:50.0281 3864 PptpMiniport - ok
22:29:50.0312 3864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:29:50.0312 3864 Processor - ok
22:29:50.0328 3864 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:50.0328 3864 ProtectedStorage - ok
22:29:50.0406 3864 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
22:29:50.0406 3864 Ps2 - ok
22:29:50.0453 3864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:29:50.0453 3864 PSched - ok
22:29:50.0468 3864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:29:50.0468 3864 Ptilink - ok
22:29:50.0484 3864 ql1080 - ok
22:29:50.0500 3864 Ql10wnt - ok
22:29:50.0515 3864 ql12160 - ok
22:29:50.0531 3864 ql1240 - ok
22:29:50.0546 3864 ql1280 - ok
22:29:50.0578 3864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:29:50.0578 3864 RasAcd - ok
22:29:50.0593 3864 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:29:50.0609 3864 RasAuto - ok
22:29:50.0625 3864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:29:50.0625 3864 Rasl2tp - ok
22:29:50.0687 3864 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:29:50.0687 3864 RasMan - ok
22:29:50.0750 3864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:29:50.0765 3864 RasPppoe - ok
22:29:50.0796 3864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:29:50.0796 3864 Raspti - ok
22:29:50.0843 3864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:29:50.0859 3864 Rdbss - ok
22:29:50.0875 3864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:29:50.0875 3864 RDPCDD - ok
22:29:50.0968 3864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:29:50.0968 3864 rdpdr - ok
22:29:51.0046 3864 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:29:51.0046 3864 RDPWD - ok
22:29:51.0093 3864 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:29:51.0093 3864 RDSessMgr - ok
22:29:51.0109 3864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:29:51.0109 3864 redbook - ok
22:29:51.0156 3864 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:29:51.0156 3864 RemoteAccess - ok
22:29:51.0234 3864 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:29:51.0234 3864 RemoteRegistry - ok
22:29:51.0250 3864 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:29:51.0250 3864 RpcLocator - ok
22:29:51.0343 3864 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:29:51.0343 3864 RpcSs - ok
22:29:51.0421 3864 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:29:51.0421 3864 RSVP - ok
22:29:51.0515 3864 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
22:29:51.0515 3864 RTL8023xp - ok
22:29:51.0593 3864 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:29:51.0593 3864 rtl8139 - ok
22:29:51.0640 3864 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:29:51.0640 3864 SamSs - ok
22:29:51.0671 3864 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:29:51.0671 3864 SCardSvr - ok
22:29:51.0750 3864 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:29:51.0750 3864 Schedule - ok
22:29:51.0812 3864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:29:51.0812 3864 Secdrv - ok
22:29:51.0875 3864 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:29:51.0875 3864 seclogon - ok
22:29:51.0890 3864 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:29:51.0890 3864 SENS - ok
22:29:51.0968 3864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:29:51.0968 3864 Serial - ok
22:29:52.0031 3864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:29:52.0031 3864 Sfloppy - ok
22:29:52.0093 3864 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:29:52.0093 3864 SharedAccess - ok
22:29:52.0171 3864 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:52.0171 3864 ShellHWDetection - ok
22:29:52.0250 3864 Simbad - ok
22:29:52.0281 3864 Sparrow - ok
22:29:52.0296 3864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:29:52.0296 3864 splitter - ok
22:29:52.0343 3864 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:29:52.0343 3864 Spooler - ok
22:29:52.0437 3864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:29:52.0453 3864 sr - ok
22:29:52.0468 3864 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:29:52.0484 3864 srservice - ok
22:29:52.0578 3864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:29:52.0578 3864 Srv - ok
22:29:52.0656 3864 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:29:52.0656 3864 SSDPSRV - ok
22:29:52.0734 3864 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:29:52.0750 3864 stisvc - ok
22:29:52.0781 3864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:29:52.0781 3864 swenum - ok
22:29:52.0859 3864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:29:52.0859 3864 swmidi - ok
22:29:52.0859 3864 SwPrv - ok
22:29:52.0906 3864 symc810 - ok
22:29:52.0921 3864 symc8xx - ok
22:29:53.0015 3864 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
22:29:53.0093 3864 SymEvent - ok
22:29:53.0125 3864 sym_hi - ok
22:29:53.0140 3864 sym_u3 - ok
22:29:53.0156 3864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:29:53.0156 3864 sysaudio - ok
22:29:53.0218 3864 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:29:53.0218 3864 SysmonLog - ok
22:29:53.0250 3864 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:29:53.0265 3864 TapiSrv - ok
22:29:53.0406 3864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:29:53.0437 3864 Tcpip - ok
22:29:53.0515 3864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:29:53.0515 3864 TDPIPE - ok
22:29:53.0546 3864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:29:53.0546 3864 TDTCP - ok
22:29:53.0578 3864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:29:53.0578 3864 TermDD - ok
22:29:53.0625 3864 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:29:53.0640 3864 TermService - ok
22:29:53.0734 3864 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:29:53.0734 3864 Themes - ok
22:29:53.0796 3864 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:29:53.0796 3864 TlntSvr - ok
22:29:53.0875 3864 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
22:29:53.0875 3864 tmactmon - ok
22:29:53.0906 3864 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
22:29:53.0906 3864 tmcomm - ok
22:29:53.0937 3864 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
22:29:53.0937 3864 tmevtmgr - ok
22:29:53.0968 3864 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:29:53.0968 3864 tmtdi - ok
22:29:53.0984 3864 TosIde - ok
22:29:54.0062 3864 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:29:54.0062 3864 TrkWks - ok
22:29:54.0171 3864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:29:54.0171 3864 Udfs - ok
22:29:54.0187 3864 ultra - ok
22:29:54.0250 3864 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
22:29:54.0250 3864 UMWdf - ok
22:29:54.0328 3864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:29:54.0359 3864 Update - ok
22:29:54.0421 3864 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:29:54.0421 3864 upnphost - ok
22:29:54.0437 3864 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:29:54.0453 3864 UPS - ok
22:29:54.0562 3864 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:29:54.0562 3864 USBAAPL - ok
22:29:54.0640 3864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:29:54.0640 3864 usbccgp - ok
22:29:54.0671 3864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:29:54.0671 3864 usbehci - ok
22:29:54.0687 3864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:29:54.0687 3864 usbhub - ok
22:29:54.0718 3864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:29:54.0718 3864 usbohci - ok
22:29:54.0765 3864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:29:54.0765 3864 usbprint - ok
22:29:54.0812 3864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:29:54.0812 3864 usbscan - ok
22:29:54.0843 3864 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:29:54.0843 3864 usbstor - ok
22:29:54.0890 3864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:29:54.0890 3864 usbuhci - ok
22:29:54.0921 3864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:29:54.0921 3864 VgaSave - ok
22:29:54.0968 3864 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:29:54.0968 3864 ViaIde - ok
22:29:54.0984 3864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:29:54.0984 3864 VolSnap - ok
22:29:55.0062 3864 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:29:55.0062 3864 VSS - ok
22:29:55.0156 3864 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:29:55.0171 3864 W32Time - ok
22:29:55.0218 3864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:29:55.0218 3864 Wanarp - ok
22:29:55.0250 3864 WDICA - ok
22:29:55.0265 3864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:29:55.0265 3864 wdmaud - ok
22:29:55.0296 3864 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:29:55.0296 3864 WebClient - ok
22:29:55.0375 3864 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:29:55.0390 3864 winachsf - ok
22:29:55.0562 3864 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:29:55.0562 3864 winmgmt - ok
22:29:55.0640 3864 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
22:29:55.0656 3864 WmdmPmSN - ok
22:29:55.0718 3864 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:29:55.0750 3864 Wmi - ok
22:29:55.0781 3864 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:29:55.0781 3864 WmiApSrv - ok
22:29:55.0890 3864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:29:55.0890 3864 WS2IFSL - ok
22:29:55.0953 3864 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:29:55.0953 3864 wscsvc - ok
22:29:55.0984 3864 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:29:55.0984 3864 wuauserv - ok
22:29:56.0125 3864 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:29:56.0156 3864 WZCSVC - ok
22:29:56.0218 3864 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:29:56.0218 3864 xmlprov - ok
22:29:56.0265 3864 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
22:29:56.0328 3864 \Device\Harddisk0\DR0 - ok
22:29:56.0328 3864 Boot (0x1200) (2d2623d9176bfc2c620c261a29f7960e) \Device\Harddisk0\DR0\Partition0
22:29:56.0328 3864 \Device\Harddisk0\DR0\Partition0 - ok
22:29:56.0343 3864 Boot (0x1200) (7b5be41a32e2bdce00cd29b3d1d0f6fb) \Device\Harddisk0\DR0\Partition1
22:29:56.0343 3864 \Device\Harddisk0\DR0\Partition1 - ok
22:29:56.0343 3864 ============================================================
22:29:56.0343 3864 Scan finished
22:29:56.0343 3864 ============================================================
22:29:56.0359 3612 Detected object count: 0
22:29:56.0359 3612 Actual detected object count: 0
22:33:49.0187 5192 Deinitialize success


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: SAYSOULY [administrator]

4/11/2012 10:37:40 PM
mbam-log-2012-04-11 (22-37-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254372
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 PM

Posted 12 April 2012 - 02:23 PM

Let me know if it stops after this.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.


I see 2 Antivirus apps,Norton and Trend are they both active?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 07crv

07crv
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 12 April 2012 - 04:32 PM

PC seems fine for the time I was on it. I would like to tell boopme how much I appreciate has time in helping me.To answer your question Norton is not active but Trend is.And again thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:42 PM

Posted 12 April 2012 - 08:20 PM

You're welcome and the thanks are appreciated.

As its outdated,uninstall the AVG. You're not using it and if you ever do may as well get the latest. NOTE: having 2 AV's active will cause problems.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users