Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting


  • This topic is locked This topic is locked
15 replies to this topic

#1 WeGotSunshine

WeGotSunshine

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 26 April 2012 - 08:56 PM

Hi, i am a computer technician and i got a problem with my client PC.

I've ran several scans with avg, did a combofix and internet explorer still want to redirect but it doesnt go trough, it goes back to the previous search on google.
I've got a combofix log and an hijackthis log for you.

thank you very much.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 26 April 2012 - 11:45 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 30 April 2012 - 02:54 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 April 2012 - 12:22 PM

Yes i still need help, im at my client home at the moment and i am trying to figure out how to fix this.

So security check gave me this log

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

AVG 2012
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 21
Java version out of date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Andre at 13:14:42 on 2012-04-30
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2550.1825 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.decisionplus.com/fr/home/A
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cayocococuba.net\www
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273010392093
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{50A24291-5176-483F-A171-90D8FB076CC9} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-3-14 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 avgfws;Pare-feu AVG;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-16 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
.
=============== Created Last 30 ================
.
2012-04-26 22:06:20 -------- d-sha-r- C:\cmdcons
2012-04-26 22:00:55 98816 ----a-w- c:\windows\sed.exe
2012-04-26 22:00:55 518144 ----a-w- c:\windows\SWREG.exe
2012-04-26 22:00:55 256000 ----a-w- c:\windows\PEV.exe
2012-04-26 22:00:55 208896 ----a-w- c:\windows\MBR.exe
2012-04-26 21:59:29 -------- d-----w- C:\ComboFix
2012-04-26 21:45:08 388096 ----a-r- c:\documents and settings\andre\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-26 21:45:07 -------- d-----w- c:\program files\Trend Micro
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00:23 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:27 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:27 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-20 18:34:57 2404 ----a-w- c:\windows\system32\ASOROSet.bin
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:58:01 1860224 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:21:26,82 ===============





attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-05-04 17:31:31
System Uptime: 2012-04-30 12:59:05 (1 hours ago)
.
Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1729/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 30,856 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 53 GiB total, 50,846 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: 4500 G510n-z,192.168.0.102
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP451: 2012-01-06 16:52:53 - Point de vérification système
RP452: 2012-01-07 18:19:49 - Point de vérification système
RP453: 2012-01-09 11:34:34 - Point de vérification système
RP454: 2012-01-10 12:13:09 - Point de vérification système
RP455: 2012-01-11 12:59:40 - Point de vérification système
RP456: 2012-01-12 07:56:29 - Software Distribution Service 3.0
RP457: 2012-01-13 09:06:33 - Point de vérification système
RP458: 2012-01-28 10:26:37 - Avg Update
RP459: 2012-01-28 10:29:11 - Avg Update
RP460: 2012-01-29 09:59:16 - Software Distribution Service 3.0
RP461: 2012-01-30 11:34:12 - Point de vérification système
RP462: 2012-01-31 12:31:21 - Point de vérification système
RP463: 2012-02-02 10:31:19 - Installé AVG 2012
RP464: 2012-02-02 10:33:12 - Removed AVG Free 9.0
RP465: 2012-02-02 10:37:16 - Installé AVG 2012
RP466: 2012-02-03 12:42:20 - Point de vérification système
RP467: 2012-02-04 16:31:07 - Point de vérification système
RP468: 2012-02-06 14:12:40 - Point de vérification système
RP469: 2012-02-08 14:06:39 - Point de vérification système
RP470: 2012-02-11 09:57:05 - Point de vérification système
RP471: 2012-02-12 13:05:35 - Point de vérification système
RP472: 2012-02-14 10:29:05 - Point de vérification système
RP473: 2012-02-15 10:57:59 - Software Distribution Service 3.0
RP474: 2012-02-16 08:02:45 - Software Distribution Service 3.0
RP475: 2012-02-17 08:38:32 - Point de vérification système
RP476: 2012-02-20 12:34:05 - RegClean Pro lun., févr. 20, 12 12:34
RP477: 2012-02-21 13:30:41 - Point de vérification système
RP478: 2012-02-23 12:44:53 - Point de vérification système
RP479: 2012-02-25 17:18:12 - Point de vérification système
RP480: 2012-02-28 14:49:30 - Point de vérification système
RP481: 2012-03-01 09:39:02 - Software Distribution Service 3.0
RP482: 2012-03-01 11:00:33 - Installed Ad-Aware
RP483: 2012-03-01 11:22:32 - Installed Ad-Aware
RP484: 2012-03-02 16:04:24 - Point de vérification système
RP485: 2012-03-05 12:42:23 - Point de vérification système
RP486: 2012-03-06 18:17:24 - Point de vérification système
RP487: 2012-03-07 19:49:18 - Point de vérification système
RP488: 2012-03-09 12:28:08 - Point de vérification système
RP489: 2012-03-12 10:56:40 - Point de vérification système
RP490: 2012-03-14 09:05:20 - Point de vérification système
RP491: 2012-03-15 15:30:41 - Installed Microsoft Fix it 50267
RP492: 2012-03-16 18:45:06 - Point de vérification système
RP493: 2012-03-19 10:01:45 - Point de vérification système
RP494: 2012-03-20 10:09:35 - Point de vérification système
RP495: 2012-03-21 10:10:15 - Point de vérification système
RP496: 2012-03-26 11:15:54 - Point de vérification système
RP497: 2012-03-26 13:28:26 - Supprimé Clié Favorites
RP498: 2012-03-26 13:34:49 - Installé Palm Desktop
RP499: 2012-03-26 13:36:59 - Installé Clié Favorites
RP500: 2012-03-28 09:10:52 - Point de vérification système
RP501: 2012-03-29 13:36:41 - Point de vérification système
RP502: 2012-04-02 10:55:12 - Point de vérification système
RP503: 2012-04-16 15:59:00 - Software Distribution Service 3.0
RP504: 2012-04-26 17:45:06 - Installed HiJackThis
RP505: 2012-04-26 20:36:58 - 26 avril 2012 denis technicien
RP506: 2012-04-26 21:20:16 - Opération de restauration
RP507: 2012-04-26 21:26:34 - Removed Ad-Aware
RP508: 2012-04-26 21:32:03 - Opération de restauration
RP509: 2012-04-26 21:37:31 - Opération de restauration
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
ACDSee (version d’évaluation)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) - Français
Aide à Distance DecisionPlus
AVG 2012
BufferChm
CCleaner
Clié Favorites
Destinations
DeviceDiscovery
Disque de souvenirs HP
DocMgr
DocProc
DVD Suite
FamilySearch Indexing 3.7.10
Fax
Free Download Manager 3.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HiJackThis
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
hp officejet 6100 series
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
InterActual Player
Java Auto Updater
Java™ 6 Update 21
Lecteur Windows Media 11
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Marketvisionplus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC100_CRT_SP1_x86
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2530548)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2559049)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2586448)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2647516)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2675157)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2621440)
Mise à jour de sécurité pour Windows XP (KB2641653)
Mise à jour de sécurité pour Windows XP (KB2647518)
Mise à jour de sécurité pour Windows XP (KB2653956)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows Internet Explorer 8 (KB980302)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Nero 7 Essentials
neroxml
Network
Nokia Connectivity Cable Driver
Nokia Suite
OCR Software by I.R.I.S. 13.0
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Palm Desktop
Panda ActiveScan 2.0
PC Connectivity Solution
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp officejet 6100 series
PhotoFiltre
Picasa 3
PowerDVD
PowerProducer
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SnagIt 5
SolutionCenter
Status
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TraderPlus
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
2012-04-30 13:00:15, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd
2012-04-26 21:37:25, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd
2012-04-26 21:31:55, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Lbd
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 30 April 2012 - 12:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 April 2012 - 01:40 PM

well ive downloaded the 2 tools that you gave me but when i double click the icons nothing happens.. anything i can do to fix this?

#7 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 April 2012 - 02:21 PM

never mind thank you i got it to work by rebooting, tho the virus that i got deleted every links in the startup menu of windows so i lost everything and i'd like to get it back. I tried a recovery but it said that it couldnt completed.

now i am currently runninG an aswMBR scan and then ill post the result aslong as skypersky tool.

#8 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 30 April 2012 - 02:39 PM

15:04:24.0796 2352 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:04:26.0812 2352 ============================================================
15:04:26.0812 2352 Current date / time: 2012/04/30 15:04:26.0812
15:04:26.0812 2352 SystemInfo:
15:04:26.0812 2352
15:04:26.0812 2352 OS Version: 5.1.2600 ServicePack: 3.0
15:04:26.0812 2352 Product type: Workstation
15:04:26.0812 2352 ComputerName: HOME-D6E5C60543
15:04:26.0812 2352 UserName: Andre
15:04:26.0812 2352 Windows directory: C:\WINDOWS
15:04:26.0812 2352 System windows directory: C:\WINDOWS
15:04:26.0812 2352 Processor architecture: Intel x86
15:04:26.0812 2352 Number of processors: 2
15:04:26.0812 2352 Page size: 0x1000
15:04:26.0812 2352 Boot type: Normal boot
15:04:26.0812 2352 ============================================================
15:04:40.0671 2352 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:04:40.0703 2352 Drive \Device\Harddisk1\DR4 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:04:40.0718 2352 ============================================================
15:04:40.0718 2352 \Device\Harddisk0\DR0:
15:04:41.0031 2352 MBR partitions:
15:04:41.0031 2352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
15:04:41.0031 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304A1, BlocksNum 0x6A30353
15:04:41.0031 2352 \Device\Harddisk1\DR4:
15:04:41.0031 2352 MBR partitions:
15:04:41.0031 2352 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE86E00
15:04:41.0031 2352 ============================================================
15:04:41.0343 2352 C: <-> \Device\Harddisk0\DR0\Partition0
15:04:41.0578 2352 E: <-> \Device\Harddisk0\DR0\Partition1
15:04:41.0578 2352 ============================================================
15:04:41.0578 2352 Initialize success
15:04:41.0578 2352 ============================================================
15:26:42.0906 2168 ============================================================
15:26:42.0906 2168 Scan started
15:26:42.0906 2168 Mode: Manual;
15:26:42.0906 2168 ============================================================
15:26:45.0203 2168 Abiosdsk - ok
15:26:45.0218 2168 abp480n5 - ok
15:26:45.0437 2168 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:45.0546 2168 ACPI - ok
15:26:45.0578 2168 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:26:45.0578 2168 ACPIEC - ok
15:26:45.0593 2168 adpu160m - ok
15:26:45.0640 2168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:26:45.0656 2168 aec - ok
15:26:45.0734 2168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:26:45.0734 2168 AFD - ok
15:26:45.0812 2168 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
15:26:45.0812 2168 AFS2K - ok
15:26:46.0203 2168 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:26:46.0281 2168 AgereSoftModem - ok
15:26:46.0296 2168 Aha154x - ok
15:26:46.0312 2168 aic78u2 - ok
15:26:46.0312 2168 aic78xx - ok
15:26:46.0359 2168 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
15:26:46.0359 2168 Alerter - ok
15:26:46.0437 2168 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
15:26:46.0453 2168 ALG - ok
15:26:46.0453 2168 AliIde - ok
15:26:46.0468 2168 amsint - ok
15:26:46.0578 2168 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
15:26:46.0578 2168 AppMgmt - ok
15:26:46.0625 2168 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:26:46.0625 2168 Arp1394 - ok
15:26:46.0640 2168 asc - ok
15:26:46.0656 2168 asc3350p - ok
15:26:46.0656 2168 asc3550 - ok
15:26:46.0718 2168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:46.0718 2168 AsyncMac - ok
15:26:46.0765 2168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:46.0765 2168 atapi - ok
15:26:46.0781 2168 Atdisk - ok
15:26:46.0906 2168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:46.0906 2168 Atmarpc - ok
15:26:47.0000 2168 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
15:26:47.0000 2168 AudioSrv - ok
15:26:47.0078 2168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:47.0109 2168 audstub - ok
15:26:47.0234 2168 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
15:26:47.0234 2168 Avgfwdx - ok
15:26:47.0265 2168 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
15:26:47.0265 2168 Avgfwfd - ok
15:26:48.0015 2168 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files\AVG\AVG2012\avgfws.exe
15:26:48.0437 2168 avgfws - ok
15:26:49.0734 2168 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:26:50.0375 2168 AVGIDSAgent - ok
15:26:50.0828 2168 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:26:50.0843 2168 AVGIDSDriver - ok
15:26:50.0890 2168 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:26:50.0890 2168 AVGIDSEH - ok
15:26:50.0968 2168 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:26:50.0968 2168 AVGIDSFilter - ok
15:26:51.0000 2168 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:26:51.0000 2168 AVGIDSShim - ok
15:26:51.0140 2168 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:26:51.0140 2168 Avgldx86 - ok
15:26:51.0171 2168 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:26:51.0171 2168 Avgmfx86 - ok
15:26:51.0218 2168 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:26:51.0218 2168 Avgrkx86 - ok
15:26:51.0359 2168 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:26:51.0390 2168 Avgtdix - ok
15:26:51.0640 2168 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:26:51.0656 2168 avgwd - ok
15:26:51.0765 2168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:26:51.0765 2168 Beep - ok
15:26:51.0859 2168 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
15:26:51.0890 2168 BITS - ok
15:26:51.0921 2168 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
15:26:51.0921 2168 Browser - ok
15:26:52.0078 2168 catchme - ok
15:26:52.0156 2168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:26:52.0156 2168 cbidf2k - ok
15:26:52.0187 2168 cd20xrnt - ok
15:26:52.0265 2168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:26:52.0265 2168 Cdaudio - ok
15:26:52.0296 2168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:52.0296 2168 Cdfs - ok
15:26:52.0390 2168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:52.0406 2168 Cdrom - ok
15:26:52.0421 2168 Changer - ok
15:26:52.0453 2168 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
15:26:52.0453 2168 CiSvc - ok
15:26:52.0484 2168 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
15:26:52.0484 2168 ClipSrv - ok
15:26:53.0015 2168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:53.0015 2168 clr_optimization_v4.0.30319_32 - ok
15:26:53.0062 2168 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:26:53.0062 2168 CmBatt - ok
15:26:53.0062 2168 CmdIde - ok
15:26:53.0109 2168 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:26:53.0109 2168 Compbatt - ok
15:26:53.0125 2168 COMSysApp - ok
15:26:53.0140 2168 Cpqarray - ok
15:26:53.0250 2168 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
15:26:53.0250 2168 CryptSvc - ok
15:26:53.0265 2168 dac2w2k - ok
15:26:53.0281 2168 dac960nt - ok
15:26:53.0375 2168 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
15:26:53.0375 2168 DcomLaunch - ok
15:26:53.0515 2168 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
15:26:53.0515 2168 Dhcp - ok
15:26:53.0593 2168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:53.0593 2168 Disk - ok
15:26:53.0609 2168 dmadmin - ok
15:26:53.0734 2168 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
15:26:53.0750 2168 dmboot - ok
15:26:53.0875 2168 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
15:26:53.0875 2168 dmio - ok
15:26:53.0921 2168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:26:53.0921 2168 dmload - ok
15:26:54.0015 2168 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
15:26:54.0015 2168 dmserver - ok
15:26:54.0046 2168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:26:54.0046 2168 DMusic - ok
15:26:54.0125 2168 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
15:26:54.0125 2168 Dnscache - ok
15:26:54.0328 2168 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
15:26:54.0343 2168 Dot3svc - ok
15:26:54.0343 2168 dpti2o - ok
15:26:54.0359 2168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:26:54.0359 2168 drmkaud - ok
15:26:54.0484 2168 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:26:54.0484 2168 E100B - ok
15:26:54.0593 2168 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
15:26:54.0593 2168 EapHost - ok
15:26:54.0656 2168 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
15:26:54.0656 2168 ERSvc - ok
15:26:54.0765 2168 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
15:26:54.0796 2168 Eventlog - ok
15:26:54.0890 2168 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
15:26:54.0890 2168 EventSystem - ok
15:26:55.0000 2168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:55.0000 2168 Fastfat - ok
15:26:55.0062 2168 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
15:26:55.0062 2168 FastUserSwitchingCompatibility - ok
15:26:55.0187 2168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:26:55.0187 2168 Fdc - ok
15:26:55.0265 2168 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
15:26:55.0281 2168 Fips - ok
15:26:55.0312 2168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:26:55.0312 2168 Flpydisk - ok
15:26:55.0359 2168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:26:55.0359 2168 FltMgr - ok
15:26:55.0421 2168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:55.0421 2168 Fs_Rec - ok
15:26:55.0468 2168 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:55.0468 2168 Ftdisk - ok
15:26:55.0531 2168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:55.0531 2168 Gpc - ok
15:26:55.0781 2168 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:55.0828 2168 gupdate - ok
15:26:55.0843 2168 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:55.0843 2168 gupdatem - ok
15:26:55.0968 2168 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:26:55.0968 2168 gusvc - ok
15:26:56.0046 2168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:26:56.0046 2168 HDAudBus - ok
15:26:56.0187 2168 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:26:56.0187 2168 helpsvc - ok
15:26:56.0203 2168 HidServ - ok
15:26:56.0265 2168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:56.0265 2168 HidUsb - ok
15:26:56.0343 2168 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
15:26:56.0359 2168 hkmsvc - ok
15:26:56.0359 2168 hpn - ok
15:26:56.0625 2168 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
15:26:56.0625 2168 hpqcxs08 - ok
15:26:56.0718 2168 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
15:26:56.0734 2168 hpqddsvc - ok
15:26:56.0812 2168 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
15:26:56.0875 2168 HPSLPSVC - ok
15:26:56.0968 2168 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:26:56.0968 2168 HPZid412 - ok
15:26:57.0000 2168 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:26:57.0000 2168 HPZipr12 - ok
15:26:57.0062 2168 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:26:57.0078 2168 HPZius12 - ok
15:26:57.0234 2168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:57.0265 2168 HTTP - ok
15:26:57.0312 2168 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
15:26:57.0312 2168 HTTPFilter - ok
15:26:57.0328 2168 i2omgmt - ok
15:26:57.0343 2168 i2omp - ok
15:26:57.0437 2168 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:57.0437 2168 i8042prt - ok
15:26:57.0750 2168 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:26:58.0015 2168 ialm - ok
15:26:58.0125 2168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:58.0125 2168 Imapi - ok
15:26:58.0187 2168 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
15:26:58.0187 2168 ImapiService - ok
15:26:58.0312 2168 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
15:26:58.0312 2168 InCDfs - ok
15:26:58.0375 2168 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
15:26:58.0375 2168 InCDPass - ok
15:26:58.0406 2168 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
15:26:58.0437 2168 InCDrec - ok
15:26:58.0468 2168 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys
15:26:58.0468 2168 incdrm - ok
15:26:58.0968 2168 InCDsrv (c773d093d5c18765e71c7992aee051a2) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
15:26:59.0015 2168 InCDsrv - ok
15:26:59.0187 2168 ini910u - ok
15:26:59.0750 2168 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:27:00.0562 2168 IntcAzAudAddService - ok
15:27:00.0765 2168 IntelIde - ok
15:27:00.0875 2168 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:27:00.0906 2168 intelppm - ok
15:27:00.0968 2168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:27:00.0984 2168 Ip6Fw - ok
15:27:01.0062 2168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:27:01.0078 2168 IpFilterDriver - ok
15:27:01.0250 2168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:27:01.0250 2168 IpInIp - ok
15:27:01.0296 2168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:01.0296 2168 IpNat - ok
15:27:01.0406 2168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:01.0453 2168 IPSec - ok
15:27:01.0500 2168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:01.0500 2168 IRENUM - ok
15:27:01.0546 2168 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:01.0546 2168 isapnp - ok
15:27:01.0578 2168 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys
15:27:01.0578 2168 ivusb - ok
15:27:01.0906 2168 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:27:01.0906 2168 JavaQuickStarterService - ok
15:27:01.0937 2168 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:01.0953 2168 Kbdclass - ok
15:27:02.0015 2168 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:27:02.0015 2168 kbdhid - ok
15:27:02.0140 2168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:27:02.0156 2168 kmixer - ok
15:27:02.0250 2168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:02.0250 2168 KSecDD - ok
15:27:02.0406 2168 lanmanserver (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
15:27:02.0406 2168 lanmanserver - ok
15:27:02.0593 2168 lanmanworkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
15:27:02.0593 2168 lanmanworkstation - ok
15:27:02.0609 2168 Lavasoft Kernexplorer - ok
15:27:02.0609 2168 Lbd - ok
15:27:02.0625 2168 lbrtfdc - ok
15:27:02.0734 2168 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
15:27:02.0734 2168 LmHosts - ok
15:27:02.0765 2168 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
15:27:02.0765 2168 Messenger - ok
15:27:02.0796 2168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:02.0796 2168 mnmdd - ok
15:27:02.0906 2168 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
15:27:02.0921 2168 mnmsrvc - ok
15:27:02.0968 2168 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
15:27:02.0968 2168 Modem - ok
15:27:03.0000 2168 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:03.0000 2168 Mouclass - ok
15:27:03.0109 2168 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:03.0125 2168 mouhid - ok
15:27:03.0171 2168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:03.0171 2168 MountMgr - ok
15:27:03.0187 2168 mraid35x - ok
15:27:03.0203 2168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:03.0203 2168 MRxDAV - ok
15:27:03.0375 2168 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:03.0406 2168 MRxSmb - ok
15:27:03.0484 2168 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
15:27:03.0484 2168 MSDTC - ok
15:27:03.0562 2168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:27:03.0578 2168 Msfs - ok
15:27:03.0578 2168 MSIServer - ok
15:27:03.0609 2168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:03.0625 2168 MSKSSRV - ok
15:27:03.0734 2168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:03.0734 2168 MSPCLOCK - ok
15:27:03.0765 2168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:03.0765 2168 MSPQM - ok
15:27:03.0796 2168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:03.0796 2168 mssmbios - ok
15:27:03.0875 2168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:27:03.0875 2168 Mup - ok
15:27:03.0968 2168 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
15:27:03.0984 2168 napagent - ok
15:27:04.0265 2168 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:27:04.0281 2168 NBService - ok
15:27:04.0671 2168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:27:04.0671 2168 NDIS - ok
15:27:04.0765 2168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:04.0765 2168 NdisTapi - ok
15:27:04.0875 2168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:04.0875 2168 Ndisuio - ok
15:27:04.0968 2168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:04.0984 2168 NdisWan - ok
15:27:05.0031 2168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:05.0046 2168 NDProxy - ok
15:27:05.0171 2168 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
15:27:05.0171 2168 Net Driver HPZ12 - ok
15:27:05.0250 2168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:05.0250 2168 NetBIOS - ok
15:27:05.0296 2168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:05.0296 2168 NetBT - ok
15:27:05.0406 2168 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
15:27:05.0421 2168 NetDDE - ok
15:27:05.0421 2168 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
15:27:05.0437 2168 NetDDEdsdm - ok
15:27:05.0468 2168 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
15:27:05.0468 2168 Netlogon - ok
15:27:05.0562 2168 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
15:27:05.0562 2168 Netman - ok
15:27:06.0015 2168 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
15:27:06.0093 2168 NETw3x32 - ok
15:27:06.0531 2168 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:27:06.0531 2168 NIC1394 - ok
15:27:06.0687 2168 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
15:27:06.0687 2168 Nla - ok
15:27:06.0843 2168 NMIndexingService (e584d6668e6a3923ff32e026a5ed2a03) C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
15:27:06.0843 2168 NMIndexingService - ok
15:27:06.0937 2168 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
15:27:06.0937 2168 nmwcd - ok
15:27:07.0000 2168 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
15:27:07.0000 2168 nmwcdc - ok
15:27:07.0046 2168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:27:07.0046 2168 Npfs - ok
15:27:07.0156 2168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:07.0171 2168 Ntfs - ok
15:27:07.0218 2168 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
15:27:07.0218 2168 NtLmSsp - ok
15:27:07.0296 2168 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
15:27:07.0296 2168 NtmsSvc - ok
15:27:07.0343 2168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:27:07.0359 2168 Null - ok
15:27:07.0421 2168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:27:07.0421 2168 NwlnkFlt - ok
15:27:07.0437 2168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:27:07.0453 2168 NwlnkFwd - ok
15:27:07.0500 2168 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:27:07.0500 2168 ohci1394 - ok
15:27:07.0609 2168 PalmUSBD (7238442742146a64fac40fa0f9afd491) C:\WINDOWS\system32\drivers\PalmUSBD.sys
15:27:07.0656 2168 PalmUSBD - ok
15:27:07.0765 2168 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
15:27:07.0765 2168 Parport - ok
15:27:07.0812 2168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:07.0812 2168 PartMgr - ok
15:27:07.0843 2168 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
15:27:07.0843 2168 ParVdm - ok
15:27:07.0968 2168 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
15:27:07.0984 2168 pavboot - ok
15:27:08.0031 2168 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:27:08.0046 2168 pccsmcfd - ok
15:27:08.0062 2168 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:08.0062 2168 PCI - ok
15:27:08.0078 2168 PCIDump - ok
15:27:08.0125 2168 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:27:08.0156 2168 PCIIde - ok
15:27:08.0234 2168 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:27:08.0234 2168 Pcmcia - ok
15:27:08.0250 2168 PDCOMP - ok
15:27:08.0250 2168 PDFRAME - ok
15:27:08.0250 2168 PDRELI - ok
15:27:08.0265 2168 PDRFRAME - ok
15:27:08.0281 2168 perc2 - ok
15:27:08.0296 2168 perc2hib - ok
15:27:08.0390 2168 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
15:27:08.0390 2168 PlugPlay - ok
15:27:08.0468 2168 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
15:27:08.0468 2168 Pml Driver HPZ12 - ok
15:27:08.0484 2168 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
15:27:08.0484 2168 PolicyAgent - ok
15:27:08.0562 2168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:08.0562 2168 PptpMiniport - ok
15:27:08.0578 2168 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
15:27:08.0578 2168 ProtectedStorage - ok
15:27:08.0656 2168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:08.0703 2168 PSched - ok
15:27:08.0765 2168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:08.0765 2168 Ptilink - ok
15:27:08.0781 2168 ql1080 - ok
15:27:08.0781 2168 Ql10wnt - ok
15:27:08.0796 2168 ql12160 - ok
15:27:08.0796 2168 ql1240 - ok
15:27:08.0828 2168 ql1280 - ok
15:27:08.0875 2168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:08.0875 2168 RasAcd - ok
15:27:09.0437 2168 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
15:27:09.0453 2168 RasAuto - ok
15:27:09.0703 2168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:09.0703 2168 Rasl2tp - ok
15:27:09.0750 2168 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
15:27:09.0765 2168 RasMan - ok
15:27:09.0828 2168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:09.0843 2168 RasPppoe - ok
15:27:09.0859 2168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:09.0859 2168 Raspti - ok
15:27:09.0906 2168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:09.0906 2168 Rdbss - ok
15:27:09.0968 2168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:09.0984 2168 RDPCDD - ok
15:27:10.0125 2168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:10.0125 2168 rdpdr - ok
15:27:10.0218 2168 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:10.0218 2168 RDPWD - ok
15:27:10.0390 2168 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
15:27:10.0390 2168 RDSessMgr - ok
15:27:10.0421 2168 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:10.0421 2168 redbook - ok
15:27:10.0500 2168 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
15:27:10.0500 2168 RemoteAccess - ok
15:27:10.0625 2168 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
15:27:10.0625 2168 RemoteRegistry - ok
15:27:10.0671 2168 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:27:10.0671 2168 Revoflt - ok
15:27:10.0875 2168 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:27:10.0890 2168 RichVideo - ok
15:27:10.0937 2168 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
15:27:10.0937 2168 RpcLocator - ok
15:27:11.0156 2168 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\System32\rpcss.dll
15:27:11.0171 2168 RpcSs - ok
15:27:11.0328 2168 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
15:27:11.0359 2168 RSVP - ok
15:27:11.0484 2168 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
15:27:11.0484 2168 SamSs - ok
15:27:11.0593 2168 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
15:27:11.0593 2168 SCardSvr - ok
15:27:11.0671 2168 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
15:27:11.0671 2168 Schedule - ok
15:27:11.0750 2168 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:27:11.0750 2168 sdbus - ok
15:27:11.0781 2168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:11.0781 2168 Secdrv - ok
15:27:11.0843 2168 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
15:27:11.0859 2168 seclogon - ok
15:27:11.0890 2168 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
15:27:11.0906 2168 SENS - ok
15:27:11.0953 2168 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
15:27:11.0968 2168 Serial - ok
15:27:12.0343 2168 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:27:12.0406 2168 ServiceLayer - ok
15:27:12.0468 2168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:12.0484 2168 Sfloppy - ok
15:27:12.0640 2168 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
15:27:12.0671 2168 SharedAccess - ok
15:27:12.0781 2168 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
15:27:12.0781 2168 ShellHWDetection - ok
15:27:12.0812 2168 Simbad - ok
15:27:12.0875 2168 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:27:12.0890 2168 SONYPVU1 - ok
15:27:12.0906 2168 Sparrow - ok
15:27:13.0000 2168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:27:13.0000 2168 splitter - ok
15:27:13.0062 2168 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:27:13.0062 2168 Spooler - ok
15:27:13.0140 2168 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:13.0140 2168 sr - ok
15:27:13.0187 2168 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
15:27:13.0203 2168 srservice - ok
15:27:13.0625 2168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:13.0640 2168 Srv - ok
15:27:13.0718 2168 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
15:27:13.0734 2168 SSDPSRV - ok
15:27:13.0765 2168 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:27:13.0781 2168 StillCam - ok
15:27:13.0843 2168 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
15:27:13.0843 2168 stisvc - ok
15:27:13.0984 2168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:13.0984 2168 swenum - ok
15:27:14.0062 2168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:27:14.0062 2168 swmidi - ok
15:27:14.0078 2168 SwPrv - ok
15:27:14.0093 2168 symc810 - ok
15:27:14.0109 2168 symc8xx - ok
15:27:14.0125 2168 sym_hi - ok
15:27:14.0140 2168 sym_u3 - ok
15:27:14.0171 2168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:14.0171 2168 sysaudio - ok
15:27:14.0265 2168 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
15:27:14.0296 2168 SysmonLog - ok
15:27:14.0406 2168 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
15:27:14.0515 2168 TapiSrv - ok
15:27:14.0609 2168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:14.0609 2168 Tcpip - ok
15:27:14.0703 2168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:14.0718 2168 TDPIPE - ok
15:27:14.0781 2168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:14.0781 2168 TDTCP - ok
15:27:14.0875 2168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:14.0890 2168 TermDD - ok
15:27:15.0140 2168 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
15:27:15.0156 2168 TermService - ok
15:27:15.0234 2168 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
15:27:15.0234 2168 Themes - ok
15:27:15.0515 2168 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
15:27:15.0531 2168 tifm21 - ok
15:27:15.0656 2168 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
15:27:15.0656 2168 TlntSvr - ok
15:27:15.0671 2168 TosIde - ok
15:27:15.0812 2168 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
15:27:15.0812 2168 TrkWks - ok
15:27:15.0859 2168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:27:15.0859 2168 Udfs - ok
15:27:15.0890 2168 ultra - ok
15:27:16.0140 2168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:27:16.0156 2168 Update - ok
15:27:16.0250 2168 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
15:27:16.0250 2168 upnphost - ok
15:27:16.0296 2168 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
15:27:16.0296 2168 upperdev - ok
15:27:16.0359 2168 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
15:27:16.0375 2168 UPS - ok
15:27:16.0406 2168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:16.0421 2168 usbccgp - ok
15:27:16.0609 2168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:16.0609 2168 usbehci - ok
15:27:16.0765 2168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:16.0765 2168 usbhub - ok
15:27:16.0828 2168 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:27:16.0828 2168 usbprint - ok
15:27:16.0875 2168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:16.0890 2168 usbscan - ok
15:27:16.0921 2168 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
15:27:16.0921 2168 usbser - ok
15:27:16.0984 2168 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
15:27:17.0000 2168 UsbserFilt - ok
15:27:17.0062 2168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:17.0062 2168 USBSTOR - ok
15:27:17.0140 2168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:17.0140 2168 usbuhci - ok
15:27:17.0156 2168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:27:17.0171 2168 VgaSave - ok
15:27:17.0171 2168 ViaIde - ok
15:27:17.0203 2168 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
15:27:17.0203 2168 VolSnap - ok
15:27:17.0453 2168 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
15:27:17.0468 2168 VSS - ok
15:27:17.0609 2168 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
15:27:17.0609 2168 W32Time - ok
15:27:17.0656 2168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:17.0656 2168 Wanarp - ok
15:27:17.0750 2168 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:27:17.0750 2168 Wdf01000 - ok
15:27:17.0765 2168 WDICA - ok
15:27:17.0828 2168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:17.0828 2168 wdmaud - ok
15:27:17.0875 2168 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
15:27:17.0890 2168 WebClient - ok
15:27:17.0984 2168 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:27:17.0984 2168 winmgmt - ok
15:27:18.0093 2168 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:27:18.0093 2168 WmdmPmSN - ok
15:27:18.0281 2168 Wmi (31c1fd0bbdc5b81c21edba4331edae55) C:\WINDOWS\System32\advapi32.dll
15:27:18.0296 2168 Wmi - ok
15:27:18.0421 2168 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:27:18.0421 2168 WmiApSrv - ok
15:27:18.0890 2168 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:27:18.0968 2168 WMPNetworkSvc - ok
15:27:19.0187 2168 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:27:19.0187 2168 WpdUsb - ok
15:27:20.0406 2168 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:27:20.0531 2168 WPFFontCache_v0400 - ok
15:27:20.0578 2168 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:27:20.0578 2168 WS2IFSL - ok
15:27:20.0687 2168 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
15:27:20.0687 2168 wscsvc - ok
15:27:20.0718 2168 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
15:27:20.0734 2168 wuauserv - ok
15:27:20.0843 2168 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:27:20.0859 2168 WudfPf - ok
15:27:20.0906 2168 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:27:20.0906 2168 WudfRd - ok
15:27:20.0953 2168 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:27:20.0953 2168 WudfSvc - ok
15:27:21.0062 2168 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
15:27:21.0156 2168 WZCSVC - ok
15:27:21.0265 2168 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
15:27:21.0281 2168 xmlprov - ok
15:27:21.0312 2168 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
15:27:23.0859 2168 \Device\Harddisk0\DR0 - ok
15:27:23.0921 2168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
15:27:27.0718 2168 \Device\Harddisk1\DR4 - ok
15:27:27.0750 2168 Boot (0x1200) (4bb7a2287cb3e94d84b7b73118ce80d0) \Device\Harddisk0\DR0\Partition0
15:27:27.0781 2168 \Device\Harddisk0\DR0\Partition0 - ok
15:27:27.0828 2168 Boot (0x1200) (378d3b8ad855010cb187999d44e42d47) \Device\Harddisk0\DR0\Partition1
15:27:27.0828 2168 \Device\Harddisk0\DR0\Partition1 - ok
15:27:27.0843 2168 Boot (0x1200) (1ddfc255e6a519f9a322bb6377ddc286) \Device\Harddisk1\DR4\Partition0
15:27:27.0843 2168 \Device\Harddisk1\DR4\Partition0 - ok
15:27:27.0859 2168 ============================================================
15:27:27.0859 2168 Scan finished
15:27:27.0859 2168 ============================================================
15:27:27.0921 3080 Detected object count: 0
15:27:27.0953 3080 Actual detected object count: 0
15:28:04.0093 2820 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 30 April 2012 - 03:18 PM

Hello


I would like you to run this first to see if they are hidden - http://download.bleepingcomputer.com/grinler/unhide.exe



Now I would like you to run this next to replace the defualt folders in the start menu

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe - XP


If running unhide did not work then the shortcuts are going to have to be remade

Using Avast as an example it can be done this way

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast


Let me have the aswMBR report when it is complete



gringo

Edited by gringo_pr, 30 April 2012 - 03:18 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 01 May 2012 - 11:53 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 15:33:50
-----------------------------
15:33:50.765 OS Version: Windows 5.1.2600 Service Pack 3
15:33:50.765 Number of processors: 2 586 0xE08
15:33:50.765 ComputerName: HOME-D6E5C60543 UserName: Andre
15:33:51.390 Initialize success
15:34:06.250 AVAST engine defs: 12043001
15:34:10.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:10.750 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
15:34:10.812 Disk 0 MBR read successfully
15:34:10.812 Disk 0 MBR scan
15:34:10.843 Disk 0 Windows XP default MBR code
15:34:10.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
15:34:10.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 54368 MB offset 122881185
15:34:10.921 Disk 0 scanning sectors +234432500
15:34:11.140 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:01.484 Service scanning
15:35:22.625 Modules scanning
15:36:05.281 Disk 0 trace - called modules:
15:36:05.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:36:05.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df1ab8]
15:36:05.328 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000082[0x89e80030]
15:36:05.328 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e8d030]
15:36:06.078 AVAST engine scan C:\
16:50:16.078 File: C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\aefecdct.exe.vir **INFECTED** Win32:Alureon-ATA [Trj]
16:50:28.312 File: C:\Qoobox\Quarantine\C\Documents and Settings\Andre\Application Data\dplaysvr.exe.vir **INFECTED** Win32:Kryptik-IKZ [Trj]
19:18:09.296 File: C:\Program Files\SUPERAntiSpyware\BootSafe.exe **HIDDEN**
19:18:19.781 File: C:\Program Files\SUPERAntiSpyware\msvcr71.dll **HIDDEN**
19:18:21.281 File: C:\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll **HIDDEN**
19:18:22.296 File: C:\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll **HIDDEN**
19:18:23.312 File: C:\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll **HIDDEN**
19:18:24.953 File: C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE **HIDDEN**
19:18:25.843 File: C:\Program Files\SUPERAntiSpyware\SASCore.exe **HIDDEN**
19:18:26.765 File: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL **HIDDEN**
19:18:27.656 File: C:\Program Files\SUPERAntiSpyware\sasdifsv.sys **HIDDEN**
19:18:28.515 File: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS **HIDDEN**
19:18:29.703 File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL **HIDDEN**
19:18:30.546 File: C:\Program Files\SUPERAntiSpyware\SASTask.exe **HIDDEN**
19:18:31.734 File: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL **HIDDEN**
19:18:33.125 File: C:\Program Files\SUPERAntiSpyware\SSUpdate.exe **HIDDEN**
19:18:36.609 File: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe **HIDDEN**
19:18:38.156 File: C:\Program Files\SUPERAntiSpyware\Uninstall.exe **HIDDEN**
19:18:39.203 Scan finished successfully
12:46:29.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andre\Bureau\MBR.dat"
12:46:29.078 The log file has been saved successfully to "C:\Documents and Settings\Andre\Bureau\aswMBR.txt"

#11 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 01 May 2012 - 12:33 PM

ComboFix 12-05-01.02 - Andre 2012-05-01 13:21:55.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2550.1883 [GMT -4:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\outils\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Andre\Bureau\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Andre\LOCALS~1\Temp\Setup00000f50\OSETUPUI.DLL
c:\documents and settings\Andre\Local Settings\Temp\Setup00000f50\OSETUPUI.DLL
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-01 au 2012-05-01 ))))))))))))))))))))))))))))))))))))
.
.
2012-05-01 17:13 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-05-01 17:13 . 2012-05-01 17:17 -------- d-----w- c:\program files\MagicDisc
2012-04-30 20:06 . 2012-04-30 20:06 -------- d-----w- c:\documents and settings\Andre\Application Data\SUPERAntiSpyware.com
2012-04-30 20:05 . 2012-04-30 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-30 20:05 . 2012-04-30 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-30 18:33 . 2012-04-30 18:33 -------- d-----w- c:\program files\Microsoft.NET
2012-04-30 18:19 . 2012-04-30 18:19 -------- d-----w- c:\program files\Fichiers communs\Java
2012-04-30 18:19 . 2012-04-30 18:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-30 18:18 . 2012-04-30 18:18 -------- d-----w- c:\program files\Java
2012-04-30 17:54 . 2012-04-30 17:54 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VS Revo Group
2012-04-30 17:53 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-04-30 17:53 . 2012-04-30 17:53 -------- d-----w- c:\program files\VS Revo Group
2012-04-30 17:32 . 2012-04-30 17:39 -------- d-----w- c:\windows\system32\DBBK
2012-04-26 21:45 . 2012-04-26 21:45 388096 ----a-r- c:\documents and settings\Andre\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-26 21:45 . 2012-04-26 21:45 -------- d-----w- c:\program files\Trend Micro
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 18:18 . 2010-05-05 00:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-02-23 18:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00 . 2004-08-05 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-05 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-05 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-05 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:58 . 2004-08-05 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-01_17.06.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-01 17:18 . 2012-05-01 17:18 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
+ 2010-02-20 21:20 . 2010-02-20 21:20 31616 c:\windows\system32\FM20ENU.DLL
+ 2012-05-01 17:14 . 2009-02-24 22:42 116736 c:\windows\system32\ReinstallBackups\0018\DriverFiles\mcdbus.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-16 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-20 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-1 576000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 22:43 69632 ------w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2011-12-21 15:26 229376 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-16 03:09 136176 ----atw- c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-29 02:55 98304 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-14 00:05 16239616 ------w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 19:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 22:04 2879488 ------w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-16 04:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-09-13 32592]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-03-14 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-07 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-07-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [2011-08-11 116608]
R2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-05-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-04 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-05-23 30944]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-03-10 24216]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-04-30 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2010-11-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8281134739.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 04:24]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 04:24]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-884357618-1801674531-1003Core.job
- c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 03:09]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-884357618-1801674531-1003UA.job
- c:\documents and settings\Andre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-16 03:09]
.
2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{72A42E62-F648-47B9-8B51-2FFCC878F891}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.decisionplus.com/fr/home/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Trusted Zone: cayocococuba.net\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 13:30
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Heure de fin: 2012-05-01 13:32:24
ComboFix-quarantined-files.txt 2012-05-01 17:32
ComboFix2.txt 2012-05-01 17:07
ComboFix3.txt 2012-04-26 23:11
.
Avant-CF: 35 208 962 048 octets libres
Après-CF: 35 067 662 336 octets libres
.
- - End Of File - - 940377BF070DF9417ED9E7BCA6D555A4

#12 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 01 May 2012 - 07:28 PM

bump for gringo pr

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 01 May 2012 - 10:57 PM

Greetings

8 hours is a very short time for a bump - I do have a real life and a job.


I need to know the status of the computer at this time


rerun aswMBR and send me the new report please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 03 May 2012 - 11:23 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:00 PM

Posted 06 May 2012 - 11:44 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users