Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bug messing with "hosts" file


  • Please log in to reply
14 replies to this topic

#1 Cruickey

Cruickey

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 03 May 2012 - 05:26 AM

Howdy people.

I am looking for some help to get rid of some nasties that have got into my computer . . . . . somewhere.

I am running Windows XP.

It all started a number of months ago, when I wasn't able to access any search engines on the internet. Each time I tried to go to a sight, would come back with "500 Internal Server Error"

Did a bit of searching on the net, using work computer and tried using a number of different antivirus programs, all of which came up with no prblems.

What ever is in my computer has then stopped me accessing many of the antivirus websites in the same way I couldn't get the search engines.

Anyway, a friend of mine suggested checking the "hosts" file on my machine. Firstly, the "hosts" file wasn't where it was supposed to be and after following instructions off the web, I was able to bring up a "note pad" version of the file. This had heaps of stuff in it that should not have been there. a common IP adress was linked to all the search engine sites as well as many antivirus sites and a heap of other stuff that I really don't understand.

As a result, I re-configured the "hosts" file as it should be.

That hasn't changed at all over the last week, but still can't access many sites.

So yesterday, my mate (who is a bit of a computer wiz - well heaps better than me) suggested I download and run "Hijackthis" and obtain a log file only for him to have a look at.

Well, all similar dodgy stuff was in this log as per the original hosts file. (have saved a copy of this log) My mate suggested I log onto this forum for some help. So here I am hoping to get some help from people out there, who are in the know.

My computer still works but I can't access numerous sites and runs very slow. I was using Explorer - until it got really slow. Moved onto Firefox - again that got really slow too and now I am using Google Chrome.

I have tried un-installing and re-installing these browsers too, without success.

So there you have it. Can someone help me get rid of whatever is messing with my LIFE???

Waiting with anticipation

Cruickey

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 03 May 2012 - 10:12 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 05 May 2012 - 12:39 AM

Thanks so much for your help.

Completed step 1 - No Threats Found. Copy of the log file below -

13:34:49.0781 13588 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:34:51.0703 13588 ============================================================
13:34:51.0703 13588 Current date / time: 2012/05/05 13:34:51.0703
13:34:51.0703 13588 SystemInfo:
13:34:51.0703 13588
13:34:51.0703 13588 OS Version: 5.1.2600 ServicePack: 3.0
13:34:51.0703 13588 Product type: Workstation
13:34:51.0703 13588 ComputerName: SN012345678912
13:34:51.0703 13588 UserName: Infocus
13:34:51.0703 13588 Windows directory: C:\WINDOWS
13:34:51.0703 13588 System windows directory: C:\WINDOWS
13:34:51.0703 13588 Processor architecture: Intel x86
13:34:51.0703 13588 Number of processors: 2
13:34:51.0703 13588 Page size: 0x1000
13:34:51.0703 13588 Boot type: Normal boot
13:34:51.0703 13588 ============================================================
13:34:55.0906 13588 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:34:55.0906 13588 ============================================================
13:34:55.0906 13588 \Device\Harddisk0\DR0:
13:34:55.0906 13588 MBR partitions:
13:34:55.0906 13588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0xD38C9F0
13:34:55.0906 13588 ============================================================
13:34:55.0968 13588 C: <-> \Device\Harddisk0\DR0\Partition0
13:34:55.0968 13588 ============================================================
13:34:55.0968 13588 Initialize success
13:34:55.0968 13588 ============================================================
13:35:29.0093 10728 ============================================================
13:35:29.0093 10728 Scan started
13:35:29.0093 10728 Mode: Manual; TDLFS;
13:35:29.0093 10728 ============================================================
13:35:30.0015 10728 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
13:35:30.0031 10728 6to4 - ok
13:35:30.0062 10728 Abiosdsk - ok
13:35:30.0140 10728 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:35:30.0234 10728 abp480n5 - ok
13:35:30.0328 10728 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:35:30.0500 10728 ACPI - ok
13:35:30.0515 10728 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:35:30.0593 10728 ACPIEC - ok
13:35:30.0718 10728 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:35:30.0750 10728 AdobeFlashPlayerUpdateSvc - ok
13:35:30.0765 10728 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:35:30.0890 10728 adpu160m - ok
13:35:30.0921 10728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:35:31.0015 10728 aec - ok
13:35:31.0078 10728 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:35:31.0093 10728 AFD - ok
13:35:31.0125 10728 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:35:31.0218 10728 agp440 - ok
13:35:31.0234 10728 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:35:31.0328 10728 agpCPQ - ok
13:35:31.0343 10728 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:35:31.0437 10728 Aha154x - ok
13:35:31.0468 10728 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:35:31.0562 10728 aic78u2 - ok
13:35:31.0578 10728 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:35:31.0687 10728 aic78xx - ok
13:35:31.0750 10728 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:35:31.0750 10728 Alerter - ok
13:35:31.0781 10728 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:35:31.0781 10728 ALG - ok
13:35:31.0796 10728 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:35:31.0890 10728 AliIde - ok
13:35:31.0906 10728 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:35:32.0000 10728 alim1541 - ok
13:35:32.0015 10728 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:35:32.0109 10728 amdagp - ok
13:35:32.0125 10728 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:35:32.0218 10728 amsint - ok
13:35:32.0250 10728 AnyDVD (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys
13:35:32.0250 10728 AnyDVD - ok
13:35:32.0390 10728 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:35:32.0406 10728 Apple Mobile Device - ok
13:35:32.0468 10728 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:35:32.0484 10728 AppMgmt - ok
13:35:32.0531 10728 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:35:32.0625 10728 Arp1394 - ok
13:35:32.0656 10728 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:35:32.0812 10728 asc - ok
13:35:32.0812 10728 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:35:32.0906 10728 asc3350p - ok
13:35:32.0921 10728 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:35:33.0015 10728 asc3550 - ok
13:35:33.0187 10728 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:35:33.0203 10728 aspnet_state - ok
13:35:33.0234 10728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:35:33.0328 10728 AsyncMac - ok
13:35:33.0359 10728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:35:33.0359 10728 atapi - ok
13:35:33.0375 10728 Atdisk - ok
13:35:33.0406 10728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:35:33.0500 10728 Atmarpc - ok
13:35:33.0562 10728 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:35:33.0562 10728 AudioSrv - ok
13:35:33.0578 10728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:35:33.0671 10728 audstub - ok
13:35:33.0718 10728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:35:33.0812 10728 Beep - ok
13:35:33.0875 10728 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:35:34.0109 10728 BITS - ok
13:35:34.0218 10728 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:35:34.0265 10728 Bonjour Service - ok
13:35:34.0296 10728 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:35:34.0296 10728 Browser - ok
13:35:34.0343 10728 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:35:34.0437 10728 BthEnum - ok
13:35:34.0468 10728 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
13:35:34.0562 10728 BTHMODEM - ok
13:35:34.0609 10728 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:35:34.0703 10728 BthPan - ok
13:35:34.0781 10728 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:35:34.0812 10728 BTHPORT - ok
13:35:34.0859 10728 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
13:35:34.0875 10728 BthServ - ok
13:35:34.0906 10728 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:35:35.0000 10728 BTHUSB - ok
13:35:35.0046 10728 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:35:35.0140 10728 cbidf - ok
13:35:35.0156 10728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:35:35.0156 10728 cbidf2k - ok
13:35:35.0265 10728 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
13:35:35.0265 10728 CCALib8 - ok
13:35:35.0281 10728 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:35:35.0375 10728 cd20xrnt - ok
13:35:35.0421 10728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:35:35.0515 10728 Cdaudio - ok
13:35:35.0546 10728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:35:35.0640 10728 Cdfs - ok
13:35:35.0671 10728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:35:35.0781 10728 Cdrom - ok
13:35:35.0781 10728 Changer - ok
13:35:35.0843 10728 CIR (d7eb0c83b13f13a1cc36dea5b95dcba6) C:\WINDOWS\system32\DRIVERS\CIR.sys
13:35:35.0859 10728 CIR - ok
13:35:35.0906 10728 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:35:35.0906 10728 CiSvc - ok
13:35:36.0046 10728 CLCapSvc (4921cb1fae6978d44a91d0d65d93fa57) c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
13:35:36.0062 10728 CLCapSvc - ok
13:35:36.0093 10728 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:35:36.0093 10728 ClipSrv - ok
13:35:36.0234 10728 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:35:36.0312 10728 clr_optimization_v2.0.50727_32 - ok
13:35:36.0343 10728 CLSched (bfb1a491b7cfafbd35220537eee92760) c:\APPS\Powercinema\Kernel\TV\CLSched.exe
13:35:36.0359 10728 CLSched - ok
13:35:36.0375 10728 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:35:36.0468 10728 CmBatt - ok
13:35:36.0531 10728 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:35:36.0625 10728 CmdIde - ok
13:35:36.0625 10728 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:35:36.0718 10728 Compbatt - ok
13:35:36.0734 10728 COMSysApp - ok
13:35:36.0765 10728 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:35:36.0859 10728 Cpqarray - ok
13:35:36.0906 10728 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:35:36.0921 10728 CryptSvc - ok
13:35:36.0953 10728 CyberLink Media Library Service (bc2ddaf478aaf92f237fb52e35eb53d6) C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
13:35:36.0968 10728 CyberLink Media Library Service - ok
13:35:36.0984 10728 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:35:37.0093 10728 dac2w2k - ok
13:35:37.0109 10728 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:35:37.0203 10728 dac960nt - ok
13:35:37.0296 10728 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:35:37.0328 10728 DcomLaunch - ok
13:35:37.0375 10728 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:35:37.0390 10728 Dhcp - ok
13:35:37.0421 10728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:35:37.0515 10728 Disk - ok
13:35:37.0531 10728 dmadmin - ok
13:35:37.0687 10728 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:35:37.0843 10728 dmboot - ok
13:35:37.0875 10728 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:35:37.0968 10728 dmio - ok
13:35:37.0984 10728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:35:38.0078 10728 dmload - ok
13:35:38.0140 10728 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:35:38.0140 10728 dmserver - ok
13:35:38.0171 10728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:35:38.0171 10728 DMusic - ok
13:35:38.0218 10728 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:35:38.0234 10728 Dnscache - ok
13:35:38.0281 10728 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:35:38.0296 10728 Dot3svc - ok
13:35:38.0328 10728 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:35:38.0437 10728 dpti2o - ok
13:35:38.0468 10728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:35:38.0562 10728 drmkaud - ok
13:35:38.0593 10728 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:35:38.0703 10728 E100B - ok
13:35:38.0750 10728 eamon (a777d095402b31b0aafe7f19c89fb3a1) C:\WINDOWS\system32\DRIVERS\eamon.sys
13:35:38.0843 10728 eamon - ok
13:35:38.0859 10728 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:35:38.0875 10728 EapHost - ok
13:35:38.0906 10728 easdrv (e6dffb60bdbd91749eab4d45bc8926a9) C:\WINDOWS\system32\DRIVERS\easdrv.sys
13:35:39.0000 10728 easdrv - ok
13:35:39.0109 10728 EhttpSrv (44e5cfb428c55bde550f0648b426fbc0) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
13:35:39.0125 10728 EhttpSrv - ok
13:35:39.0218 10728 ekrn (49485fa5c3a8a5ce866b281e75e99f24) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
13:35:39.0265 10728 ekrn - ok
13:35:39.0296 10728 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
13:35:39.0328 10728 ElbyCDIO - ok
13:35:39.0343 10728 ElbyDelay (8d35affbeed58fd66e9fad223de33718) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
13:35:39.0437 10728 ElbyDelay - ok
13:35:39.0468 10728 epfwtdir (bb2e195088af3f6091ef9f8e42f0581f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
13:35:39.0468 10728 epfwtdir - ok
13:35:39.0531 10728 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:35:39.0531 10728 ERSvc - ok
13:35:39.0593 10728 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:39.0609 10728 Eventlog - ok
13:35:39.0687 10728 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:35:39.0703 10728 EventSystem - ok
13:35:39.0781 10728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:35:39.0875 10728 Fastfat - ok
13:35:39.0937 10728 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:35:39.0953 10728 FastUserSwitchingCompatibility - ok
13:35:39.0968 10728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:35:40.0062 10728 Fdc - ok
13:35:40.0093 10728 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:35:40.0187 10728 Fips - ok
13:35:40.0203 10728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:35:40.0296 10728 Flpydisk - ok
13:35:40.0328 10728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:35:40.0437 10728 FltMgr - ok
13:35:40.0578 10728 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:35:40.0578 10728 FontCache3.0.0.0 - ok
13:35:40.0640 10728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:35:40.0734 10728 Fs_Rec - ok
13:35:40.0765 10728 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:35:40.0859 10728 Ftdisk - ok
13:35:40.0890 10728 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:35:40.0906 10728 GEARAspiWDM - ok
13:35:41.0015 10728 GenericHidService (69202c049779ae09470370f163363f13) c:\APPS\HIDSERVICE\HIDSERVICE.exe
13:35:41.0031 10728 GenericHidService - ok
13:35:41.0078 10728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:35:41.0171 10728 Gpc - ok
13:35:41.0312 10728 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:35:41.0328 10728 gupdate - ok
13:35:41.0343 10728 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:35:41.0343 10728 gupdatem - ok
13:35:41.0406 10728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:35:41.0437 10728 gusvc - ok
13:35:41.0468 10728 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
13:35:41.0484 10728 HdAudAddService - ok
13:35:41.0515 10728 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:35:41.0625 10728 HDAudBus - ok
13:35:41.0718 10728 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:35:41.0718 10728 helpsvc - ok
13:35:41.0765 10728 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:35:41.0781 10728 HidServ - ok
13:35:41.0796 10728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:35:41.0890 10728 HidUsb - ok
13:35:41.0937 10728 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:35:41.0953 10728 hkmsvc - ok
13:35:42.0015 10728 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:35:42.0109 10728 hpn - ok
13:35:42.0218 10728 HSF_DPV (068734475cedd18ca52dd99c8fefe43b) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
13:35:42.0281 10728 HSF_DPV - ok
13:35:42.0328 10728 HSXHWAZL (ae5e2bbb2b9373b72aad801a749de1f0) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
13:35:42.0343 10728 HSXHWAZL - ok
13:35:42.0406 10728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:35:42.0593 10728 HTTP - ok
13:35:42.0640 10728 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:35:42.0656 10728 HTTPFilter - ok
13:35:42.0687 10728 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:35:42.0781 10728 i2omgmt - ok
13:35:42.0781 10728 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:35:42.0875 10728 i2omp - ok
13:35:42.0921 10728 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:35:43.0093 10728 i8042prt - ok
13:35:43.0234 10728 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:35:43.0312 10728 ialm - ok
13:35:43.0500 10728 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:35:43.0515 10728 IDriverT - ok
13:35:43.0781 10728 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:35:43.0859 10728 idsvc - ok
13:35:43.0937 10728 IJPLMSVC (f82bc30bb2b608af8b5540cdbaea93a6) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:35:43.0953 10728 IJPLMSVC - ok
13:35:44.0125 10728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:35:44.0218 10728 Imapi - ok
13:35:44.0281 10728 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:35:44.0296 10728 ImapiService - ok
13:35:44.0296 10728 InCDFs - ok
13:35:44.0312 10728 InCDPass - ok
13:35:44.0328 10728 InCDRm - ok
13:35:44.0359 10728 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:35:44.0453 10728 ini910u - ok
13:35:44.0906 10728 IntcAzAudAddService (0782317ca4b1c229a0854c998c4595fe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:35:45.0281 10728 IntcAzAudAddService - ok
13:35:45.0421 10728 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:35:45.0515 10728 IntelIde - ok
13:35:45.0562 10728 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:35:45.0656 10728 intelppm - ok
13:35:45.0703 10728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:35:45.0875 10728 Ip6Fw - ok
13:35:45.0906 10728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:35:46.0078 10728 IpFilterDriver - ok
13:35:46.0109 10728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:35:46.0203 10728 IpInIp - ok
13:35:46.0234 10728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:35:46.0328 10728 IpNat - ok
13:35:46.0515 10728 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
13:35:46.0578 10728 iPod Service - ok
13:35:46.0609 10728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:35:46.0703 10728 IPSec - ok
13:35:46.0734 10728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:35:46.0828 10728 IRENUM - ok
13:35:46.0859 10728 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:35:46.0953 10728 isapnp - ok
13:35:47.0125 10728 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
13:35:47.0140 10728 JavaQuickStarterService - ok
13:35:47.0187 10728 kbd (25e069d51596b9c77ea8e0bf51cf0f59) C:\WINDOWS\system32\DRIVERS\kbd.sys
13:35:47.0281 10728 kbd - ok
13:35:47.0312 10728 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:35:47.0406 10728 Kbdclass - ok
13:35:47.0437 10728 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:35:47.0531 10728 kbdhid - ok
13:35:47.0593 10728 kioport (f95a2172b4e6b7131544f1b8cf34c031) C:\WINDOWS\system32\drivers\kioport.sys
13:35:47.0609 10728 kioport - ok
13:35:47.0640 10728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:35:47.0734 10728 kmixer - ok
13:35:47.0796 10728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:35:47.0890 10728 KSecDD - ok
13:35:47.0937 10728 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:35:47.0953 10728 lanmanserver - ok
13:35:48.0015 10728 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:35:48.0031 10728 lanmanworkstation - ok
13:35:48.0343 10728 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
13:35:48.0500 10728 Lavasoft Ad-Aware Service - ok
13:35:48.0593 10728 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:35:48.0671 10728 Lavasoft Kernexplorer - ok
13:35:48.0859 10728 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:35:48.0875 10728 Lbd - ok
13:35:48.0890 10728 lbrtfdc - ok
13:35:48.0953 10728 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:35:48.0968 10728 LmHosts - ok
13:35:49.0031 10728 mdf16 (b066b4b2910c670530b63d5e924e8a2b) C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys
13:35:49.0109 10728 mdf16 - ok
13:35:49.0171 10728 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:35:49.0187 10728 mdmxsdk - ok
13:35:49.0203 10728 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:35:49.0218 10728 Messenger - ok
13:35:49.0234 10728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:35:49.0328 10728 mnmdd - ok
13:35:49.0359 10728 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:35:49.0375 10728 mnmsrvc - ok
13:35:49.0437 10728 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:35:49.0531 10728 Modem - ok
13:35:49.0593 10728 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:35:49.0687 10728 Mouclass - ok
13:35:49.0718 10728 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:35:49.0796 10728 mouhid - ok
13:35:49.0843 10728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:35:49.0937 10728 MountMgr - ok
13:35:49.0968 10728 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:35:50.0062 10728 mraid35x - ok
13:35:50.0125 10728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:35:50.0296 10728 MRxDAV - ok
13:35:50.0406 10728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:35:50.0515 10728 MRxSmb - ok
13:35:50.0593 10728 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:35:50.0593 10728 MSDTC - ok
13:35:50.0625 10728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:35:50.0718 10728 Msfs - ok
13:35:50.0718 10728 MSIServer - ok
13:35:50.0750 10728 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:35:50.0843 10728 MSKSSRV - ok
13:35:50.0859 10728 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:35:50.0953 10728 MSPCLOCK - ok
13:35:50.0968 10728 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:35:51.0062 10728 MSPQM - ok
13:35:51.0109 10728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:35:51.0203 10728 mssmbios - ok
13:35:51.0250 10728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:35:51.0343 10728 Mup - ok
13:35:51.0375 10728 mvd22 (8405a99d3e250eb017fe7a0dc3a9ffc0) C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys
13:35:51.0468 10728 mvd22 - ok
13:35:51.0546 10728 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:35:51.0593 10728 napagent - ok
13:35:51.0640 10728 Navcar (4a2b254aa2d3e375d478ee4c90fbe235) C:\WINDOWS\system32\DRIVERS\Navcar.sys
13:35:51.0734 10728 Navcar - ok
13:35:51.0796 10728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:35:51.0828 10728 NDIS - ok
13:35:51.0859 10728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:35:51.0953 10728 NdisTapi - ok
13:35:51.0968 10728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:35:52.0062 10728 Ndisuio - ok
13:35:52.0093 10728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:35:52.0187 10728 NdisWan - ok
13:35:52.0234 10728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:35:52.0328 10728 NDProxy - ok
13:35:52.0343 10728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:35:52.0437 10728 NetBIOS - ok
13:35:52.0453 10728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:35:52.0562 10728 NetBT - ok
13:35:52.0656 10728 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:52.0671 10728 NetDDE - ok
13:35:52.0687 10728 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:35:52.0687 10728 NetDDEdsdm - ok
13:35:52.0718 10728 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:52.0734 10728 Netlogon - ok
13:35:52.0781 10728 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:35:52.0796 10728 Netman - ok
13:35:52.0968 10728 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:35:52.0984 10728 NetTcpPortSharing - ok
13:35:53.0203 10728 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
13:35:53.0328 10728 NETw3x32 - ok
13:35:53.0531 10728 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:35:53.0625 10728 NIC1394 - ok
13:35:53.0703 10728 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:35:53.0718 10728 Nla - ok
13:35:53.0765 10728 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
13:35:53.0859 10728 nmwcd - ok
13:35:53.0890 10728 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
13:35:53.0890 10728 nmwcdc - ok
13:35:53.0921 10728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:35:54.0015 10728 Npfs - ok
13:35:54.0093 10728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:35:54.0234 10728 Ntfs - ok
13:35:54.0281 10728 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:54.0281 10728 NtLmSsp - ok
13:35:54.0359 10728 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:35:54.0406 10728 NtmsSvc - ok
13:35:54.0468 10728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:35:54.0562 10728 Null - ok
13:35:54.0593 10728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:35:54.0687 10728 NwlnkFlt - ok
13:35:54.0718 10728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:35:54.0812 10728 NwlnkFwd - ok
13:35:54.0859 10728 O2Flash (e8ceb4094828fd742c8fa4bae76bf301) C:\WINDOWS\system32\o2flash.exe
13:35:54.0875 10728 O2Flash - ok
13:35:54.0890 10728 O2MDRDR (9be9afaf92f5f46d109694bbe33c3bda) C:\WINDOWS\system32\DRIVERS\o2media.sys
13:35:54.0984 10728 O2MDRDR - ok
13:35:55.0000 10728 O2SDRDR (12a6d826a1a27818170552f2495a567a) C:\WINDOWS\system32\DRIVERS\o2sd.sys
13:35:55.0093 10728 O2SDRDR - ok
13:35:55.0328 10728 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:35:55.0375 10728 odserv - ok
13:35:55.0421 10728 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:35:55.0609 10728 ohci1394 - ok
13:35:55.0671 10728 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:35:55.0687 10728 ose - ok
13:35:55.0734 10728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:35:55.0828 10728 Parport - ok
13:35:55.0843 10728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:35:55.0937 10728 PartMgr - ok
13:35:56.0000 10728 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:35:56.0093 10728 ParVdm - ok
13:35:56.0140 10728 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:35:56.0156 10728 pccsmcfd - ok
13:35:56.0171 10728 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:35:56.0265 10728 PCI - ok
13:35:56.0281 10728 PCIDump - ok
13:35:56.0296 10728 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:35:56.0390 10728 PCIIde - ok
13:35:56.0437 10728 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:35:56.0625 10728 Pcmcia - ok
13:35:56.0625 10728 PDCOMP - ok
13:35:56.0640 10728 PDFRAME - ok
13:35:56.0656 10728 PDRELI - ok
13:35:56.0671 10728 PDRFRAME - ok
13:35:56.0703 10728 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:35:56.0796 10728 perc2 - ok
13:35:56.0796 10728 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:35:56.0890 10728 perc2hib - ok
13:35:57.0000 10728 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:35:57.0000 10728 PlugPlay - ok
13:35:57.0046 10728 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:57.0046 10728 PolicyAgent - ok
13:35:57.0078 10728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:35:57.0187 10728 PptpMiniport - ok
13:35:57.0203 10728 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:35:57.0296 10728 Processor - ok
13:35:57.0312 10728 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:35:57.0312 10728 ProtectedStorage - ok
13:35:57.0343 10728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:35:57.0515 10728 PSched - ok
13:35:57.0593 10728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:35:57.0687 10728 Ptilink - ok
13:35:57.0734 10728 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:35:57.0828 10728 PxHelp20 - ok
13:35:57.0843 10728 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:35:58.0015 10728 ql1080 - ok
13:35:58.0031 10728 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:35:58.0140 10728 Ql10wnt - ok
13:35:58.0156 10728 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:35:58.0250 10728 ql12160 - ok
13:35:58.0250 10728 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:35:58.0421 10728 ql1240 - ok
13:35:58.0437 10728 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:35:58.0531 10728 ql1280 - ok
13:35:58.0578 10728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:35:58.0671 10728 RasAcd - ok
13:35:58.0718 10728 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:35:58.0734 10728 RasAuto - ok
13:35:58.0750 10728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:35:58.0859 10728 Rasl2tp - ok
13:35:58.0921 10728 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:35:58.0937 10728 RasMan - ok
13:35:58.0968 10728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:35:59.0062 10728 RasPppoe - ok
13:35:59.0078 10728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:35:59.0187 10728 Raspti - ok
13:35:59.0218 10728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:35:59.0546 10728 Rdbss - ok
13:35:59.0578 10728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:35:59.0671 10728 RDPCDD - ok
13:35:59.0718 10728 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:35:59.0828 10728 rdpdr - ok
13:35:59.0906 10728 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:36:00.0000 10728 RDPWD - ok
13:36:00.0062 10728 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:36:00.0078 10728 RDSessMgr - ok
13:36:00.0125 10728 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:36:00.0218 10728 redbook - ok
13:36:00.0250 10728 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:36:00.0265 10728 RemoteAccess - ok
13:36:00.0312 10728 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:36:00.0328 10728 RemoteRegistry - ok
13:36:00.0343 10728 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:36:00.0468 10728 RFCOMM - ok
13:36:00.0484 10728 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:36:00.0500 10728 RpcLocator - ok
13:36:00.0578 10728 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:36:00.0593 10728 RpcSs - ok
13:36:00.0671 10728 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:36:00.0687 10728 RSVP - ok
13:36:00.0750 10728 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:00.0750 10728 SamSs - ok
13:36:00.0781 10728 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:36:00.0796 10728 SCardSvr - ok
13:36:00.0828 10728 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:36:00.0859 10728 Schedule - ok
13:36:00.0890 10728 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:36:01.0171 10728 sdbus - ok
13:36:01.0218 10728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:36:01.0312 10728 Secdrv - ok
13:36:01.0328 10728 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:36:01.0343 10728 seclogon - ok
13:36:01.0375 10728 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:36:01.0390 10728 SENS - ok
13:36:01.0437 10728 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:36:01.0625 10728 Serial - ok
13:36:01.0812 10728 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:36:01.0890 10728 ServiceLayer - ok
13:36:01.0968 10728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:36:02.0062 10728 Sfloppy - ok
13:36:02.0125 10728 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:36:02.0156 10728 SharedAccess - ok
13:36:02.0218 10728 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:36:02.0234 10728 ShellHWDetection - ok
13:36:02.0250 10728 Simbad - ok
13:36:02.0296 10728 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:36:02.0390 10728 sisagp - ok
13:36:02.0437 10728 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:36:02.0546 10728 Sparrow - ok
13:36:02.0578 10728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:36:02.0671 10728 splitter - ok
13:36:02.0718 10728 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:36:02.0734 10728 Spooler - ok
13:36:02.0750 10728 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:36:02.0859 10728 sr - ok
13:36:02.0890 10728 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:36:02.0906 10728 srservice - ok
13:36:03.0000 10728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:03.0109 10728 Srv - ok
13:36:03.0140 10728 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:36:03.0156 10728 SSDPSRV - ok
13:36:03.0187 10728 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
13:36:03.0281 10728 StarOpen - ok
13:36:03.0343 10728 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:36:03.0390 10728 stisvc - ok
13:36:03.0437 10728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:36:03.0531 10728 swenum - ok
13:36:03.0578 10728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:36:03.0750 10728 swmidi - ok
13:36:03.0765 10728 SwPrv - ok
13:36:03.0812 10728 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:36:03.0906 10728 symc810 - ok
13:36:03.0921 10728 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:36:04.0015 10728 symc8xx - ok
13:36:04.0031 10728 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:36:04.0125 10728 sym_hi - ok
13:36:04.0140 10728 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:36:04.0234 10728 sym_u3 - ok
13:36:04.0265 10728 SynTP (b47954850ab7eab09961df08cc747852) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:36:04.0375 10728 SynTP - ok
13:36:04.0421 10728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:36:04.0437 10728 sysaudio - ok
13:36:04.0500 10728 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:36:04.0515 10728 SysmonLog - ok
13:36:04.0609 10728 SZASSIST (afd19caa340483f5539cfc32b39f7665) C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
13:36:04.0625 10728 SZASSIST - ok
13:36:04.0671 10728 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:36:04.0687 10728 TapiSrv - ok
13:36:04.0781 10728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:36:04.0906 10728 Tcpip - ok
13:36:04.0968 10728 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:36:05.0078 10728 Tcpip6 - ok
13:36:05.0109 10728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:36:05.0203 10728 TDPIPE - ok
13:36:05.0218 10728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:36:05.0312 10728 TDTCP - ok
13:36:05.0359 10728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:36:05.0609 10728 TermDD - ok
13:36:05.0671 10728 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:36:05.0718 10728 TermService - ok
13:36:05.0781 10728 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:36:05.0796 10728 Themes - ok
13:36:05.0843 10728 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:36:05.0859 10728 TlntSvr - ok
13:36:05.0921 10728 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:36:06.0000 10728 TosIde - ok
13:36:06.0046 10728 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:36:06.0062 10728 TrkWks - ok
13:36:06.0125 10728 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:36:06.0218 10728 tunmp - ok
13:36:06.0234 10728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:36:06.0328 10728 Udfs - ok
13:36:06.0375 10728 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:36:06.0562 10728 ultra - ok
13:36:06.0625 10728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:36:06.0828 10728 Update - ok
13:36:06.0875 10728 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:36:06.0890 10728 upnphost - ok
13:36:06.0937 10728 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
13:36:06.0953 10728 upperdev - ok
13:36:06.0968 10728 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:36:06.0984 10728 UPS - ok
13:36:07.0046 10728 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:36:07.0140 10728 USBAAPL - ok
13:36:07.0171 10728 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:36:07.0265 10728 usbccgp - ok
13:36:07.0296 10728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:36:07.0390 10728 usbehci - ok
13:36:07.0406 10728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:36:07.0515 10728 usbhub - ok
13:36:07.0546 10728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:36:07.0640 10728 usbprint - ok
13:36:07.0671 10728 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:36:07.0750 10728 usbscan - ok
13:36:07.0796 10728 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
13:36:07.0890 10728 usbser - ok
13:36:07.0921 10728 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
13:36:07.0937 10728 UsbserFilt - ok
13:36:07.0953 10728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:36:08.0046 10728 USBSTOR - ok
13:36:08.0109 10728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:36:08.0203 10728 usbuhci - ok
13:36:08.0234 10728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:36:08.0328 10728 VgaSave - ok
13:36:08.0343 10728 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:36:08.0531 10728 viaagp - ok
13:36:08.0546 10728 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:36:08.0625 10728 ViaIde - ok
13:36:08.0687 10728 VideoAcceleratorService - ok
13:36:08.0718 10728 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:36:08.0812 10728 VolSnap - ok
13:36:08.0875 10728 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:36:08.0906 10728 VSS - ok
13:36:08.0953 10728 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:36:08.0968 10728 W32Time - ok
13:36:09.0000 10728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:09.0093 10728 Wanarp - ok
13:36:09.0125 10728 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:36:09.0140 10728 wceusbsh - ok
13:36:09.0218 10728 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:36:09.0281 10728 Wdf01000 - ok
13:36:09.0296 10728 WDICA - ok
13:36:09.0328 10728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:36:09.0421 10728 wdmaud - ok
13:36:09.0453 10728 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:36:09.0468 10728 WebClient - ok
13:36:09.0609 10728 winachsf (1b2696e94900f4e236e6a585ff534309) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:36:09.0781 10728 winachsf - ok
13:36:09.0859 10728 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:36:09.0875 10728 winmgmt - ok
13:36:09.0953 10728 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:36:09.0953 10728 WmdmPmSN - ok
13:36:10.0062 10728 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:36:10.0109 10728 Wmi - ok
13:36:10.0140 10728 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:36:10.0156 10728 WmiApSrv - ok
13:36:10.0390 10728 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:36:10.0468 10728 WMPNetworkSvc - ok
13:36:10.0562 10728 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:36:10.0593 10728 WpdUsb - ok
13:36:10.0625 10728 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:36:10.0718 10728 WS2IFSL - ok
13:36:10.0765 10728 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:36:10.0781 10728 wscsvc - ok
13:36:10.0796 10728 WSearch - ok
13:36:10.0828 10728 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:36:10.0875 10728 wuauserv - ok
13:36:10.0937 10728 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:10.0953 10728 WudfPf - ok
13:36:10.0984 10728 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:36:11.0000 10728 WudfRd - ok
13:36:11.0031 10728 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
13:36:11.0046 10728 WudfSvc - ok
13:36:11.0140 10728 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:36:11.0187 10728 WZCSVC - ok
13:36:11.0218 10728 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:36:11.0234 10728 xmlprov - ok
13:36:11.0312 10728 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:36:11.0718 10728 \Device\Harddisk0\DR0 - ok
13:36:11.0734 10728 Boot (0x1200) (4747463db76523dc3134a1f9ba9ba801) \Device\Harddisk0\DR0\Partition0
13:36:11.0734 10728 \Device\Harddisk0\DR0\Partition0 - ok
13:36:11.0734 10728 ============================================================
13:36:11.0734 10728 Scan finished
13:36:11.0734 10728 ============================================================
13:36:11.0765 13016 Detected object count: 0
13:36:11.0765 13016 Actual detected object count: 0

#4 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 05 May 2012 - 05:15 AM

Okay, part 2 finally done. (5 hours!!)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-05 18:13:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 FUJITSU_MHV2120AH rev.000000A0
Running: 9mqrk6u6.exe; Driver: C:\DOCUME~1\Infocus\LOCALS~1\Temp\pwdcyaoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76D787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76D7BFE]

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
? system32\drivers\84339733.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[164] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F01A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F08B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F1B9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2632] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\SearchIndexer.exe[3916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01860001
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 288C32A0 C:\Program Files\SpeedBit Video Accelerator\DLL3.3.0.5\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A60F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71A00F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71970F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 288C3640 C:\Program Files\SpeedBit Video Accelerator\DLL3.3.0.5\Accelerator.dll (Accelerator/SpeedBit Ltd.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!recv 71AB676F 6 Bytes JMP 719D0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 719A0F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5124] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71940F5A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2C, 00] {SUB [EAX], AL; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2C, 00] {SUB [EBX], AL; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2C, 00] {TEST AL, 0x1; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91021A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2C, 00] {TEST AL, 0x2; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91028B
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2C, 00] {TEST AL, 0x0; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9103B9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2C, 00] {SUB [ECX], AL; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2C, 00] {SUB [EDX], AL; SUB AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2C, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[7144] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326050B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[7144] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 330CEAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text c:\program files\real\realplayer\update\realsched.exe[9868] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[440] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00310010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6620] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003F0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \Driver\58062549 \Device\KLMD16012012_207010 84339733.sys
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d013a4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d013a4@0018af6cccfa 0xAE 0x58 0x72 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d013a4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d013a4@0018af6cccfa 0xAE 0x58 0x72 0x6D ...

---- EOF - GMER 1.0.15 ----
Now on to the next one . . . .

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 05 May 2012 - 10:22 AM

Still need aswmbr log :thumbup2:

#6 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 05 May 2012 - 08:15 PM

And here it is . . . . .

Wasn't sure how long it would take so left it going over night.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 18:18:37
-----------------------------
18:18:37.500 OS Version: Windows 5.1.2600 Service Pack 3
18:18:37.500 Number of processors: 2 586 0xF06
18:18:37.500 ComputerName: SN012345678912 UserName: Infocus
18:18:38.312 Initialize success
18:36:07.281 AVAST engine defs: 12050500
18:37:39.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:37:39.312 Disk 0 Vendor: FUJITSU_MHV2120AH 000000A0 Size: 114473MB BusType: 3
18:37:39.390 Disk 0 MBR read successfully
18:37:39.390 Disk 0 MBR scan
18:37:39.437 Disk 0 Windows XP default MBR code
18:37:39.453 Disk 0 Partition 1 00 1B Hidd FAT32 MSWIN4.1 6149 MB offset 63
18:37:39.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108313 MB offset 12594960
18:37:39.546 Disk 0 scanning sectors +234420480
18:37:39.718 Disk 0 scanning C:\WINDOWS\system32\drivers
18:38:41.765 Service scanning
18:39:04.484 Modules scanning
18:39:55.640 Disk 0 trace - called modules:
18:39:55.687 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:39:55.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c5ab8]
18:39:55.703 3 CLASSPNP.SYS[f76c7fd7] -> nt!IofCallDriver -> \Device\00000099[0x8a73b5d0]
18:39:55.703 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a737d98]
18:39:56.343 AVAST engine scan C:\WINDOWS
18:41:05.031 AVAST engine scan C:\WINDOWS\system32
18:48:07.937 AVAST engine scan C:\WINDOWS\system32\drivers
18:49:08.359 AVAST engine scan C:\Documents and Settings\Infocus
21:07:11.718 AVAST engine scan C:\Documents and Settings\All Users
21:13:45.796 Scan finished successfully
09:08:55.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Infocus\Desktop\MBR.dat"
09:08:55.234 The log file has been saved successfully to "C:\Documents and Settings\Infocus\Desktop\aswMBR.txt"

Awaiting my next commands master . . . . This stuff is over my head!

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 05 May 2012 - 08:30 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#8 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 06 May 2012 - 04:46 AM

Okay next steps completed.

MBAM found 1 threat only on first scan, nothing on next.

Completed ESET online Scan. For your info I use ESET NOD32 antivirus on my computer.

Result of scan -


C:\Documents and Settings\Infocus\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application deleted - quarantined
C:\Documents and Settings\Infocus\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\Documents and Settings\Infocus\Application Data\Uniblue\SpeedUpMyPC\_temp\ub.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster-4.7.6.9.exe Win32/RegistryBooster application deleted - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe Win32/SpeedUpMyPC application deleted - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

ESET and these couple of programs from Uniblue don't get on since getting an upgraded version of the two (Registry Booster and Speed Up My PC)

Finally, the results from running "Mini toolbox"

MiniToolBox by Farbar Version: 18-01-2012
Ran by Infocus (administrator) on 06-05-2012 at 17:33:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
















88.198.198.206 google.com
88.198.198.206 google.com.au
88.198.198.206 www.google.com.au
88.198.198.206 google.be
88.198.198.206 www.google.be
88.198.198.206 google.com.br
88.198.198.206 www.google.com.br
88.198.198.206 google.ca
88.198.198.206 www.google.ca
88.198.198.206 google.ch
88.198.198.206 www.google.ch
88.198.198.206 google.de
88.198.198.206 www.google.de
88.198.198.206 google.dk
88.198.198.206 www.google.dk
88.198.198.206 google.fr
88.198.198.206 www.google.fr
88.198.198.206 google.ie
88.198.198.206 www.google.ie
88.198.198.206 google.it
88.198.198.206 www.google.it
88.198.198.206 google.co.jp
88.198.198.206 www.google.co.jp
88.198.198.206 google.nl
88.198.198.206 www.google.nl
88.198.198.206 google.no
88.198.198.206 www.google.no
88.198.198.206 google.co.nz
88.198.198.206 www.google.co.nz
88.198.198.206 google.pl
88.198.198.206 www.google.pl
88.198.198.206 google.se
88.198.198.206 www.google.se
88.198.198.206 google.co.uk

88.198.198.206 google.co.za
88.198.198.206 www.google.co.za

88.198.198.206 www.bing.com
88.198.198.206 search.yahoo.com
88.198.198.206 www.search.yahoo.com
88.198.198.206 uk.search.yahoo.com
88.198.198.206 ca.search.yahoo.com
88.198.198.206 de.search.yahoo.com
88.198.198.206 fr.search.yahoo.com
88.198.198.206 au.search.yahoo.com


========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : SN012345678912

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : BigPond



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : BigPond

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-19-D2-6A-04-27

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::219:d2ff:fe6a:427%4

Default Gateway . . . . . . . . . : 10.0.0.138

DHCP Server . . . . . . . . . . . : 10.0.0.138

DNS Servers . . . . . . . . . . . : 10.0.0.138

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Sunday, 6 May 2012 3:03:08 PM

Lease Expires . . . . . . . . . . : Monday, 7 May 2012 3:03:08 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: BigPond.BigPond
Address: 10.0.0.138

Name: google.com
Addresses: 74.125.237.135, 74.125.237.133, 74.125.237.142, 74.125.237.130
74.125.237.134, 74.125.237.129, 74.125.237.137, 74.125.237.128, 74.125.237.136
74.125.237.131, 74.125.237.132



Pinging google.com [88.198.198.206] with 32 bytes of data:



Reply from 88.198.198.206: bytes=32 time=474ms TTL=37

Reply from 88.198.198.206: bytes=32 time=434ms TTL=37



Ping statistics for 88.198.198.206:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 434ms, Maximum = 474ms, Average = 454ms

Server: BigPond.BigPond
Address: 10.0.0.138

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=261ms TTL=47

Reply from 72.30.38.140: bytes=32 time=346ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 261ms, Maximum = 346ms, Average = 303ms

Server: BigPond.BigPond
Address: 10.0.0.138

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d2 6a 04 27 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.1 25
10.0.0.0 255.255.255.0 10.0.0.1 10.0.0.1 25
10.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.0.1 10.0.0.1 20
224.0.0.0 240.0.0.0 10.0.0.1 10.0.0.1 25
255.255.255.255 255.255.255.255 10.0.0.1 10.0.0.1 1
Default Gateway: 10.0.0.138
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll [168136] (SpeedBit)
Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll [168136] (SpeedBit)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll [168136] (SpeedBit)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/06/2012 03:14:12 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (05/06/2012 01:39:29 PM) (Source: Application Error) (User: )
Description: Fault bucket -1373088332.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/06/2012 01:39:18 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.60.0.80, faulting module msvbvm60.dll, version 6.0.98.2, fault address 0x000e450a.
Processing media-specific event for [mbam.exe!ws!]

Error: (05/04/2012 08:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2094

Error: (05/04/2012 08:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2094

Error: (05/04/2012 08:34:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2012 08:31:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4890

Error: (05/03/2012 08:31:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4890

Error: (05/03/2012 08:31:27 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/03/2012 08:31:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1968


System errors:
=============
Error: (05/06/2012 03:03:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error: (04/28/2012 02:41:02 PM) (Source: Print) (User: Infocus)
Description: The document MYOB Print Job owned by Infocus failed to print on printer Canon MX410 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 19398656. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\SN012345678912. Win32 error code returned by the print processor: MYOB Print Job0. MYOB Print Job1

Error: (04/14/2012 11:15:07 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/14/2012 11:15:07 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (04/14/2012 11:15:07 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/12/2012 08:02:22 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/12/2012 08:02:22 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (04/12/2012 08:02:22 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/09/2012 00:21:35 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 10.0.0.1 on the
Network Card with network address 0019D26A0427.

Error: (04/03/2012 06:04:47 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 10.0.0.1 on the
Network Card with network address 0019D26A0427.


Microsoft Office Sessions:
=========================
Error: (05/03/2012 08:09:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 522641 seconds with 8880 seconds of active time. This session ended with a crash.

Error: (04/24/2012 07:19:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/11/2012 07:09:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1728946 seconds with 14580 seconds of active time. This session ended with a crash.

Error: (02/17/2012 01:16:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 748 seconds with 360 seconds of active time. This session ended with a crash.

Error: (01/16/2012 09:06:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 201941 seconds with 1620 seconds of active time. This session ended with a crash.

Error: (11/20/2011 08:55:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 349182 seconds with 3780 seconds of active time. This session ended with a crash.

Error: (11/13/2011 05:12:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 97861 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (11/12/2011 02:01:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10488 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/30/2011 06:47:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 865865 seconds with 7920 seconds of active time. This session ended with a crash.

Error: (04/28/2011 00:19:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 838907 seconds with 7020 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

5 Clicks (Version: 4.5)
Ad-Aware (Version: 9.0.7)
Ad-Aware Security Toolbar (Version: 0.9.1.20)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AnyDVD
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS4YOU Software Navigator 1.3
BatteryMonitor 1.1
BigPond Broadband ADSL (Version: 9.2)
Bluetooth Stack for Windows by Toshiba (Version: v3.03.13©)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.7)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon EOS 5D WIA Driver (Version: 5.7)
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.1
Canon MP Toolbox 4.1
Canon MX410 series MP Drivers
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.4.0.1)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
CloneDVD2
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
DivX Setup (Version: 2.6.1.8)
DraftSight (Version: 8.3.119)
e-tax 2010 (Version: 1.0.648)
e-tax 2011 (Version: 10.1.671)
Easy-WebPrint
ESET NOD32 Antivirus (Version: 3.0.695.0)
ESET Online Scanner v3
Google Chrome (Version: 18.0.1025.168)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hema Australia 4WD Raster Map Collection 2010
HiJackThis (Version: 1.0.0)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.3.3)
Java 2 Runtime Environment, SE v1.4.2_05 (Version: 1.4.2_05)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
LimeWire 5.5.14 (Version: 5.5.14)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech Harmony Remote Software 7 (Version: 7.3.0.15)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Macromedia Flash Player 8 (Version: 8.0.22.0)
Macromedia Shockwave Player (Version: 10.1.0.011)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaBar
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NavDesk 2009 (Version: 6.01.022)
Nero 7 Demo (Version: 7.00.2344)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia Suite (Version: 3.3.89.0)
O2Micro Flash Memory Card Windows Driver V2.04 (Version: 2.04)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OmniPage SE (Version: 11.00.0001)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PC Connectivity Solution (Version: 11.5.29.0)
PowerDVD
Presto! PageManager 6
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Remote Control USB Driver (Version: 2.3.2.317)
Samsung PC Studio (Version: 3.0.0.60911)
Samsung PC Studio (Version: 3.0.1.60911)
Samsung SecretZone (Version: 2.1.630.0)
Sonic RecordNow! (Version: 7.31)
SpeedBit Video Accelerator (Version: 3155(build_1176))
STK02N 2.3 (Version: 2.3)
Uniblue PixelPerfect
Uniblue RegistryBooster (Version: 6.0.10.7)
Uniblue SpeedUpMyPC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
V.I.O. POV Manager 1.0
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131) (Version: 09/23/2008 3.0.0.131)
Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7) (Version: 02/22/2005 3.1.1.7)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007) (Version: 02/07/2007 5.1283.0207.2007)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3) (Version: 02/16/2004 1.0.0.3)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WLan

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2037.91 MB
Available physical RAM: 1263.89 MB
Total Pagefile: 4941.26 MB
Available Pagefile: 4379.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.05 MB

========================= Partitions: =====================================

1 Drive c: (HDD) (Fixed) (Total:105.77 GB) (Free:10.26 GB) NTFS

========================= Users: ========================================

User accounts for \\SN012345678912

Administrator ASPNET Guest
HelpAssistant Infocus SUPPORT_388945a0


**** End of log ****

All go for next steps. Again, I really appreciate the help with all this. Completely out of my league, not to mention beyond a number of help desks that I have contacted over the last month.

Cheers

Cruickey

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 06 May 2012 - 08:36 AM

Download

Hosts fixit

Run the fixit

Restart the PC,launch the mini toolbox and check mark

List content of Hosts alone and post the new log

good luck

#10 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 07 May 2012 - 01:21 AM

Now that surprised me. Expected to take much longer than it did.

Log results -

MiniToolBox by Farbar Version: 18-01-2012
Ran by Infocus (administrator) on 07-05-2012 at 14:15:21
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost


**** End of log ****

So that looks good so far.

Can't remember if I mentioned it before, but I did clear similar items from the "hosts" file a week ago and set it back to where it should be.

So, all this stuff has re-appeared since then.

You certainly know your stuff. Wasn't sure if this info would make a difference or not.

My fingers are crossed and waiting next command(s)

Cheers

Cruickey

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 07 May 2012 - 10:33 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 08 May 2012 - 07:07 AM

Narenxp

Thank you very much for your assistance and technical expertise.

Have managed to access all the search engines on the net for the first time in months?

Just a couple of other questions, if you don't mind pushing the friendship . . . . . . .

Which internet program would you recommend? (Have Explorer, Firefox and Google Chrome on the machine currently)

The Temp File Cleaner that I have just run . . . . . would that be the best to use to keep my machine going and clean out all that memory taxing stuff?

And finally, I have been using Registry Booster and Speed Up My PC (from Uniblue) running scans monthly. These are not compatible with ESET NOD 32 (the antivirus I am using)Do you have any suggestions? Have worked out how to keep these going but have to keep restoring them from ESET quarantine. Bit of a pain in the . . . you know what!!

Oh . . . . and the programs I have downloaded to help fix my problems. Should I keep them, uninstall, something else?

Cheers and thanks again.

Cruickey

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 08 May 2012 - 11:44 AM

Which internet program would you recommend? (Have Explorer, Firefox and Google Chrome on the machine currently)

google chrome

The Temp File Cleaner that I have just run . . . . . would that be the best to use to keep my machine going and clean out all that memory taxing stuff?

yes

And finally, I have been using Registry Booster and Speed Up My PC (from Uniblue) running scans monthly. These are not compatible with ESET NOD 32 (the antivirus I am using)Do you have any suggestions?

I dont recommend registry cleaners.

Oh . . . . and the programs I have downloaded to help fix my problems. Should I keep them, uninstall, something else?

remove them except for malwarebytes.

good luck

#14 Cruickey

Cruickey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 08 May 2012 - 07:43 PM

Mate

Hopefully I won't need luck this time around. Will be very careful.

Although, fingers crossed on the side just in case.

Your a champion and I am extremely grateful.

Cheers

Cruickey

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:03 AM

Posted 08 May 2012 - 09:10 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users