Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect with Internet Explorer


  • Please log in to reply
3 replies to this topic

#1 sjmb45

sjmb45

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 June 2012 - 08:26 PM

Hi,

I've been getting Google redirects to different websites (such as infomash) since yesterday. My computer is running XP Professional, and I ran Malwarebytes yesterday and didn't find anything. This morning a fake scanner (Live Security Platinum) started running, so I shutdown the computer, rebooted and then ran Malwarebyte again. This time it found 9 infected files and removed them. Malwarebytes now shows it's clean again, but I'm still getting redirects.

This afternoon I ran SecurityCheck, but it didn't create a log file and diplayed an error that said "The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll".

I also ran Farbar Service Scanner, MiniToolBox, and aswMBR. The logs for these are shown below.

Can you please help me?

Thanks!

__________________________________________________________________
Farbar Service Scanner Version: 19-06-2012 01
Ran by Shawn (administrator) on 19-06-2012 at 16:47:18
Running from "C:\Documents and Settings\Shawn\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

__________________________________________________________________


MiniToolBox by Farbar Version: 09-06-2012
Ran by Shawn (administrator) on 19-06-2012 at 16:51:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567LM Gigabit Network Connection = Local Area Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Ericsson F3507g Mobile Broadband Minicard Network Adapter = Local Area Connection (Media disconnected)
11b/g Wireless LAN Mini PCI Express Adapter III = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : LENOVO-641B743A

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III

Physical Address. . . . . . . . . : 00-24-2C-E4-E6-CF



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-24-7E-14-8A-0D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, June 19, 2012 4:35:53 PM

Lease Expires . . . . . . . . . . : Wednesday, June 20, 2012 4:35:53 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Ericsson F3507g Mobile Broadband Minicard Network Adapter

Physical Address. . . . . . . . . : 02-80-37-EC-02-00



Pinging google.com [74.125.224.78] with 32 bytes of data:



Reply from 74.125.224.78: bytes=32 time=17ms TTL=54

Reply from 74.125.224.78: bytes=32 time=18ms TTL=54



Ping statistics for 74.125.224.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=33ms TTL=50

Reply from 72.30.38.140: bytes=32 time=69ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 69ms, Average = 51ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 2c e4 e6 cf ...... 11b/g Wireless LAN Mini PCI Express Adapter III - Packet Scheduler Miniport
0x3 ...00 24 7e 14 8a 0d ...... Intel® 82567LM Gigabit Network Connection - Packet Scheduler Miniport
0x10005 ...02 80 37 ec 02 00 ...... Ericsson F3507g Mobile Broadband Minicard Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 10
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 10
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 10
255.255.255.255 255.255.255.255 192.168.1.5 2 1
255.255.255.255 255.255.255.255 192.168.1.5 10005 1
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/19/2012 04:35:33 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:35:11 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:34:36 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:34:11 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:33:45 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:33:16 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:33:03 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:32:52 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:32:18 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.

Error: (06/19/2012 04:31:27 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium. The Windows installer cannot continue.


System errors:
=============
Error: (06/16/2012 02:10:43 PM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer D6DHVMG1 using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-PC using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-PC using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer VINCENT_DESKTOP using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-480E6F using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-480E6F using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer D6DHVMG1 using any of the configured
protocols.

Error: (06/15/2012 10:41:08 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer D6DHVMG1 using any of the configured
protocols.

Error: (06/15/2012 10:40:37 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-PC using any of the configured
protocols.

Error: (06/15/2012 10:40:37 AM) (Source: DCOM) (User: Shawn)
Description: DCOM was unable to communicate with the computer ACELLENT-PC using any of the configured
protocols.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

4200 (Version: 40.0.105.000)
4200_Help (Version: 40.0.105.000)
4200Tour (Version: 40.0.105.000)
4200Trb (Version: 40.0.105.000)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Access Help (Version: 2.00)
Adobe Acrobat 6.0.1 Professional (Version: 006.000.001)
Adobe Connect Add-in
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader 8.3.1 (Version: 8.3.1)
AiO_Scan (Version: 40.0.105.000)
AIOMinimal (Version: 40.0.105.000)
AiOSoftware (Version: 40.0.105.000)
Android SDK Tools (Version: 0.7)
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
Brother HL-4070CDW (Version: 1.00)
Canon D1100 Series
Chinese Simplified Fonts Support For Adobe Reader 8 (Version: 8.0.0)
Cisco WebEx Meetings
Client Security - Password Manager (Version: 8.20.0023.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Conexant HD Audio (Version: 3.53.0.0)
Copy (Version: 5.35.0.065)
CreativeProjects (Version: 5.35.0.059)
CutePDF Writer 2.8
Cypress EZ-USB, FX, FX2, SX2, and EZ-811 Dev Kit
Dell Toolbar (Version: 1.8.12.0)
Dell V310-V510 Series
Director (Version: 5.35.0.051)
DirectXInstallService (Version: 9.0.2)
DocProc (Version: 3.5.0.0)
Drag-to-Disc (Version: 9.05)
Ericsson Wireless Module Core (Version: 1.0.1046.219)
Eudora (Version: 7.0)
Fax (Version: 40.0.105.000)
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 19.0.1084.56)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Quick Search Box (Version: 1.2.1151.245)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 4.5.0.457
Help Center (Version: 2.00h)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Image Zone 3.5 (Version: 3.5)
hp LaserJet 1160/1320 series (Version: 1.00.0000)
HP PSC & OfficeJet 3.5 (Version: 3.5)
HP Software Update (Version: 2.0.38.20040107)
HP Unload DLL Patch (Version: 1.00.0000)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 3.5.0.21)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® Active Management Technology
Intel® Trusted Platform Module
interneTIFF 8.0-FREE (IE Browser) (Version: 8.00.00.0)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1243)
J2SE Runtime Environment 5.0 Update 16 (Version: 1.5.0.160)
Java Auto Updater (Version: 2.1.5.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 7 (Version: 7.0.0)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
JT2Go (Version: 8.3.11020)
Lenovo Central Audio (Version: 3.7.0)
Lenovo Registration
Lenovo System Toolbox (Version: 5.1.5183.14)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MATLAB 6.5
Message Center (Version: 2.01d)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5026 (Version: 9.0.30729.5026)
Mobile Broadband Connect (Version: 3.4.0058)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
NETGEAR USB Control Center (Version: 1.11)
On Screen Display (Version: 5.21.00)
Oracle Web Conferencing Console
Overland (Version: 2.1.4)
overland (Version: 2.1.5)
PhotoGallery (Version: 5.35.0.059)
PL-2303 USB-to-Serial (Version: 1.5.0)
Presentation Director (Version: 4.00a)
PrimoPDF -- by Nitro PDF Software (Version: 5.0.0.19)
PrintScreen (Version: 5.40.10.000)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 5.35.0.047)
QuickTime (Version: 7.70.80.34)
R for Windows 2.13.0 (Version: 2.13.0)
Readme (Version: 40.0.105.000)
Remote Administrator v2.1
Rescue and Recovery (Version: 4.21.0030.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Creator Business Edition (Version: 10.1)
Roxio Creator Business Edition (Version: 10.1.171)
Roxio Express Labeler 3 (Version: 3.2.1)
Scan (Version: 3.5.0.0)
SkinsHP1 (Version: 5.35.0.043)
SkinsHP2 (Version: 5.35.0.043)
Skype Click to Call (Version: 6.0.10201)
Skype™ 5.8 (Version: 5.8.158)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sonic Icons for Lenovo (Version: 2.0.0)
System Update (Version: 3.14.0034)
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter (Version: 7.4.2.105b)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.3100)
ThinkPad EasyEject Utility (Version: 2.36)
ThinkPad FullScreen Magnifier (Version: 2.04)
ThinkPad Modem Adapter (Version: 7.73.00)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.45)
ThinkPad Power Manager (Version: 1.52)
ThinkPad UltraNav Driver (Version: 11.1.21.2)
ThinkPad UltraNav Utility (Version: 2.04)
ThinkVantage Access Connections (Version: 5.21)
ThinkVantage Active Protection System (Version: 1.61)
ThinkVantage GPS (Version: 2.11)
ThinkVantage Productivity Center (Version: 3.02)
ThinkVantage Technologies Welcome Message (Version: 1.20)
TrayApp (Version: 5.35.0.035)
Unload (Version: 3.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
uVision2
Verizon Wireless BroadbandAccess Self Activation (Version: 1.3.2)
Wallpapers
WD SmartWare (Version: 1.5.4)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 5.31.0.147)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 12.0 (Version: 12.0.8252)
XML Paper Specification Shared Components Pack 1.0
XP Themes (Version: 1.00.0000)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3015.95 MB
Available physical RAM: 1599.22 MB
Total Pagefile: 4901.02 MB
Available Pagefile: 3552.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.3 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:226.74 GB) (Free:111.21 GB) NTFS

========================= Users: ========================================

User accounts for \\LENOVO-641B743A

Administrator ASPNET Guest
HelpAssistant Shawn SUPPORT_388945a0


**** End of log ****

__________________________________________________________________


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 16:55:31
-----------------------------
16:55:31.359 OS Version: Windows 5.1.2600 Service Pack 3
16:55:31.359 Number of processors: 2 586 0x170A
16:55:31.359 ComputerName: LENOVO-641B743A UserName: Shawn
16:55:33.890 Initialize success
16:57:57.015 AVAST engine defs: 12061901
16:58:49.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:58:49.125 Disk 0 Vendor: HITACHI_ FBEZ Size: 238475MB BusType: 3
16:58:49.156 Disk 0 MBR read successfully
16:58:49.171 Disk 0 MBR scan
16:58:49.218 Disk 0 unknown MBR code
16:58:49.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 232185 MB offset 2048
16:58:49.265 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6288 MB offset 475516928
16:58:49.281 Disk 0 scanning sectors +488394752
16:58:49.359 Disk 0 scanning C:\WINDOWS\system32\drivers
16:58:58.687 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
16:59:06.500 Disk 0 trace - called modules:
16:59:06.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba1cb698]<<
16:59:06.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac04ab8]
16:59:06.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a053f08]
16:59:06.562 \Driver\00001596[0x8a0e1cc8] -> IRP_MJ_CREATE -> 0xba1cb698
16:59:08.484 AVAST engine scan C:\WINDOWS
16:59:31.843 AVAST engine scan C:\WINDOWS\system32
17:02:49.609 AVAST engine scan C:\WINDOWS\system32\drivers
17:03:01.296 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Sirefef-PL [Rtk]
17:03:28.578 AVAST engine scan C:\Documents and Settings\Shawn
17:48:19.437 File: C:\Documents and Settings\Shawn\Application Data\sbrig.dll **INFECTED** Win32:Medfos-Y [Trj]
17:48:54.437 File: C:\Documents and Settings\Shawn\Application Data\thizc.dll **INFECTED** Win32:Agent-AONR [Trj]
18:00:39.046 File: C:\Documents and Settings\Shawn\Local Settings\Temp\jure221893.exe **INFECTED** Win32:FakeSysdefs-D [Trj]
18:20:59.921 AVAST engine scan C:\Documents and Settings\All Users
18:23:41.890 Scan finished successfully
18:23:57.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Shawn\Desktop\MBR.dat"
18:23:57.875 The log file has been saved successfully to "C:\Documents and Settings\Shawn\Desktop\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 19 June 2012 - 08:39 PM

Welcome, let do a couple more things here.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Please follow our Removal Guide here Remove Live Security Platinum .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sjmb45

sjmb45
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 June 2012 - 11:59 PM

Okay, when I opened the DOS window and typed "netsh winsock reset" I got an error window that said "The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll". That was followed by text in the DOS window that said the "helper DLL cannot be loaded: IFMON.DLL", and "command not found: winsock reset".

I then booted into safe mode and followed the instructions to remove Live Security Platinum, and the MBAM log is shown below.

I then booted into normal mode to download and run TDSKiller. At this point, I was still getting the redirects. I ran TDSKiller and the log is also shown below.

Another odd thing is that the network icon in the icon tray have a red X, but I am connected to the internet.



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Shawn :: LENOVO-641B743A [administrator]

6/19/2012 7:28:47 PM
mbam-log-2012-06-19 (19-28-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495009
Time elapsed: 1 hour(s), 47 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Shawn\Local Settings\Application Data\{1df83bb9-5efc-e1d6-0379-8416d7081835}\n (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP988\A0134979.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP988\A0134980.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP988\A0134981.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP988\A0134982.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.

(end)

______________________________________________________


21:38:01.0187 2012 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:38:01.0734 2012 ============================================================
21:38:01.0734 2012 Current date / time: 2012/06/19 21:38:01.0734
21:38:01.0734 2012 SystemInfo:
21:38:01.0734 2012
21:38:01.0734 2012 OS Version: 5.1.2600 ServicePack: 3.0
21:38:01.0734 2012 Product type: Workstation
21:38:01.0734 2012 ComputerName: LENOVO-641B743A
21:38:01.0734 2012 UserName: Shawn
21:38:01.0734 2012 Windows directory: C:\WINDOWS
21:38:01.0734 2012 System windows directory: C:\WINDOWS
21:38:01.0734 2012 Processor architecture: Intel x86
21:38:01.0734 2012 Number of processors: 2
21:38:01.0734 2012 Page size: 0x1000
21:38:01.0734 2012 Boot type: Normal boot
21:38:01.0734 2012 ============================================================
21:38:02.0031 2012 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:38:02.0031 2012 ============================================================
21:38:02.0031 2012 \Device\Harddisk0\DR0:
21:38:02.0031 2012 MBR partitions:
21:38:02.0031 2012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C57C800
21:38:02.0031 2012 ============================================================
21:38:02.0078 2012 C: <-> \Device\Harddisk0\DR0\Partition0
21:38:02.0078 2012 ============================================================
21:38:02.0078 2012 Initialize success
21:38:02.0078 2012 ============================================================
21:38:08.0796 3632 ============================================================
21:38:08.0796 3632 Scan started
21:38:08.0796 3632 Mode: Manual;
21:38:08.0796 3632 ============================================================
21:38:10.0125 3632 Abiosdsk - ok
21:38:10.0156 3632 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:38:10.0156 3632 abp480n5 - ok
21:38:10.0171 3632 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:38:10.0171 3632 ac97intc - ok
21:38:10.0234 3632 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:38:10.0234 3632 ACPI - ok
21:38:10.0250 3632 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:38:10.0250 3632 ACPIEC - ok
21:38:10.0468 3632 AcPrfMgrSvc (dcb6b7e3f3a93fa4e79a5bacdc6aa75c) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:38:10.0468 3632 AcPrfMgrSvc - ok
21:38:10.0546 3632 acs (cd184ae9246dea759c916fd85c5433da) C:\WINDOWS\system32\acs.exe
21:38:10.0562 3632 acs - ok
21:38:10.0609 3632 AcSvc (10c7bfe433f4e2d7f96c38753d67d201) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
21:38:10.0609 3632 AcSvc - ok
21:38:10.0640 3632 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:38:10.0640 3632 adpu160m - ok
21:38:10.0703 3632 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:38:10.0703 3632 aec - ok
21:38:10.0765 3632 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:38:10.0765 3632 AFD - ok
21:38:10.0812 3632 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:38:10.0812 3632 agp440 - ok
21:38:10.0812 3632 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:38:10.0812 3632 agpCPQ - ok
21:38:10.0843 3632 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:38:10.0843 3632 Aha154x - ok
21:38:10.0859 3632 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:38:10.0859 3632 aic78u2 - ok
21:38:10.0875 3632 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:38:10.0875 3632 aic78xx - ok
21:38:10.0906 3632 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:38:10.0906 3632 Alerter - ok
21:38:10.0937 3632 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:38:10.0937 3632 ALG - ok
21:38:10.0937 3632 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:38:10.0937 3632 AliIde - ok
21:38:10.0968 3632 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:38:10.0968 3632 alim1541 - ok
21:38:10.0984 3632 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:38:10.0984 3632 amdagp - ok
21:38:10.0984 3632 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:38:10.0984 3632 amsint - ok
21:38:11.0031 3632 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:38:11.0031 3632 ANC - ok
21:38:11.0093 3632 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:38:11.0109 3632 AppMgmt - ok
21:38:11.0281 3632 AR5416 (43cb9e73a60d27ad069046b88cc4efeb) C:\WINDOWS\system32\DRIVERS\athw.sys
21:38:11.0328 3632 AR5416 - ok
21:38:11.0578 3632 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:38:11.0578 3632 Arp1394 - ok
21:38:11.0625 3632 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:38:11.0625 3632 asc - ok
21:38:11.0640 3632 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:38:11.0640 3632 asc3350p - ok
21:38:11.0640 3632 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:38:11.0640 3632 asc3550 - ok
21:38:11.0765 3632 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:38:11.0796 3632 aspnet_state - ok
21:38:11.0812 3632 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:11.0812 3632 AsyncMac - ok
21:38:11.0843 3632 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:11.0859 3632 atapi - ok
21:38:11.0859 3632 Atdisk - ok
21:38:11.0906 3632 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:11.0906 3632 Atmarpc - ok
21:38:11.0937 3632 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:38:11.0937 3632 AudioSrv - ok
21:38:11.0984 3632 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:11.0984 3632 audstub - ok
21:38:12.0000 3632 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:38:12.0000 3632 Beep - ok
21:38:12.0078 3632 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:38:12.0093 3632 BITS - ok
21:38:12.0140 3632 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:38:12.0140 3632 Browser - ok
21:38:12.0218 3632 btaudio (ddefeec7e06adbbcf4a270bc297a3199) C:\WINDOWS\system32\drivers\btaudio.sys
21:38:12.0218 3632 btaudio - ok
21:38:12.0265 3632 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
21:38:12.0265 3632 BTDriver - ok
21:38:12.0406 3632 BTKRNL (c845ea0e2a968f4a954c780cf2155452) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:38:12.0406 3632 BTKRNL - ok
21:38:12.0593 3632 btwdins (5032935483b572b5294995d7083b4bc5) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:38:12.0593 3632 btwdins - ok
21:38:12.0843 3632 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
21:38:12.0859 3632 BTWDNDIS - ok
21:38:12.0890 3632 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
21:38:12.0890 3632 BTWUSB - ok
21:38:12.0906 3632 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:38:12.0906 3632 cbidf - ok
21:38:12.0906 3632 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:12.0906 3632 cbidf2k - ok
21:38:12.0906 3632 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:38:12.0906 3632 cd20xrnt - ok
21:38:12.0921 3632 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:12.0921 3632 Cdaudio - ok
21:38:12.0984 3632 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:12.0984 3632 Cdfs - ok
21:38:13.0000 3632 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:13.0000 3632 Cdrom - ok
21:38:13.0000 3632 Changer - ok
21:38:13.0046 3632 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:38:13.0046 3632 CiSvc - ok
21:38:13.0062 3632 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:38:13.0062 3632 ClipSrv - ok
21:38:13.0218 3632 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:13.0265 3632 clr_optimization_v2.0.50727_32 - ok
21:38:13.0296 3632 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:38:13.0296 3632 CmBatt - ok
21:38:13.0328 3632 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:38:13.0328 3632 CmdIde - ok
21:38:13.0406 3632 CnxtHdAudService (d0c7315ad6f3f573ef9ba5812432c9d4) C:\WINDOWS\system32\drivers\CHDAU32.sys
21:38:13.0421 3632 CnxtHdAudService - ok
21:38:13.0453 3632 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:38:13.0453 3632 Compbatt - ok
21:38:13.0468 3632 COMSysApp - ok
21:38:13.0468 3632 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:38:13.0468 3632 Cpqarray - ok
21:38:13.0515 3632 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:38:13.0531 3632 CryptSvc - ok
21:38:13.0531 3632 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:38:13.0546 3632 dac2w2k - ok
21:38:13.0546 3632 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:38:13.0546 3632 dac960nt - ok
21:38:13.0640 3632 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:38:13.0656 3632 DcomLaunch - ok
21:38:13.0703 3632 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:38:13.0703 3632 Dhcp - ok
21:38:13.0703 3632 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:13.0703 3632 Disk - ok
21:38:13.0781 3632 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
21:38:13.0781 3632 DLABMFSM - ok
21:38:13.0796 3632 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:38:13.0796 3632 DLABOIOM - ok
21:38:13.0796 3632 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:38:13.0796 3632 DLACDBHM - ok
21:38:13.0812 3632 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
21:38:13.0812 3632 DLADResM - ok
21:38:13.0828 3632 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:38:13.0828 3632 DLAIFS_M - ok
21:38:13.0843 3632 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:38:13.0843 3632 DLAOPIOM - ok
21:38:13.0859 3632 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:38:13.0859 3632 DLAPoolM - ok
21:38:13.0859 3632 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:38:13.0859 3632 DLARTL_M - ok
21:38:13.0890 3632 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:38:13.0890 3632 DLAUDFAM - ok
21:38:13.0906 3632 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:38:13.0906 3632 DLAUDF_M - ok
21:38:14.0015 3632 dleaCATSCustConnectService (39451bda4cb6d7217d61fc053c2281d2) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe
21:38:14.0031 3632 dleaCATSCustConnectService - ok
21:38:14.0031 3632 dlea_device - ok
21:38:14.0031 3632 dmadmin - ok
21:38:14.0125 3632 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:38:14.0140 3632 dmboot - ok
21:38:14.0156 3632 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:38:14.0156 3632 dmio - ok
21:38:14.0171 3632 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:38:14.0171 3632 dmload - ok
21:38:14.0203 3632 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:38:14.0203 3632 dmserver - ok
21:38:14.0218 3632 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:38:14.0218 3632 DMusic - ok
21:38:14.0265 3632 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:38:14.0281 3632 Dnscache - ok
21:38:14.0328 3632 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:38:14.0328 3632 Dot3svc - ok
21:38:14.0343 3632 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:38:14.0343 3632 dpti2o - ok
21:38:14.0375 3632 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:14.0375 3632 drmkaud - ok
21:38:14.0421 3632 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:38:14.0421 3632 DRVMCDB - ok
21:38:14.0421 3632 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:38:14.0421 3632 DRVNDDM - ok
21:38:14.0453 3632 dsload (4d0c738fe7b84b6cf3ce17606695014c) C:\WINDOWS\system32\drivers\dsload.sys
21:38:14.0453 3632 dsload - ok
21:38:14.0468 3632 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:38:14.0468 3632 E100B - ok
21:38:14.0515 3632 e1yexpress (d725bb377754ca2bfedf9b3047f67782) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
21:38:14.0515 3632 e1yexpress - ok
21:38:14.0546 3632 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:38:14.0546 3632 EapHost - ok
21:38:14.0578 3632 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:38:14.0578 3632 ERSvc - ok
21:38:14.0640 3632 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:38:14.0640 3632 Eventlog - ok
21:38:14.0703 3632 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:38:14.0703 3632 EventSystem - ok
21:38:14.0765 3632 EZUSB (3501a9554b5c584a102b2c66f95916dc) C:\WINDOWS\system32\Drivers\ezusb.sys
21:38:14.0765 3632 EZUSB - ok
21:38:14.0781 3632 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:38:14.0781 3632 Fastfat - ok
21:38:14.0843 3632 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:38:14.0843 3632 FastUserSwitchingCompatibility - ok
21:38:14.0875 3632 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:38:14.0875 3632 Fdc - ok
21:38:14.0906 3632 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:38:14.0921 3632 Fips - ok
21:38:14.0937 3632 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:38:14.0937 3632 Flpydisk - ok
21:38:14.0984 3632 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:38:14.0984 3632 FltMgr - ok
21:38:15.0093 3632 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:15.0093 3632 FontCache3.0.0.0 - ok
21:38:15.0125 3632 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:38:15.0125 3632 Fs_Rec - ok
21:38:15.0140 3632 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:38:15.0140 3632 Ftdisk - ok
21:38:15.0296 3632 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:38:15.0296 3632 GoogleDesktopManager-051210-111108 - ok
21:38:15.0343 3632 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:38:15.0359 3632 Gpc - ok
21:38:15.0406 3632 gupdate1c9d5c63e9acf86 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:15.0406 3632 gupdate1c9d5c63e9acf86 - ok
21:38:15.0421 3632 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:15.0421 3632 gupdatem - ok
21:38:15.0484 3632 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:38:15.0500 3632 gusvc - ok
21:38:15.0546 3632 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:38:15.0546 3632 HDAudBus - ok
21:38:15.0593 3632 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:38:15.0593 3632 HECI - ok
21:38:15.0703 3632 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:38:15.0703 3632 helpsvc - ok
21:38:15.0750 3632 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:38:15.0750 3632 HidServ - ok
21:38:15.0812 3632 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:38:15.0812 3632 HidUsb - ok
21:38:15.0859 3632 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:38:15.0859 3632 hkmsvc - ok
21:38:15.0875 3632 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:38:15.0875 3632 hpn - ok
21:38:15.0906 3632 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:38:15.0906 3632 HPZid412 - ok
21:38:15.0921 3632 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:38:15.0921 3632 HPZipr12 - ok
21:38:15.0953 3632 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:38:15.0953 3632 HPZius12 - ok
21:38:15.0984 3632 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:38:16.0000 3632 HSFHWAZL - ok
21:38:16.0140 3632 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:38:16.0171 3632 HSF_DPV - ok
21:38:16.0218 3632 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:38:16.0218 3632 HTTP - ok
21:38:16.0281 3632 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:38:16.0281 3632 HTTPFilter - ok
21:38:16.0328 3632 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:38:16.0328 3632 i2omgmt - ok
21:38:16.0359 3632 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:38:16.0359 3632 i2omp - ok
21:38:16.0390 3632 i8042prt (fa4409f8742801ae3d896ed9cdaf0ba7) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:38:16.0390 3632 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: fa4409f8742801ae3d896ed9cdaf0ba7, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
21:38:16.0390 3632 i8042prt ( Virus.Win32.ZAccess.c ) - infected
21:38:16.0390 3632 i8042prt - detected Virus.Win32.ZAccess.c (0)
21:38:16.0937 3632 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:38:17.0156 3632 ialm - ok
21:38:17.0421 3632 iaStor (37769c28e1c6489c56e41db7a32d58c5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:38:17.0421 3632 iaStor - ok
21:38:17.0437 3632 IBMPMDRV (699052e165698013020d2ac693cd80c7) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:38:17.0437 3632 IBMPMDRV - ok
21:38:17.0453 3632 IBMPMSVC (5a92b2dc9cca34105a4125ba8d0ba035) C:\WINDOWS\system32\ibmpmsvc.exe
21:38:17.0468 3632 IBMPMSVC - ok
21:38:17.0515 3632 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:38:17.0515 3632 IBMTPCHK - ok
21:38:17.0703 3632 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:38:17.0703 3632 IDriverT - ok
21:38:18.0234 3632 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:18.0375 3632 idsvc - ok
21:38:18.0406 3632 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:38:18.0406 3632 Imapi - ok
21:38:18.0484 3632 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:38:18.0484 3632 ImapiService - ok
21:38:18.0515 3632 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:38:18.0531 3632 ini910u - ok
21:38:18.0546 3632 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:38:18.0546 3632 IntelIde - ok
21:38:18.0609 3632 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:38:18.0609 3632 intelppm - ok
21:38:18.0656 3632 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:38:18.0656 3632 Ip6Fw - ok
21:38:18.0671 3632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:18.0671 3632 IpFilterDriver - ok
21:38:18.0718 3632 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:18.0718 3632 IpInIp - ok
21:38:18.0765 3632 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:18.0765 3632 IpNat - ok
21:38:18.0781 3632 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:38:18.0781 3632 IPSec - ok
21:38:18.0828 3632 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:18.0828 3632 IRENUM - ok
21:38:18.0859 3632 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:18.0859 3632 isapnp - ok
21:38:19.0015 3632 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:38:19.0015 3632 IviRegMgr - ok
21:38:19.0015 3632 ivusb - ok
21:38:19.0203 3632 JavaQuickStarterService (a1509ba3a5fdc5366146e92b3d130eb5) C:\Program Files\Java\jre7\bin\jqs.exe
21:38:19.0203 3632 JavaQuickStarterService - ok
21:38:19.0218 3632 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:19.0218 3632 Kbdclass - ok
21:38:19.0281 3632 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:19.0281 3632 kbdhid - ok
21:38:19.0312 3632 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:38:19.0312 3632 kmixer - ok
21:38:19.0375 3632 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:19.0375 3632 KSecDD - ok
21:38:19.0437 3632 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:38:19.0437 3632 lanmanserver - ok
21:38:19.0500 3632 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:38:19.0515 3632 lanmanworkstation - ok
21:38:19.0515 3632 lbrtfdc - ok
21:38:19.0718 3632 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:38:19.0718 3632 LmHosts - ok
21:38:19.0812 3632 LMS (dfcdb6c952e0394a6d7e4efbcc916839) C:\Program Files\Intel\AMT\LMS.exe
21:38:19.0828 3632 LMS - ok
21:38:19.0953 3632 lnvobus (433a0f74d9beee658abd57a3bae6bcb5) C:\WINDOWS\system32\DRIVERS\lnvobus.sys
21:38:19.0953 3632 lnvobus - ok
21:38:20.0046 3632 lnvocard (ae3abc964e2507eef9f9d1e59dfdf731) C:\WINDOWS\system32\DRIVERS\lnvocard.sys
21:38:20.0062 3632 lnvocard - ok
21:38:20.0093 3632 lnvogps (adec0ea55e370a3136a30f89d265866c) C:\WINDOWS\system32\DRIVERS\lnvogps.sys
21:38:20.0093 3632 lnvogps - ok
21:38:20.0140 3632 lnvomdfl (5eb59877df9e8f1e20222e1fa4a4a8e0) C:\WINDOWS\system32\DRIVERS\lnvomdfl.sys
21:38:20.0140 3632 lnvomdfl - ok
21:38:20.0171 3632 lnvomdfl2 (3eeabdee0b76040a1f6dd8426bd7407e) C:\WINDOWS\system32\DRIVERS\lnvomdfl2.sys
21:38:20.0171 3632 lnvomdfl2 - ok
21:38:20.0234 3632 lnvomdm (dc58c9df74de3911cfb4dd215d504dc0) C:\WINDOWS\system32\DRIVERS\lnvomdm.sys
21:38:20.0250 3632 lnvomdm - ok
21:38:20.0281 3632 lnvomdm2 (0c2553a93a38ce22d9990f5f45a136d9) C:\WINDOWS\system32\DRIVERS\lnvomdm2.sys
21:38:20.0281 3632 lnvomdm2 - ok
21:38:20.0312 3632 lnvond5 (98a8662778ad6acfc2c7f6feab6aa2ea) C:\WINDOWS\system32\DRIVERS\lnvond5.sys
21:38:20.0312 3632 lnvond5 - ok
21:38:20.0390 3632 lnvounic (9d8474e04a513685c7af6ccdbaf1a770) C:\WINDOWS\system32\DRIVERS\lnvounic.sys
21:38:20.0390 3632 lnvounic - ok
21:38:20.0437 3632 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:38:20.0437 3632 mbamchameleon - ok
21:38:20.0484 3632 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:38:20.0484 3632 mdmxsdk - ok
21:38:20.0515 3632 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:38:20.0531 3632 Messenger - ok
21:38:20.0546 3632 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:20.0562 3632 mnmdd - ok
21:38:20.0609 3632 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:38:20.0609 3632 mnmsrvc - ok
21:38:20.0625 3632 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:38:20.0625 3632 Modem - ok
21:38:20.0640 3632 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:20.0640 3632 Mouclass - ok
21:38:20.0687 3632 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:20.0687 3632 mouhid - ok
21:38:20.0703 3632 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:20.0703 3632 MountMgr - ok
21:38:20.0734 3632 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:38:20.0734 3632 mraid35x - ok
21:38:20.0750 3632 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:20.0750 3632 MRxDAV - ok
21:38:20.0812 3632 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:20.0828 3632 MRxSmb - ok
21:38:20.0859 3632 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:38:20.0859 3632 MSDTC - ok
21:38:20.0890 3632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:38:20.0890 3632 Msfs - ok
21:38:20.0906 3632 MSIServer - ok
21:38:20.0921 3632 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:20.0921 3632 MSKSSRV - ok
21:38:20.0921 3632 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:20.0921 3632 MSPCLOCK - ok
21:38:20.0937 3632 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:20.0937 3632 MSPQM - ok
21:38:20.0968 3632 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:20.0968 3632 mssmbios - ok
21:38:21.0000 3632 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:38:21.0000 3632 Mup - ok
21:38:21.0062 3632 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:38:21.0062 3632 napagent - ok
21:38:21.0109 3632 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:38:21.0109 3632 NDIS - ok
21:38:21.0171 3632 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:21.0171 3632 NdisTapi - ok
21:38:21.0218 3632 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:21.0218 3632 Ndisuio - ok
21:38:21.0250 3632 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:21.0250 3632 NdisWan - ok
21:38:21.0265 3632 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:21.0281 3632 NDProxy - ok
21:38:21.0312 3632 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:21.0312 3632 NetBIOS - ok
21:38:21.0328 3632 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:21.0328 3632 NetBT - ok
21:38:21.0375 3632 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:21.0375 3632 NetDDE - ok
21:38:21.0375 3632 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:38:21.0375 3632 NetDDEdsdm - ok
21:38:21.0468 3632 NetgearUDSMBus (5ba9d9bca17971e9bedc2fad2de58c4b) C:\WINDOWS\system32\Drivers\NetgearUDSMBus.sys
21:38:21.0484 3632 NetgearUDSMBus - ok
21:38:21.0531 3632 NetgearUDSTcpBus (31554b6bb3cff23c3e45672b1417adb3) C:\WINDOWS\system32\Drivers\NetgearUDSTcpBus.sys
21:38:21.0531 3632 NetgearUDSTcpBus - ok
21:38:21.0578 3632 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:21.0593 3632 Netlogon - ok
21:38:21.0656 3632 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:38:21.0656 3632 Netman - ok
21:38:21.0859 3632 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:21.0859 3632 NetTcpPortSharing - ok
21:38:21.0906 3632 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:38:21.0906 3632 NIC1394 - ok
21:38:21.0968 3632 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:38:21.0984 3632 Nla - ok
21:38:22.0015 3632 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:38:22.0015 3632 Npfs - ok
21:38:22.0062 3632 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:22.0078 3632 Ntfs - ok
21:38:22.0125 3632 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:22.0125 3632 NtLmSsp - ok
21:38:22.0203 3632 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:38:22.0218 3632 NtmsSvc - ok
21:38:22.0281 3632 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:38:22.0281 3632 Null - ok
21:38:22.0531 3632 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:38:22.0562 3632 nv - ok
21:38:22.0796 3632 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:22.0796 3632 NwlnkFlt - ok
21:38:22.0812 3632 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:22.0812 3632 NwlnkFwd - ok
21:38:22.0937 3632 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:38:22.0937 3632 ohci1394 - ok
21:38:22.0968 3632 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:38:22.0968 3632 Parport - ok
21:38:22.0984 3632 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:22.0984 3632 PartMgr - ok
21:38:23.0015 3632 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:23.0015 3632 ParVdm - ok
21:38:23.0031 3632 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:23.0046 3632 PCI - ok
21:38:23.0046 3632 PCIDump - ok
21:38:23.0046 3632 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:38:23.0046 3632 PCIIde - ok
21:38:23.0093 3632 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:38:23.0093 3632 Pcmcia - ok
21:38:23.0093 3632 PDCOMP - ok
21:38:23.0093 3632 PDFRAME - ok
21:38:23.0109 3632 PDRELI - ok
21:38:23.0109 3632 PDRFRAME - ok
21:38:23.0109 3632 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:38:23.0109 3632 perc2 - ok
21:38:23.0125 3632 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:38:23.0125 3632 perc2hib - ok
21:38:23.0203 3632 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:38:23.0203 3632 PlugPlay - ok
21:38:23.0265 3632 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
21:38:23.0265 3632 pmem - ok
21:38:23.0390 3632 Pml Driver HPZ12 (f9d3bb81bdf8b279e1f37282cd52a9b5) C:\WINDOWS\system32\HPZipm12.exe
21:38:23.0390 3632 Pml Driver HPZ12 - ok
21:38:23.0437 3632 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:23.0437 3632 PolicyAgent - ok
21:38:23.0640 3632 Power Manager DBC Service (bbb42e9fbcd2e55784a2a69f06ca7e8f) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:38:23.0640 3632 Power Manager DBC Service - ok
21:38:23.0703 3632 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:23.0703 3632 PptpMiniport - ok
21:38:23.0750 3632 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:38:23.0750 3632 Processor - ok
21:38:23.0750 3632 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:23.0750 3632 ProtectedStorage - ok
21:38:23.0796 3632 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
21:38:23.0796 3632 psadd - ok
21:38:23.0812 3632 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:23.0812 3632 PSched - ok
21:38:23.0859 3632 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:23.0859 3632 Ptilink - ok
21:38:23.0906 3632 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:38:23.0921 3632 PxHelp20 - ok
21:38:23.0953 3632 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:38:23.0953 3632 ql1080 - ok
21:38:23.0953 3632 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:38:23.0953 3632 Ql10wnt - ok
21:38:23.0953 3632 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:38:23.0953 3632 ql12160 - ok
21:38:23.0968 3632 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:38:23.0968 3632 ql1240 - ok
21:38:23.0968 3632 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:38:23.0968 3632 ql1280 - ok
21:38:24.0031 3632 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:24.0031 3632 RasAcd - ok
21:38:24.0078 3632 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:38:24.0078 3632 RasAuto - ok
21:38:24.0093 3632 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:24.0093 3632 Rasl2tp - ok
21:38:24.0171 3632 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:38:24.0171 3632 RasMan - ok
21:38:24.0171 3632 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:38:24.0171 3632 RasPppoe - ok
21:38:24.0218 3632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:38:24.0218 3632 Raspti - ok
21:38:24.0281 3632 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:38:24.0281 3632 Rdbss - ok
21:38:24.0296 3632 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:38:24.0296 3632 RDPCDD - ok
21:38:24.0328 3632 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:38:24.0328 3632 rdpdr - ok
21:38:24.0375 3632 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
21:38:24.0390 3632 RDPWD - ok
21:38:24.0453 3632 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:38:24.0468 3632 RDSessMgr - ok
21:38:24.0500 3632 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:38:24.0500 3632 redbook - ok
21:38:24.0562 3632 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:38:24.0562 3632 RemoteAccess - ok
21:38:24.0578 3632 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:38:24.0578 3632 RemoteRegistry - ok
21:38:24.0890 3632 RoxMediaDB10 (dac56249aa4c3439038bbb4aab296507) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:38:24.0906 3632 RoxMediaDB10 - ok
21:38:24.0968 3632 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:38:24.0984 3632 RpcLocator - ok
21:38:25.0046 3632 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:38:25.0062 3632 RpcSs - ok
21:38:25.0109 3632 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:38:25.0125 3632 RSVP - ok
21:38:25.0187 3632 r_server (6a413e4d338fb13e58916e3b8051dbbd) C:\WINDOWS\system32\r_server.exe
21:38:25.0187 3632 r_server - ok
21:38:25.0234 3632 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:38:25.0234 3632 SamSs - ok
21:38:25.0265 3632 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:38:25.0265 3632 SCardSvr - ok
21:38:25.0328 3632 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:38:25.0328 3632 Schedule - ok
21:38:25.0421 3632 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:38:25.0421 3632 Secdrv - ok
21:38:25.0453 3632 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:38:25.0468 3632 seclogon - ok
21:38:25.0468 3632 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:38:25.0484 3632 SENS - ok
21:38:25.0515 3632 Ser2pl (74bd6409a96ee31130613fe6a094594b) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:38:25.0515 3632 Ser2pl - ok
21:38:25.0562 3632 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:38:25.0562 3632 serenum - ok
21:38:25.0578 3632 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:38:25.0578 3632 Serial - ok
21:38:25.0703 3632 SessionLauncher - ok
21:38:25.0734 3632 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:38:25.0734 3632 Sfloppy - ok
21:38:25.0796 3632 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:38:25.0812 3632 SharedAccess - ok
21:38:25.0875 3632 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:38:25.0875 3632 ShellHWDetection - ok
21:38:25.0937 3632 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:38:25.0937 3632 Shockprf - ok
21:38:25.0953 3632 Simbad - ok
21:38:25.0984 3632 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:38:25.0984 3632 sisagp - ok
21:38:26.0406 3632 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:38:26.0453 3632 Skype C2C Service - ok
21:38:26.0609 3632 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:38:26.0609 3632 SkypeUpdate - ok
21:38:26.0843 3632 Sony_EricssonWWSC (deaf30a1a325168bf823ecda2fb89f6e) C:\WINDOWS\system32\DRIVERS\lnvoscard.sys
21:38:26.0843 3632 Sony_EricssonWWSC - ok
21:38:26.0859 3632 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:38:26.0859 3632 Sparrow - ok
21:38:26.0906 3632 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:38:26.0906 3632 splitter - ok
21:38:26.0968 3632 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:38:26.0968 3632 Spooler - ok
21:38:26.0984 3632 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:38:26.0984 3632 sr - ok
21:38:27.0046 3632 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:38:27.0046 3632 srservice - ok
21:38:27.0156 3632 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:38:27.0156 3632 Srv - ok
21:38:27.0500 3632 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:38:27.0515 3632 SSDPSRV - ok
21:38:27.0578 3632 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:38:27.0578 3632 stisvc - ok
21:38:27.0687 3632 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:38:27.0687 3632 stllssvr - ok
21:38:27.0843 3632 SUService (b71a41cad9de92219c3891e88f822ac3) c:\program files\lenovo\system update\suservice.exe
21:38:27.0843 3632 SUService - ok
21:38:27.0890 3632 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:38:27.0890 3632 swenum - ok
21:38:27.0906 3632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:38:27.0906 3632 swmidi - ok
21:38:27.0906 3632 SwPrv - ok
21:38:27.0953 3632 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:38:27.0953 3632 symc810 - ok
21:38:27.0953 3632 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:38:27.0953 3632 symc8xx - ok
21:38:27.0968 3632 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:38:27.0968 3632 sym_hi - ok
21:38:27.0968 3632 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:38:27.0968 3632 sym_u3 - ok
21:38:28.0015 3632 SynTP (31801b16a0da62afa55e49f1e4c16045) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:38:28.0015 3632 SynTP - ok
21:38:28.0046 3632 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:38:28.0046 3632 sysaudio - ok
21:38:28.0093 3632 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:38:28.0093 3632 SysmonLog - ok
21:38:28.0171 3632 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:38:28.0171 3632 TapiSrv - ok
21:38:28.0250 3632 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:38:28.0250 3632 Tcpip - ok
21:38:28.0296 3632 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:38:28.0296 3632 TDPIPE - ok
21:38:28.0312 3632 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:38:28.0312 3632 TDTCP - ok
21:38:28.0343 3632 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:38:28.0343 3632 TermDD - ok
21:38:28.0375 3632 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:38:28.0390 3632 TermService - ok
21:38:28.0453 3632 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:38:28.0453 3632 Themes - ok
21:38:28.0671 3632 ThinkVantage Registry Monitor Service (eb90a37aabaefd7b4f4f92befea8c2e2) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:38:28.0687 3632 ThinkVantage Registry Monitor Service - ok
21:38:28.0718 3632 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:38:28.0718 3632 TlntSvr - ok
21:38:28.0796 3632 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:38:28.0796 3632 TosIde - ok
21:38:28.0843 3632 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:38:28.0843 3632 TPDIGIMN - ok
21:38:28.0859 3632 TPHDEXLGSVC (51b679f627a43a25ef9444ad23bbff9a) C:\WINDOWS\system32\TPHDEXLG.exe
21:38:28.0859 3632 TPHDEXLGSVC - ok
21:38:28.0875 3632 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:38:28.0875 3632 TPHKDRV - ok
21:38:28.0921 3632 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
21:38:28.0921 3632 tpm - ok
21:38:28.0953 3632 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:38:28.0953 3632 TPPWRIF - ok
21:38:29.0000 3632 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:38:29.0000 3632 TrkWks - ok
21:38:29.0031 3632 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:38:29.0031 3632 TSMAPIP - ok
21:38:29.0234 3632 TSSCoreService (4a4ffdeb90a151b734a0bea3d420fd3b) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
21:38:29.0250 3632 TSSCoreService - ok
21:38:29.0343 3632 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
21:38:29.0359 3632 TVT Backup Protection Service - ok
21:38:29.0453 3632 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:38:29.0500 3632 TVT Backup Service - ok
21:38:29.0750 3632 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:38:29.0765 3632 TVT Scheduler - ok
21:38:30.0000 3632 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
21:38:30.0000 3632 tvtfilter - ok
21:38:30.0015 3632 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
21:38:30.0015 3632 TVTI2C - ok
21:38:30.0187 3632 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
21:38:30.0187 3632 TVT_UpdateMonitor - ok
21:38:30.0265 3632 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:38:30.0265 3632 Udfs - ok
21:38:30.0296 3632 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:38:30.0296 3632 ultra - ok
21:38:30.0343 3632 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
21:38:30.0343 3632 UMWdf - ok
21:38:30.0609 3632 UNS (a056ec8654cc5e767be552c4e38c08ac) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
21:38:30.0640 3632 UNS - ok
21:38:30.0906 3632 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:38:30.0906 3632 Update - ok
21:38:30.0953 3632 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:38:30.0968 3632 upnphost - ok
21:38:30.0984 3632 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:38:30.0984 3632 UPS - ok
21:38:31.0031 3632 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:38:31.0031 3632 usbaudio - ok
21:38:31.0062 3632 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:38:31.0062 3632 usbccgp - ok
21:38:31.0078 3632 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:38:31.0078 3632 usbehci - ok
21:38:31.0140 3632 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:38:31.0140 3632 usbhub - ok
21:38:31.0203 3632 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:38:31.0203 3632 usbprint - ok
21:38:31.0234 3632 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:38:31.0234 3632 usbscan - ok
21:38:31.0281 3632 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:38:31.0281 3632 USBSTOR - ok
21:38:31.0296 3632 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:38:31.0296 3632 usbuhci - ok
21:38:31.0312 3632 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:38:31.0312 3632 VgaSave - ok
21:38:31.0375 3632 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:38:31.0375 3632 viaagp - ok
21:38:31.0390 3632 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:38:31.0390 3632 ViaIde - ok
21:38:31.0437 3632 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:38:31.0437 3632 VolSnap - ok
21:38:31.0468 3632 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:38:31.0468 3632 VSS - ok
21:38:31.0515 3632 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:38:31.0531 3632 W32Time - ok
21:38:31.0578 3632 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:38:31.0578 3632 Wanarp - ok
21:38:31.0625 3632 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:38:31.0625 3632 WDC_SAM - ok
21:38:31.0796 3632 WDDMService (24e26b7c7706aebf679b70575610d5f9) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
21:38:31.0796 3632 WDDMService - ok
21:38:32.0125 3632 WDFMEService (6c0c5b01a6a57d9b75839ad0f22dc3f1) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
21:38:32.0125 3632 WDFMEService - ok
21:38:32.0890 3632 WDICA - ok
21:38:32.0953 3632 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:38:32.0953 3632 wdmaud - ok
21:38:33.0234 3632 WDRulesService (6063d6602b8d60afa3cc10586b79a58a) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
21:38:33.0250 3632 WDRulesService - ok
21:38:33.0296 3632 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:38:33.0296 3632 WebClient - ok
21:38:33.0406 3632 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:38:33.0421 3632 winachsf - ok
21:38:33.0546 3632 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:38:33.0546 3632 winmgmt - ok
21:38:33.0765 3632 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
21:38:33.0781 3632 WMConnectCDS - ok
21:38:33.0812 3632 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
21:38:33.0828 3632 WmdmPmSN - ok
21:38:33.0906 3632 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:38:33.0906 3632 Wmi - ok
21:38:34.0015 3632 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:38:34.0015 3632 WmiAcpi - ok
21:38:34.0125 3632 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:38:34.0140 3632 WmiApSrv - ok
21:38:34.0203 3632 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:38:34.0203 3632 WSIMD - ok
21:38:34.0250 3632 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:38:34.0250 3632 wuauserv - ok
21:38:34.0343 3632 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:38:34.0359 3632 WZCSVC - ok
21:38:34.0406 3632 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:38:34.0406 3632 xmlprov - ok
21:38:34.0453 3632 MBR (0x1B8) (769eb802224ab2a7f0136e4b8fabd02e) \Device\Harddisk0\DR0
21:38:34.0843 3632 \Device\Harddisk0\DR0 - ok
21:38:34.0843 3632 Boot (0x1200) (8811f68edf363b26faf203e6d79a7885) \Device\Harddisk0\DR0\Partition0
21:38:34.0843 3632 \Device\Harddisk0\DR0\Partition0 - ok
21:38:34.0843 3632 ============================================================
21:38:34.0843 3632 Scan finished
21:38:34.0843 3632 ============================================================
21:38:34.0859 2152 Detected object count: 1
21:38:34.0859 2152 Actual detected object count: 1
21:38:52.0500 2152 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
21:38:53.0171 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\@ - copied to quarantine
21:38:53.0171 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\Desktop.ini - copied to quarantine
21:38:53.0171 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\L\00000004.@ - copied to quarantine
21:38:53.0187 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\L\1afb2d56 - copied to quarantine
21:38:53.0187 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\L\201d3dde - copied to quarantine
21:38:53.0218 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\L\hvmonmrs - copied to quarantine
21:38:53.0234 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\00000004.@ - copied to quarantine
21:38:53.0250 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\00000008.@ - copied to quarantine
21:38:53.0281 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\000000cb.@ - copied to quarantine
21:38:53.0296 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\80000000.@ - copied to quarantine
21:38:53.0328 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\80000032.@ - copied to quarantine
21:38:55.0718 2152 Backup copy found, using it..
21:38:55.0750 2152 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
21:38:57.0437 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\@ - will be deleted on reboot
21:38:57.0437 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\Desktop.ini - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\00000004.@ - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\00000008.@ - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\000000cb.@ - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\80000000.@ - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3752989841\U\80000032.@ - will be deleted on reboot
21:38:57.0468 2152 C:\WINDOWS\$NtUninstallKB52003$\3863176471 - will be deleted on reboot
21:38:57.0468 2152 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
21:39:17.0953 4076 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 20 June 2012 - 11:38 AM

Hello, OK there is a zeroaccess rootkit on board.. We will need to repost and use some different tools.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users