Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help w/ google redirect virus


  • This topic is locked This topic is locked
50 replies to this topic

#1 conga

conga

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 23 June 2012 - 02:36 PM

Hello,

thanks to anyone who can help.
i've got some sort of redirect virus. it even says redirect before it shoves me onto some shopping or generic "find it" type page.

here's my dds info:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by J at 12:17:29 on 2012-06-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1133 [GMT -7:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE 2.0 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\J\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\klwtblfs.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\J\Local Settings\Temporary Internet Files\Content.IE5\J1E4NQ94\Defogger[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080623
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe] rundll32.exe "c:\documents and settings\j\local settings\application data\apple\adobe\wdllfu.dll",CreateInstance
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe"
dRun: [Adobe] rundll32.exe "c:\documents and settings\j\local settings\application data\apple\adobe\wdllfu.dll",CreateInstance
StartupFolder: c:\docume~1\j\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\j\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYUS
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure 2.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure 2.0\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure 2.0\klwtbbho.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{51022A77-C7B9-4A99-A750-F427B159B306} : DhcpNameServer = 192.168.1.254
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-6-14 88632]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-10-20 135984]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-6-14 39352]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-10-20 13104]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-14 583472]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky pure 2.0\avp.exe [2011-12-24 202296]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 gupdate1c9cc3d2b10fdd8;Google Update Service (gupdate1c9cc3d2b10fdd8);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-3 133104]
S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsnmea.sys [2009-2-24 105216]
S3 zgchsmdm;ZTE CDMA Handset USB Modem Proprietary;c:\windows\system32\drivers\zgchsmdm.sys [2009-2-24 105216]
.
=============== Created Last 30 ================
.
2012-06-15 13:42:41 -------- d-----w- c:\program files\Dropbox
2012-06-14 16:00:34 -------- d-----r- C:\Backup
2012-06-14 15:58:43 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-06-14 15:58:43 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-06-14 15:57:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-06-14 15:57:42 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-06-14 15:56:20 -------- d-----w- c:\program files\common files\InfoWatch
2012-06-14 15:56:13 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-14 15:56:12 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-06-13 13:44:31 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 19:32:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 19:32:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 12:19:05.26 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 23 June 2012 - 11:24 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 27 June 2012 - 12:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 28 June 2012 - 09:53 PM

thanks gringo,

i'm getting right on it....

let you know as i go.

=conga

#5 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 28 June 2012 - 10:03 PM

security check contents:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
Java™ 6 Update 13
Java™ 6 Update 5
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
Kaspersky Lab Kaspersky PURE 2.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

#6 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 28 June 2012 - 10:09 PM

hello my friend=

combofix never finished its scan.
the window just disappeared before it finished.
could it be that my virus disabled it?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 29 June 2012 - 09:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 01 July 2012 - 12:41 PM

hello gringo-

here are my records.

thanks again for your help!


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 10:08:42
-----------------------------
10:08:42.328 OS Version: Windows 5.1.2600 Service Pack 3
10:08:42.328 Number of processors: 2 586 0xF0D
10:08:42.328 ComputerName: JEL UserName: J
10:08:42.843 Initialize success
10:08:49.203 AVAST engine defs: 12070100
10:08:53.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:08:53.984 Disk 0 Vendor: ST9120823ASG 3.ADD Size: 114473MB BusType: 3
10:08:54.046 Disk 0 MBR read successfully
10:08:54.062 Disk 0 MBR scan
10:08:54.578 Disk 0 Windows XP default MBR code
10:08:54.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
10:08:54.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114368 MB offset 208845
10:08:54.671 Disk 0 scanning sectors +234436545
10:08:54.750 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:15.843 Service scanning
10:09:24.562 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
10:09:24.593 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
10:09:24.781 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
10:09:25.218 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
10:09:39.125 Modules scanning
10:09:58.703 Disk 0 trace - called modules:
10:09:58.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:09:58.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a829ab8]
10:09:58.718 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a80dd98]
10:09:59.125 AVAST engine scan C:\WINDOWS
10:10:27.218 AVAST engine scan C:\WINDOWS\system32
10:14:25.312 AVAST engine scan C:\WINDOWS\system32\drivers
10:14:57.156 AVAST engine scan C:\Documents and Settings\J
10:16:38.921 File: C:\Documents and Settings\J\Local Settings\Application Data\Apple\Adobe\wdllfu.dll **INFECTED** Win32:Tracur-IB [Trj]
10:21:55.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\MBR.dat"
10:21:55.500 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 10:08:42
-----------------------------
10:08:42.328 OS Version: Windows 5.1.2600 Service Pack 3
10:08:42.328 Number of processors: 2 586 0xF0D
10:08:42.328 ComputerName: JEL UserName: J
10:08:42.843 Initialize success
10:08:49.203 AVAST engine defs: 12070100
10:08:53.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:08:53.984 Disk 0 Vendor: ST9120823ASG 3.ADD Size: 114473MB BusType: 3
10:08:54.046 Disk 0 MBR read successfully
10:08:54.062 Disk 0 MBR scan
10:08:54.578 Disk 0 Windows XP default MBR code
10:08:54.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
10:08:54.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114368 MB offset 208845
10:08:54.671 Disk 0 scanning sectors +234436545
10:08:54.750 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:15.843 Service scanning
10:09:24.562 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
10:09:24.593 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
10:09:24.781 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
10:09:25.218 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
10:09:39.125 Modules scanning
10:09:58.703 Disk 0 trace - called modules:
10:09:58.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:09:58.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a829ab8]
10:09:58.718 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a80dd98]
10:09:59.125 AVAST engine scan C:\WINDOWS
10:10:27.218 AVAST engine scan C:\WINDOWS\system32
10:14:25.312 AVAST engine scan C:\WINDOWS\system32\drivers
10:14:57.156 AVAST engine scan C:\Documents and Settings\J
10:16:38.921 File: C:\Documents and Settings\J\Local Settings\Application Data\Apple\Adobe\wdllfu.dll **INFECTED** Win32:Tracur-IB [Trj]
10:21:55.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\MBR.dat"
10:21:55.500 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\aswMBR.txt"
10:32:04.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\MBR.dat"
10:32:04.859 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\dds virus log\aswMBR.txt"


tdsk:
10:39:19.0984 4276 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
10:39:20.0515 4276 ============================================================
10:39:20.0515 4276 Current date / time: 2012/07/01 10:39:20.0515
10:39:20.0515 4276 SystemInfo:
10:39:20.0515 4276
10:39:20.0515 4276 OS Version: 5.1.2600 ServicePack: 3.0
10:39:20.0515 4276 Product type: Workstation
10:39:20.0515 4276 ComputerName: JEL
10:39:20.0515 4276 UserName: J
10:39:20.0515 4276 Windows directory: C:\WINDOWS
10:39:20.0515 4276 System windows directory: C:\WINDOWS
10:39:20.0515 4276 Processor architecture: Intel x86
10:39:20.0515 4276 Number of processors: 2
10:39:20.0515 4276 Page size: 0x1000
10:39:20.0515 4276 Boot type: Normal boot
10:39:20.0515 4276 ============================================================
10:39:23.0171 4276 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:39:23.0218 4276 ============================================================
10:39:23.0218 4276 \Device\Harddisk0\DR0:
10:39:23.0234 4276 MBR partitions:
10:39:23.0234 4276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0xDF607F4
10:39:23.0234 4276 ============================================================
10:39:23.0359 4276 C: <-> \Device\Harddisk0\DR0\Partition0
10:39:23.0359 4276 ============================================================
10:39:23.0359 4276 Initialize success
10:39:23.0359 4276 ============================================================
10:39:38.0343 1236 ============================================================
10:39:38.0343 1236 Scan started
10:39:38.0343 1236 Mode: Manual;
10:39:38.0343 1236 ============================================================
10:39:39.0234 1236 Abiosdsk - ok
10:39:39.0250 1236 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:39:39.0250 1236 abp480n5 - ok
10:39:39.0296 1236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:39:39.0296 1236 ACPI - ok
10:39:39.0296 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:39:39.0296 1236 ACPIEC - ok
10:39:39.0375 1236 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:39:39.0375 1236 AdobeFlashPlayerUpdateSvc - ok
10:39:39.0390 1236 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:39:39.0390 1236 adpu160m - ok
10:39:39.0406 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:39:39.0406 1236 aec - ok
10:39:39.0453 1236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:39:39.0453 1236 AFD - ok
10:39:39.0468 1236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:39:39.0468 1236 agp440 - ok
10:39:39.0484 1236 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:39:39.0484 1236 agpCPQ - ok
10:39:39.0500 1236 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:39:39.0500 1236 Aha154x - ok
10:39:39.0500 1236 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:39:39.0500 1236 aic78u2 - ok
10:39:39.0515 1236 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:39:39.0515 1236 aic78xx - ok
10:39:39.0546 1236 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:39:39.0546 1236 Alerter - ok
10:39:39.0562 1236 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:39:39.0562 1236 ALG - ok
10:39:39.0578 1236 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:39:39.0578 1236 AliIde - ok
10:39:39.0578 1236 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:39:39.0593 1236 alim1541 - ok
10:39:39.0593 1236 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:39:39.0593 1236 amdagp - ok
10:39:39.0609 1236 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:39:39.0609 1236 amsint - ok
10:39:39.0625 1236 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:39:39.0625 1236 ApfiltrService - ok
10:39:39.0671 1236 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
10:39:39.0671 1236 APPDRV - ok
10:39:39.0765 1236 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:39:39.0765 1236 Apple Mobile Device - ok
10:39:39.0781 1236 AppMgmt - ok
10:39:39.0812 1236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:39:39.0812 1236 Arp1394 - ok
10:39:39.0843 1236 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:39:39.0843 1236 asc - ok
10:39:39.0843 1236 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:39:39.0843 1236 asc3350p - ok
10:39:39.0859 1236 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:39:39.0859 1236 asc3550 - ok
10:39:39.0921 1236 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:39:39.0921 1236 ASFIPmon - ok
10:39:40.0015 1236 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:39:40.0015 1236 aspnet_state - ok
10:39:40.0062 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:39:40.0062 1236 AsyncMac - ok
10:39:40.0078 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:39:40.0078 1236 atapi - ok
10:39:40.0078 1236 Atdisk - ok
10:39:40.0125 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:39:40.0125 1236 Atmarpc - ok
10:39:40.0156 1236 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:39:40.0156 1236 AudioSrv - ok
10:39:40.0187 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:39:40.0187 1236 audstub - ok
10:39:40.0250 1236 AVP (3d19081fede8e9ef5b4fbb5f88ee4544) C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
10:39:40.0265 1236 AVP - ok
10:39:40.0312 1236 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:39:40.0312 1236 b57w2k - ok
10:39:40.0312 1236 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:39:40.0328 1236 BASFND - ok
10:39:40.0421 1236 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:39:40.0437 1236 BCM43XX - ok
10:39:40.0484 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:39:40.0484 1236 Beep - ok
10:39:40.0546 1236 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:39:40.0562 1236 BITS - ok
10:39:40.0640 1236 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
10:39:40.0640 1236 Bonjour Service - ok
10:39:40.0687 1236 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:39:40.0687 1236 Browser - ok
10:39:40.0718 1236 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:39:40.0718 1236 cbidf - ok
10:39:40.0718 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:39:40.0718 1236 cbidf2k - ok
10:39:40.0750 1236 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:39:40.0765 1236 cd20xrnt - ok
10:39:40.0765 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:39:40.0781 1236 Cdaudio - ok
10:39:40.0828 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:39:40.0843 1236 Cdfs - ok
10:39:40.0859 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:39:40.0859 1236 Cdrom - ok
10:39:40.0875 1236 Changer - ok
10:39:40.0921 1236 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:39:40.0921 1236 CiSvc - ok
10:39:40.0937 1236 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:39:40.0937 1236 ClipSrv - ok
10:39:41.0015 1236 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:41.0015 1236 clr_optimization_v2.0.50727_32 - ok
10:39:41.0046 1236 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:39:41.0046 1236 CmBatt - ok
10:39:41.0078 1236 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:39:41.0078 1236 CmdIde - ok
10:39:41.0125 1236 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:39:41.0125 1236 Compbatt - ok
10:39:41.0125 1236 COMSysApp - ok
10:39:41.0171 1236 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:39:41.0171 1236 Cpqarray - ok
10:39:41.0203 1236 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:39:41.0203 1236 CryptSvc - ok
10:39:41.0234 1236 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
10:39:41.0234 1236 CSCrySec - ok
10:39:41.0343 1236 CSObjectsSrv (6e5b42219f1fe4a3d087d9d501e343d5) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
10:39:41.0359 1236 CSObjectsSrv - ok
10:39:41.0390 1236 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
10:39:41.0390 1236 CSVirtualDiskDrv - ok
10:39:41.0421 1236 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:39:41.0437 1236 dac2w2k - ok
10:39:41.0437 1236 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:39:41.0453 1236 dac960nt - ok
10:39:41.0500 1236 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:39:41.0500 1236 DcomLaunch - ok
10:39:41.0546 1236 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:39:41.0546 1236 Dhcp - ok
10:39:41.0578 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:39:41.0578 1236 Disk - ok
10:39:41.0593 1236 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
10:39:41.0609 1236 DLABMFSM - ok
10:39:41.0609 1236 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
10:39:41.0609 1236 DLABOIOM - ok
10:39:41.0625 1236 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:39:41.0625 1236 DLACDBHM - ok
10:39:41.0625 1236 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
10:39:41.0640 1236 DLADResM - ok
10:39:41.0656 1236 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
10:39:41.0656 1236 DLAIFS_M - ok
10:39:41.0656 1236 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
10:39:41.0656 1236 DLAOPIOM - ok
10:39:41.0671 1236 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
10:39:41.0671 1236 DLAPoolM - ok
10:39:41.0687 1236 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:39:41.0687 1236 DLARTL_M - ok
10:39:41.0703 1236 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
10:39:41.0703 1236 DLAUDFAM - ok
10:39:41.0718 1236 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
10:39:41.0718 1236 DLAUDF_M - ok
10:39:41.0718 1236 dmadmin - ok
10:39:41.0781 1236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:39:41.0796 1236 dmboot - ok
10:39:41.0812 1236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:39:41.0812 1236 dmio - ok
10:39:41.0843 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:39:41.0843 1236 dmload - ok
10:39:41.0890 1236 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:39:41.0890 1236 dmserver - ok
10:39:41.0937 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:39:41.0937 1236 DMusic - ok
10:39:41.0968 1236 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:39:41.0968 1236 Dnscache - ok
10:39:42.0015 1236 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:39:42.0031 1236 Dot3svc - ok
10:39:42.0062 1236 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:39:42.0062 1236 dpti2o - ok
10:39:42.0109 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:39:42.0109 1236 drmkaud - ok
10:39:42.0140 1236 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:39:42.0140 1236 DRVMCDB - ok
10:39:42.0156 1236 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:39:42.0156 1236 DRVNDDM - ok
10:39:42.0203 1236 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
10:39:42.0203 1236 DXEC01 - ok
10:39:42.0218 1236 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:39:42.0218 1236 E100B - ok
10:39:42.0265 1236 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:39:42.0265 1236 EapHost - ok
10:39:42.0296 1236 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:39:42.0296 1236 ERSvc - ok
10:39:42.0343 1236 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:39:42.0359 1236 Eventlog - ok
10:39:42.0390 1236 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:39:42.0406 1236 EventSystem - ok
10:39:42.0437 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:39:42.0453 1236 Fastfat - ok
10:39:42.0484 1236 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:39:42.0500 1236 FastUserSwitchingCompatibility - ok
10:39:42.0546 1236 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:39:42.0546 1236 Fax - ok
10:39:42.0562 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:39:42.0562 1236 Fdc - ok
10:39:42.0593 1236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:39:42.0593 1236 Fips - ok
10:39:42.0609 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:39:42.0609 1236 Flpydisk - ok
10:39:42.0640 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:39:42.0640 1236 FltMgr - ok
10:39:42.0750 1236 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:39:42.0750 1236 FontCache3.0.0.0 - ok
10:39:42.0781 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:39:42.0781 1236 Fs_Rec - ok
10:39:42.0796 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:39:42.0796 1236 Ftdisk - ok
10:39:42.0843 1236 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:39:42.0843 1236 GEARAspiWDM - ok
10:39:42.0890 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:39:42.0890 1236 Gpc - ok
10:39:42.0906 1236 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
10:39:42.0906 1236 guardian2 - ok
10:39:43.0031 1236 gupdate1c9cc3d2b10fdd8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:39:43.0046 1236 gupdate1c9cc3d2b10fdd8 - ok
10:39:43.0046 1236 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
10:39:43.0046 1236 gupdatem - ok
10:39:43.0125 1236 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:39:43.0140 1236 gusvc - ok
10:39:43.0187 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:39:43.0187 1236 HDAudBus - ok
10:39:43.0250 1236 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:39:43.0250 1236 helpsvc - ok
10:39:43.0265 1236 HidServ - ok
10:39:43.0296 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:39:43.0296 1236 HidUsb - ok
10:39:43.0328 1236 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:39:43.0328 1236 hkmsvc - ok
10:39:43.0375 1236 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:39:43.0375 1236 hpn - ok
10:39:43.0406 1236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:39:43.0421 1236 HPZid412 - ok
10:39:43.0453 1236 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:39:43.0453 1236 HPZipr12 - ok
10:39:43.0484 1236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:39:43.0484 1236 HPZius12 - ok
10:39:43.0531 1236 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:39:43.0546 1236 HSFHWAZL - ok
10:39:43.0609 1236 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:39:43.0625 1236 HSF_DPV - ok
10:39:43.0671 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:39:43.0671 1236 HTTP - ok
10:39:43.0718 1236 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:39:43.0718 1236 HTTPFilter - ok
10:39:43.0765 1236 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:39:43.0765 1236 i2omgmt - ok
10:39:43.0781 1236 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:39:43.0781 1236 i2omp - ok
10:39:43.0796 1236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:39:43.0812 1236 i8042prt - ok
10:39:44.0156 1236 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:39:44.0250 1236 ialm - ok
10:39:44.0359 1236 ICDSPTSV (05c0a75ba2f910f69a643ee4f9767acf) C:\WINDOWS\system32\IcdSptSv.exe
10:39:44.0359 1236 ICDSPTSV - ok
10:39:44.0375 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:39:44.0375 1236 Imapi - ok
10:39:44.0421 1236 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:39:44.0421 1236 ImapiService - ok
10:39:44.0453 1236 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:39:44.0453 1236 ini910u - ok
10:39:44.0468 1236 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:39:44.0468 1236 IntelIde - ok
10:39:44.0484 1236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:39:44.0484 1236 intelppm - ok
10:39:44.0484 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:39:44.0484 1236 Ip6Fw - ok
10:39:44.0500 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:39:44.0500 1236 IpFilterDriver - ok
10:39:44.0500 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:39:44.0500 1236 IpInIp - ok
10:39:44.0515 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:39:44.0515 1236 IpNat - ok
10:39:44.0625 1236 iPod Service (dcb3796e0169419618c72f0ce34c68ed) C:\Program Files\iPod\bin\iPodService.exe
10:39:44.0625 1236 iPod Service - ok
10:39:44.0640 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:39:44.0640 1236 IPSec - ok
10:39:44.0640 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:39:44.0640 1236 IRENUM - ok
10:39:44.0656 1236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:39:44.0656 1236 isapnp - ok
10:39:44.0765 1236 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Program Files\Java\jre6\bin\jqs.exe
10:39:44.0765 1236 JavaQuickStarterService - ok
10:39:44.0796 1236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:39:44.0812 1236 Kbdclass - ok
10:39:44.0828 1236 KL1 (f992818a90c8d79092ee72328968b141) C:\WINDOWS\system32\DRIVERS\kl1.sys
10:39:44.0843 1236 KL1 - ok
10:39:44.0843 1236 kl2 (7aad8f20af01797f0a3c61ab727214e1) C:\WINDOWS\system32\DRIVERS\kl2.sys
10:39:44.0843 1236 kl2 - ok
10:39:44.0906 1236 KLIF (2e4fde35ccb0bf889fd1d003a6e7377b) C:\WINDOWS\system32\DRIVERS\klif.sys
10:39:44.0906 1236 KLIF - ok
10:39:44.0953 1236 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
10:39:44.0953 1236 klim5 - ok
10:39:44.0968 1236 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
10:39:44.0968 1236 klmouflt - ok
10:39:44.0984 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:39:44.0984 1236 kmixer - ok
10:39:45.0015 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:39:45.0015 1236 KSecDD - ok
10:39:45.0062 1236 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:39:45.0062 1236 lanmanserver - ok
10:39:45.0093 1236 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:39:45.0093 1236 lanmanworkstation - ok
10:39:45.0109 1236 lbrtfdc - ok
10:39:45.0156 1236 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:39:45.0156 1236 LmHosts - ok
10:39:45.0234 1236 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files\Common Files\Motive\McciCMService.exe
10:39:45.0234 1236 McciCMService - ok
10:39:45.0281 1236 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
10:39:45.0281 1236 MDC8021X - ok
10:39:45.0312 1236 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:39:45.0312 1236 mdmxsdk - ok
10:39:45.0343 1236 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:39:45.0343 1236 Messenger - ok
10:39:45.0375 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:39:45.0375 1236 mnmdd - ok
10:39:45.0406 1236 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:39:45.0406 1236 mnmsrvc - ok
10:39:45.0468 1236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:39:45.0468 1236 Modem - ok
10:39:45.0484 1236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:39:45.0484 1236 Mouclass - ok
10:39:45.0515 1236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:39:45.0515 1236 mouhid - ok
10:39:45.0531 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:39:45.0531 1236 MountMgr - ok
10:39:45.0562 1236 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:39:45.0562 1236 mraid35x - ok
10:39:45.0593 1236 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:39:45.0593 1236 MREMP50 - ok
10:39:45.0593 1236 MREMP50a64 - ok
10:39:45.0640 1236 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:39:45.0640 1236 MRESP50 - ok
10:39:45.0656 1236 MRESP50a64 - ok
10:39:45.0703 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:39:45.0703 1236 MRxDAV - ok
10:39:45.0750 1236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:39:45.0765 1236 MRxSmb - ok
10:39:45.0796 1236 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:39:45.0796 1236 MSDTC - ok
10:39:45.0828 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:39:45.0828 1236 Msfs - ok
10:39:45.0843 1236 MSIServer - ok
10:39:45.0859 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:39:45.0859 1236 MSKSSRV - ok
10:39:45.0875 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:39:45.0875 1236 MSPCLOCK - ok
10:39:45.0875 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:39:45.0890 1236 MSPQM - ok
10:39:45.0921 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:39:45.0921 1236 mssmbios - ok
10:39:45.0953 1236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:39:45.0953 1236 Mup - ok
10:39:46.0000 1236 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:39:46.0000 1236 napagent - ok
10:39:46.0062 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:39:46.0062 1236 NDIS - ok
10:39:46.0109 1236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:39:46.0109 1236 NdisTapi - ok
10:39:46.0109 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:39:46.0125 1236 Ndisuio - ok
10:39:46.0125 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:39:46.0140 1236 NdisWan - ok
10:39:46.0171 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:39:46.0171 1236 NDProxy - ok
10:39:46.0203 1236 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
10:39:46.0203 1236 Net Driver HPZ12 - ok
10:39:46.0203 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:39:46.0218 1236 NetBIOS - ok
10:39:46.0234 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:39:46.0234 1236 NetBT - ok
10:39:46.0281 1236 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:39:46.0296 1236 NetDDE - ok
10:39:46.0296 1236 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:39:46.0296 1236 NetDDEdsdm - ok
10:39:46.0343 1236 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:39:46.0343 1236 Netlogon - ok
10:39:46.0375 1236 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:39:46.0375 1236 Netman - ok
10:39:46.0390 1236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:39:46.0390 1236 NIC1394 - ok
10:39:46.0515 1236 NICCONFIGSVC (27d38b7d646283d98d65e3435b1e6197) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
10:39:46.0515 1236 NICCONFIGSVC - ok
10:39:46.0562 1236 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:39:46.0578 1236 Nla - ok
10:39:46.0609 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:39:46.0609 1236 Npfs - ok
10:39:46.0640 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:39:46.0656 1236 Ntfs - ok
10:39:46.0687 1236 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:39:46.0703 1236 NtLmSsp - ok
10:39:46.0750 1236 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:39:46.0765 1236 NtmsSvc - ok
10:39:46.0796 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:39:46.0796 1236 Null - ok
10:39:46.0937 1236 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:39:46.0968 1236 nv - ok
10:39:47.0031 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:39:47.0031 1236 NwlnkFlt - ok
10:39:47.0046 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:39:47.0046 1236 NwlnkFwd - ok
10:39:47.0093 1236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:39:47.0093 1236 ohci1394 - ok
10:39:47.0171 1236 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:39:47.0171 1236 ose - ok
10:39:47.0234 1236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:39:47.0234 1236 Parport - ok
10:39:47.0250 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:39:47.0250 1236 PartMgr - ok
10:39:47.0281 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:39:47.0281 1236 ParVdm - ok
10:39:47.0312 1236 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
10:39:47.0328 1236 PBADRV - ok
10:39:47.0343 1236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:39:47.0343 1236 PCI - ok
10:39:47.0359 1236 PCIDump - ok
10:39:47.0390 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:39:47.0406 1236 PCIIde - ok
10:39:47.0421 1236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:39:47.0421 1236 Pcmcia - ok
10:39:47.0421 1236 PDCOMP - ok
10:39:47.0437 1236 PDFRAME - ok
10:39:47.0437 1236 PDRELI - ok
10:39:47.0453 1236 PDRFRAME - ok
10:39:47.0484 1236 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:39:47.0484 1236 perc2 - ok
10:39:47.0515 1236 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:39:47.0515 1236 perc2hib - ok
10:39:47.0578 1236 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:39:47.0578 1236 PlugPlay - ok
10:39:47.0718 1236 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
10:39:47.0718 1236 Pml Driver HPZ12 - ok
10:39:47.0828 1236 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:39:47.0828 1236 PolicyAgent - ok
10:39:47.0953 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:39:47.0953 1236 PptpMiniport - ok
10:39:47.0953 1236 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:39:47.0968 1236 ProtectedStorage - ok
10:39:47.0968 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:39:47.0968 1236 PSched - ok
10:39:47.0968 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:39:47.0968 1236 Ptilink - ok
10:39:48.0000 1236 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:39:48.0000 1236 PxHelp20 - ok
10:39:48.0015 1236 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:39:48.0015 1236 ql1080 - ok
10:39:48.0031 1236 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:39:48.0031 1236 Ql10wnt - ok
10:39:48.0046 1236 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:39:48.0046 1236 ql12160 - ok
10:39:48.0046 1236 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:39:48.0046 1236 ql1240 - ok
10:39:48.0062 1236 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:39:48.0062 1236 ql1280 - ok
10:39:48.0078 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:39:48.0078 1236 RasAcd - ok
10:39:48.0109 1236 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:39:48.0109 1236 RasAuto - ok
10:39:48.0140 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:39:48.0140 1236 Rasl2tp - ok
10:39:48.0171 1236 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:39:48.0187 1236 RasMan - ok
10:39:48.0187 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:39:48.0187 1236 RasPppoe - ok
10:39:48.0203 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:39:48.0203 1236 Raspti - ok
10:39:48.0218 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:39:48.0218 1236 Rdbss - ok
10:39:48.0250 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:39:48.0250 1236 RDPCDD - ok
10:39:48.0281 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:39:48.0281 1236 rdpdr - ok
10:39:48.0312 1236 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:39:48.0312 1236 RDPWD - ok
10:39:48.0359 1236 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:39:48.0359 1236 RDSessMgr - ok
10:39:48.0406 1236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:39:48.0406 1236 redbook - ok
10:39:48.0437 1236 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:39:48.0437 1236 RemoteAccess - ok
10:39:48.0468 1236 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:39:48.0468 1236 RpcLocator - ok
10:39:48.0515 1236 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:39:48.0515 1236 RpcSs - ok
10:39:48.0562 1236 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:39:48.0562 1236 RSVP - ok
10:39:48.0593 1236 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:39:48.0609 1236 SamSs - ok
10:39:48.0625 1236 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:39:48.0625 1236 SCardSvr - ok
10:39:48.0671 1236 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:39:48.0687 1236 Schedule - ok
10:39:48.0796 1236 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:39:48.0796 1236 SeaPort - ok
10:39:48.0875 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:39:48.0875 1236 Secdrv - ok
10:39:48.0921 1236 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:39:48.0921 1236 seclogon - ok
10:39:49.0046 1236 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
10:39:49.0046 1236 SecureStorageService - ok
10:39:49.0062 1236 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:39:49.0062 1236 SENS - ok
10:39:49.0109 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:39:49.0109 1236 serenum - ok
10:39:49.0125 1236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:39:49.0125 1236 Serial - ok
10:39:49.0156 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:39:49.0156 1236 Sfloppy - ok
10:39:49.0218 1236 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:39:49.0218 1236 SharedAccess - ok
10:39:49.0265 1236 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:39:49.0265 1236 ShellHWDetection - ok
10:39:49.0281 1236 Simbad - ok
10:39:49.0312 1236 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:39:49.0312 1236 sisagp - ok
10:39:49.0359 1236 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:39:49.0359 1236 SONYPVU1 - ok
10:39:49.0390 1236 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:39:49.0390 1236 Sparrow - ok
10:39:49.0437 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:39:49.0437 1236 splitter - ok
10:39:49.0468 1236 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:39:49.0484 1236 Spooler - ok
10:39:49.0500 1236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:39:49.0500 1236 sr - ok
10:39:49.0531 1236 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:39:49.0546 1236 srservice - ok
10:39:49.0593 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:39:49.0593 1236 Srv - ok
10:39:49.0625 1236 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:39:49.0625 1236 SSDPSRV - ok
10:39:49.0656 1236 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
10:39:49.0671 1236 STacSV - ok
10:39:49.0765 1236 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
10:39:49.0781 1236 STHDA - ok
10:39:49.0828 1236 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:39:49.0843 1236 stisvc - ok
10:39:49.0953 1236 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:39:49.0953 1236 stllssvr - ok
10:39:50.0015 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:39:50.0015 1236 swenum - ok
10:39:50.0031 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:39:50.0031 1236 swmidi - ok
10:39:50.0046 1236 SwPrv - ok
10:39:50.0093 1236 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:39:50.0093 1236 symc810 - ok
10:39:50.0109 1236 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:39:50.0109 1236 symc8xx - ok
10:39:50.0125 1236 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:39:50.0140 1236 sym_hi - ok
10:39:50.0156 1236 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:39:50.0156 1236 sym_u3 - ok
10:39:50.0171 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:39:50.0171 1236 sysaudio - ok
10:39:50.0218 1236 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:39:50.0234 1236 SysmonLog - ok
10:39:50.0265 1236 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:39:50.0265 1236 TapiSrv - ok
10:39:50.0312 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:39:50.0328 1236 Tcpip - ok
10:39:50.0468 1236 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
10:39:50.0484 1236 tcsd_win32.exe - ok
10:39:50.0578 1236 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
10:39:50.0593 1236 TdmService - ok
10:39:50.0703 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:39:50.0703 1236 TDPIPE - ok
10:39:50.0718 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:39:50.0718 1236 TDTCP - ok
10:39:50.0734 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:39:50.0734 1236 TermDD - ok
10:39:50.0781 1236 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:39:50.0796 1236 TermService - ok
10:39:50.0843 1236 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:39:50.0843 1236 Themes - ok
10:39:50.0875 1236 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:39:50.0890 1236 TosIde - ok
10:39:50.0906 1236 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:39:50.0921 1236 TrkWks - ok
10:39:50.0937 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:39:50.0953 1236 Udfs - ok
10:39:50.0968 1236 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:39:50.0968 1236 ultra - ok
10:39:51.0015 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:39:51.0031 1236 Update - ok
10:39:51.0062 1236 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:39:51.0078 1236 upnphost - ok
10:39:51.0093 1236 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:39:51.0109 1236 UPS - ok
10:39:51.0140 1236 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:39:51.0140 1236 USBAAPL - ok
10:39:51.0187 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:39:51.0187 1236 usbccgp - ok
10:39:51.0218 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:39:51.0218 1236 usbehci - ok
10:39:51.0265 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:39:51.0265 1236 usbhub - ok
10:39:51.0281 1236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:39:51.0281 1236 usbprint - ok
10:39:51.0312 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:39:51.0312 1236 usbscan - ok
10:39:51.0328 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:39:51.0328 1236 USBSTOR - ok
10:39:51.0343 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:39:51.0343 1236 usbuhci - ok
10:39:51.0359 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:39:51.0375 1236 VgaSave - ok
10:39:51.0390 1236 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:39:51.0390 1236 viaagp - ok
10:39:51.0406 1236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:39:51.0406 1236 ViaIde - ok
10:39:51.0437 1236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:39:51.0437 1236 VolSnap - ok
10:39:51.0484 1236 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:39:51.0500 1236 VSS - ok
10:39:51.0531 1236 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:39:51.0546 1236 w32time - ok
10:39:51.0562 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:39:51.0562 1236 Wanarp - ok
10:39:51.0562 1236 Wave UCSPlus - ok
10:39:51.0703 1236 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
10:39:51.0718 1236 WaveEnrollmentService - ok
10:39:51.0750 1236 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
10:39:51.0750 1236 WaveFDE - ok
10:39:51.0796 1236 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
10:39:51.0796 1236 WavxDMgr - ok
10:39:51.0812 1236 WDICA - ok
10:39:51.0859 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:39:51.0859 1236 wdmaud - ok
10:39:51.0906 1236 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:39:51.0906 1236 WebClient - ok
10:39:51.0984 1236 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:39:52.0000 1236 winachsf - ok
10:39:52.0062 1236 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:39:52.0078 1236 winmgmt - ok
10:39:52.0093 1236 wltrysvc - ok
10:39:52.0125 1236 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:39:52.0125 1236 WmdmPmSN - ok
10:39:52.0156 1236 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:39:52.0156 1236 WmiAcpi - ok
10:39:52.0187 1236 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:39:52.0187 1236 WmiApSrv - ok
10:39:52.0328 1236 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:39:52.0343 1236 WMPNetworkSvc - ok
10:39:52.0375 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:39:52.0390 1236 WpdUsb - ok
10:39:52.0421 1236 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:39:52.0437 1236 wscsvc - ok
10:39:52.0453 1236 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:39:52.0453 1236 wuauserv - ok
10:39:52.0500 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:39:52.0500 1236 WudfPf - ok
10:39:52.0531 1236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:39:52.0531 1236 WudfRd - ok
10:39:52.0562 1236 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:39:52.0562 1236 WudfSvc - ok
10:39:52.0625 1236 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:39:52.0640 1236 WZCSVC - ok
10:39:52.0671 1236 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:39:52.0687 1236 xmlprov - ok
10:39:52.0718 1236 zgchsdiag (67f4c23554692143229de9ad09d579a7) C:\WINDOWS\system32\DRIVERS\zgchsnmea.sys
10:39:52.0718 1236 zgchsdiag - ok
10:39:52.0765 1236 zgchsmdm (67f4c23554692143229de9ad09d579a7) C:\WINDOWS\system32\DRIVERS\zgchsmdm.sys
10:39:52.0765 1236 zgchsmdm - ok
10:39:52.0796 1236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:39:53.0234 1236 \Device\Harddisk0\DR0 - ok
10:39:53.0250 1236 Boot (0x1200) (41fa02301d0f0b923cecc6f7c31c5766) \Device\Harddisk0\DR0\Partition0
10:39:53.0250 1236 \Device\Harddisk0\DR0\Partition0 - ok
10:39:53.0250 1236 ============================================================
10:39:53.0250 1236 Scan finished
10:39:53.0250 1236 ============================================================
10:39:53.0265 3248 Detected object count: 0
10:39:53.0265 3248 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 01 July 2012 - 01:52 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 03 July 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 July 2012 - 12:11 AM

ok gringo,

i'm still here, just got real busy w/ work.
gonna do the combofix in safe mode tomorrow.
i'll let you know what happens.

thanks again!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 06 July 2012 - 06:02 AM

no problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 08 July 2012 - 01:53 PM

hello gringo-

couldn't get on internet in safe mode, so i started combo fix from a flash drive.
one thing that might be a snag: combo fix was trying to establish a system restore point but couldn't due to no internet connection in safe mode.
now it's scanning through the stages.
says deleting some c: drive files.

should i be nervous? will my computer still work when this is done?

also, i'm not sure what you meant by rebooting in safe mode. I guess i'll just keep pressing f8 if it tries to reboot.

now it's preparing log report, i'll post that next if i can. (this message typed on different computer)

thanks!

#14 conga

conga
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 08 July 2012 - 02:09 PM

ok my friend,

now that i restarted my computer in normal mode, (so that i can get on the internet), i can't find the combo fix log!

but the good news is, i'm not getting redirected from google anymore and everything on my computer still seems to be in working
order.

am i good now, or should we try and get that log?

sincere thanks,

conga

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:34 PM

Posted 08 July 2012 - 06:01 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users