Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and some other sites redirecting


  • This topic is locked This topic is locked
32 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 02 July 2012 - 09:56 AM

Hello, how are you? I'm working on a Windows XP SP3 desktop that keeps redirecting Google searches along with some other website redirection.
In regular Safe Mode, I scanned with up-to-date AVG Antivirus, Malwarebytes & TDSSKILLER but with no help. The removed items didn't make a difference. I'll attaching a Hijackthis log but I an error pops-up three-fourths of the way running Hijackthis (attached). I'll greatly appreciate any guidance :)

[attachment=125916:hijackthis.log]

BC AdBot (Login to Remove)

 


#2 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 02 July 2012 - 05:30 PM

Sorry about posting Hijack as attachment - here's the text.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:24:09 PM, on 7/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinLIP.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinLIP.exe
C:\WINDOWS\system32\LVComS.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25411
R3 - URLSearchHook: (no name) - {FF365CDC-88FE-4ffa-A3F3-357855231DFA} - C:\Program Files\puredefmusic\toolbar\1.bin\p3SrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
O1 - Hosts: 74.50.127.5 www.google.com
O1 - Hosts: 74.50.127.5 www.google.com.au
O1 - Hosts: 74.50.127.5 www.google.be
O1 - Hosts: 74.50.127.5 www.google.com.br
O1 - Hosts: 74.50.127.5 www.google.ca
O1 - Hosts: 74.50.127.5 www.google.ch
O1 - Hosts: 74.50.127.5 www.google.de
O1 - Hosts: 74.50.127.5 www.google.dk
O1 - Hosts: 74.50.127.5 www.google.fr
O1 - Hosts: 74.50.127.5 www.google.ie
O1 - Hosts: 74.50.127.5 www.google.it
O1 - Hosts: 74.50.127.5 www.google.co.jp
O1 - Hosts: 74.50.127.5 www.google.nl
O1 - Hosts: 74.50.127.5 www.google.no
O1 - Hosts: 74.50.127.5 www.google.co.nz
O1 - Hosts: 74.50.127.5 www.google.pl
O1 - Hosts: 74.50.127.5 www.google.se
O1 - Hosts: 74.50.127.5 www.google.co.uk
O1 - Hosts: 74.50.127.5 www.google.co.za
O1 - Hosts: 74.50.127.5 www.bing.com
O1 - Hosts: 74.50.127.5 search.yahoo.com
O1 - Hosts: 74.50.127.5 uk.search.yahoo.com
O1 - Hosts: 74.50.127.5 ca.search.yahoo.com
O1 - Hosts: 74.50.127.5 de.search.yahoo.com
O1 - Hosts: 74.50.127.5 fr.search.yahoo.com
O1 - Hosts: 74.50.127.5 au.search.yahoo.com
O1 - Hosts: 74.50.127.5 www.google-analytics.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [rpitsp] C:\WINDOWS\rpitsp.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinLIP.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.17/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8661 bytes

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 02 July 2012 - 11:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 09:57 AM

Thank you so far - do I do them in Safe Mode or regular Windows?

#5 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 11:22 AM

I did all these in regular Windows.

Defogger first:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:12 on 03/07/2012 (Owner)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

#6 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 11:23 AM

Security Check next:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.42.34 Flash Player out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#7 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 11:24 AM

Two DOS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 12:15:23 on 2012-07-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.619 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinLIP.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinLIP.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://hotmail.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCYYYYYYOVUS&fl=0&ptb=Z3Iw1Q1EAXDNDYiFYaR4DQ&ind=2008061719&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25411
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
uURLSearchHooks: N/A: {ff365cdc-88fe-4ffa-a3f3-357855231dfa} - c:\program files\puredefmusic\toolbar\1.bin\p3SrcAs.dll
uURLSearchHooks: H - No File
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: PureDef Music Toolbar: {e30a55b9-f1b7-43a4-b3f6-ec90cdc4fe60} - c:\program files\puredefmusic\toolbar\1.bin\p3bar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [rpitsp] c:\windows\rpitsp.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WinLIP.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.17/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
TCP: Interfaces\{C6F06ED3-FCFD-436D-8FB1-680BDDD74F1D} : DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.50.127.5 www.google.com
Hosts: 74.50.127.5 www.google.com.au
Hosts: 74.50.127.5 www.google.be
Hosts: 74.50.127.5 www.google.com.br
Hosts: 74.50.127.5 www.google.ca
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-23 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-21 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-21 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-21 44808]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-2 55152]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-2 47640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-7-24 13408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-06-29 17:12:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 03:16:45 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr
2012-06-11 22:27:23 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-11 22:27:23 230808 ------w- c:\windows\system32\cpnprt2.cid
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 19:41:49 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-16 19:41:49 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-16 19:41:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-16 19:41:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:31:03 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:31:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-03-19 21:49:21 2445741 ----a-w- c:\program files\PumpExpeditions.exe
.
============= FINISH: 12:16:36.84 ===============

&....

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/19/2005 5:28:12 PM
System Uptime: 7/3/2012 12:03:12 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D865GVHZ
Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2926/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 32.205 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.675 GiB free.
E: is CDROM (CDFS)
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0A48&PID_3239\9203111
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0A48&PID_3239\9203111
Service: USBSTOR
.
==== System Restore Points ===================
.
RP1004: 5/10/2012 8:34:18 PM - System Checkpoint
RP1005: 5/10/2012 10:56:05 PM - Software Distribution Service 3.0
RP1006: 5/11/2012 10:10:02 AM - Software Distribution Service 3.0
RP1007: 5/11/2012 4:40:35 PM - Software Distribution Service 3.0
RP1008: 5/11/2012 6:01:01 PM - Software Distribution Service 3.0
RP1009: 5/12/2012 8:53:59 PM - System Checkpoint
RP1010: 5/14/2012 1:01:06 PM - System Checkpoint
RP1011: 5/16/2012 3:47:15 PM - Printer Driver LogMeIn Printer Driver Installed
RP1012: 5/17/2012 7:57:26 PM - System Checkpoint
RP1013: 5/19/2012 12:23:28 AM - System Checkpoint
RP1014: 5/20/2012 10:15:38 AM - System Checkpoint
RP1015: 5/21/2012 2:01:05 PM - System Checkpoint
RP1016: 5/22/2012 4:22:43 AM - Software Distribution Service 3.0
RP1017: 5/23/2012 5:16:58 PM - System Checkpoint
RP1018: 5/24/2012 5:57:11 PM - System Checkpoint
RP1019: 5/28/2012 2:53:27 PM - System Checkpoint
RP1020: 5/30/2012 5:54:40 PM - System Checkpoint
RP1021: 5/31/2012 11:49:36 PM - System Checkpoint
RP1022: 6/3/2012 10:36:21 PM - System Checkpoint
RP1023: 6/4/2012 2:42:34 PM - Software Distribution Service 3.0
RP1024: 6/5/2012 3:33:57 PM - System Checkpoint
RP1025: 6/7/2012 1:27:41 PM - System Checkpoint
RP1026: 6/9/2012 1:51:50 PM - System Checkpoint
RP1027: 6/12/2012 2:18:47 PM - System Checkpoint
RP1028: 6/12/2012 11:19:08 PM - Software Distribution Service 3.0
RP1029: 6/15/2012 8:52:57 PM - System Checkpoint
RP1030: 6/18/2012 5:16:43 PM - System Checkpoint
RP1031: 6/20/2012 12:22:21 PM - System Checkpoint
RP1032: 6/22/2012 7:21:49 PM - System Checkpoint
RP1033: 6/25/2012 10:55:32 AM - System Checkpoint
RP1034: 6/25/2012 6:30:34 PM - Installed HP Product Detection
RP1035: 6/25/2012 6:30:51 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1036: 6/29/2012 1:36:36 PM - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 74.50.127.5 www.google.com
Hosts: 74.50.127.5 www.google.com.au
Hosts: 74.50.127.5 www.google.be
Hosts: 74.50.127.5 www.google.com.br
Hosts: 74.50.127.5 www.google.ca
Hosts: 74.50.127.5 www.google.ch
Hosts: 74.50.127.5 www.google.de
Hosts: 74.50.127.5 www.google.dk
Hosts: 74.50.127.5 www.google.fr
Hosts: 74.50.127.5 www.google.ie
Hosts: 74.50.127.5 www.google.it
Hosts: 74.50.127.5 www.google.co.jp
Hosts: 74.50.127.5 www.google.nl
Hosts: 74.50.127.5 www.google.no
Hosts: 74.50.127.5 www.google.co.nz
Hosts: 74.50.127.5 www.google.pl
Hosts: 74.50.127.5 www.google.se
Hosts: 74.50.127.5 www.google.co.uk
Hosts: 74.50.127.5 www.google.co.za
Hosts: 74.50.127.5 www.bing.com
Hosts: 74.50.127.5 search.yahoo.com
Hosts: 74.50.127.5 uk.search.yahoo.com
Hosts: 74.50.127.5 ca.search.yahoo.com
Hosts: 74.50.127.5 de.search.yahoo.com
Hosts: 74.50.127.5 fr.search.yahoo.com
Hosts: 74.50.127.5 au.search.yahoo.com
Hosts: 74.50.127.5 www.google-analytics.com
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
ASPCA TriMini Reminder by We-Care.com v5.0.5.1
avast! Free Antivirus
BufferChm
C4600
Choice Guard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
Digital Camera Driver
Digital Media Reader
Freeze.com NetAssistant
Gadu-Gadu 7.1
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Unload DLL Patch
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
Internet Password Lock
ipla 2.3.5
Java 2 Runtime Environment, SE v1.4.2
K-Lite Codec Pack 6.2.0 (Basic)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
Nero BurnRights
Nero OEM
NetAssistant
ooVoo
overland
PowerDVD
PS_AIO_05_C4600_Software_Min
PumpExpeditions
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 5.10
SmartWebPrinting
SoftV92 Data Fax Modem with SmartCP
SolutionCenter
Status
Toolbox
TrayApp
Ulead VideoStudio 8.0 SE VCD
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Essentials
Windows Live Family Safety
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/29/2012 12:30:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/29/2012 12:30:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/29/2012 12:29:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2012 12:28:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
6/29/2012 12:28:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 12:28:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 12:28:39 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 12:28:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 12:28:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 12:27:40 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
6/29/2012 1:14:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
6/29/2012 1:13:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 03 July 2012 - 01:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 03:30 PM

Combofix log, I had no problems & computer works back to normal!!! :) :) :) :) - THANK YOU :) :) :)

ComboFix 12-07-02.01 - Owner 07/03/2012 15:45:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.616 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\a014b9
c:\documents and settings\All Users\Application Data\a014b9\41.mof
c:\documents and settings\All Users\Application Data\a014b9\a014b9879085d32df0884c5ea41921a8.ocx
c:\documents and settings\All Users\Application Data\a014b9\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\Logitech Desktop Messenger.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\Microsoft Office.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\WinLIP.EXE
c:\documents and settings\All Users\Application Data\a014b9\BMP.ico
c:\documents and settings\All Users\Application Data\a014b9\fm9gglm9q01u8k4r3g45e7tm9q01u8bw01u8njdu8w.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\anyone\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner\My Documents\~WRL0002.tmp
c:\documents and settings\Owner\My Documents\~WRL0055.tmp
c:\documents and settings\Owner\My Documents\~WRL0641.tmp
c:\documents and settings\Owner\My Documents\~WRL1210.tmp
c:\documents and settings\Owner\My Documents\~WRL1367.tmp
c:\documents and settings\Owner\My Documents\~WRL1495.tmp
c:\documents and settings\Owner\My Documents\~WRL1709.tmp
c:\documents and settings\Owner\My Documents\~WRL1738.tmp
c:\documents and settings\Owner\My Documents\~WRL1914.tmp
c:\documents and settings\Owner\My Documents\~WRL3046.tmp
c:\documents and settings\Owner\My Documents\~WRL3294.tmp
c:\documents and settings\Owner\My Documents\~WRL4075.tmp
c:\documents and settings\Owner\Recent\ANTIGEN.sys
c:\documents and settings\Owner\Recent\cb.dll
c:\documents and settings\Owner\Recent\ddv.sys
c:\documents and settings\Owner\Recent\eb.tmp
c:\documents and settings\Owner\Recent\energy.exe
c:\documents and settings\Owner\Recent\exec.dll
c:\documents and settings\Owner\Recent\fix.drv
c:\documents and settings\Owner\Recent\kernel32.exe
c:\documents and settings\Owner\Recent\PE.drv
c:\documents and settings\Owner\Recent\ppal.dll
c:\documents and settings\Owner\Recent\runddlkey.exe
c:\documents and settings\Owner\Recent\SICKBOY.tmp
c:\documents and settings\Owner\Recent\SM.exe
c:\documents and settings\Owner\Recent\snl2w.drv
c:\documents and settings\Owner\Recent\std.drv
c:\documents and settings\Owner\Recent\tjd.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\EventSystem.log
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET33.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\setb12.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETE8.tmp
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 19:59 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2012-07-03 19:59 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2012-06-29 17:12 . 2012-06-29 17:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 03:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 12:52 . 2010-04-21 21:26 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-04-21 21:26 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-02-24 00:09 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-04-21 21:26 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-04-21 21:26 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-04-21 21:26 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-04-21 21:26 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-04-21 21:26 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-30 19:07 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-04-21 21:25 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-11 22:27 . 2012-03-19 21:59 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-11 22:27 . 2012-03-19 21:59 230808 ------w- c:\windows\system32\cpnprt2.cid
2012-06-02 19:19 . 2007-06-19 01:36 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-19 01:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-26 18:01 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-26 18:01 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2004-08-26 18:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-19 01:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-06-22 01:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-26 18:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-26 16:11 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-06-19 01:36 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-26 18:01 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-26 18:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-04-04 16:02 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-04-04 16:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2009-04-04 16:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 19:41 . 2009-04-02 22:07 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-16 19:41 . 2009-04-02 22:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-16 19:41 . 2009-04-02 22:07 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-16 19:41 . 2009-04-02 22:07 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-16 15:08 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-26 16:12 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:31 . 2012-04-01 20:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:31 . 2011-12-09 01:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12 . 2004-08-26 16:12 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 05:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-26 18:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-03-19 21:49 . 2003-03-18 21:20 2445741 ----a-w- c:\program files\PumpExpeditions.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-21 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"rpitsp"="c:\windows\rpitsp.exe" [2007-09-13 20480]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-19 150016]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-8-8 169472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinLIP.EXE [2009-2-7 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-05-16 19:41 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 23:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-21 22:44 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-13 20:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-10-18 22:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 8:09 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/21/2010 5:26 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/21/2010 5:26 PM 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/1/2010 7:05 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 4:14 PM 257696]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 13408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:31]
.
2012-07-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 12:51]
.
2005-06-19 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hotmail.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCYYYYYYOVUS&fl=0&ptb=Z3Iw1Q1EAXDNDYiFYaR4DQ&ind=2008061719&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25411
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{FF365CDC-88FE-4ffa-A3F3-357855231DFA} - c:\program files\puredefmusic\toolbar\1.bin\p3SrcAs.dll
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60} - c:\program files\puredefmusic\toolbar\1.bin\p3bar.dll
Notify-WgaLogon - (no file)
SafeBoot-02641491.sys
SafeBoot-85990300.sys
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 16:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\WinLIP.EXE
c:\documents and settings\All Users\Start Menu\Programs\Startup\WinLIP.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2012-07-03 16:19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 20:18
.
Pre-Run: 36,833,976,320 bytes free
Post-Run: 39,214,452,736 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B184C9C0C35C5D6E28A70C3590222B41


ComboFix 12-07-02.01 - Owner 07/03/2012 15:45:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1007.616 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\a014b9
c:\documents and settings\All Users\Application Data\a014b9\41.mof
c:\documents and settings\All Users\Application Data\a014b9\a014b9879085d32df0884c5ea41921a8.ocx
c:\documents and settings\All Users\Application Data\a014b9\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\Logitech Desktop Messenger.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\Microsoft Office.lnk
c:\documents and settings\All Users\Application Data\a014b9\BackUp\WinLIP.EXE
c:\documents and settings\All Users\Application Data\a014b9\BMP.ico
c:\documents and settings\All Users\Application Data\a014b9\fm9gglm9q01u8k4r3g45e7tm9q01u8bw01u8njdu8w.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\anyone\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner\My Documents\~WRL0002.tmp
c:\documents and settings\Owner\My Documents\~WRL0055.tmp
c:\documents and settings\Owner\My Documents\~WRL0641.tmp
c:\documents and settings\Owner\My Documents\~WRL1210.tmp
c:\documents and settings\Owner\My Documents\~WRL1367.tmp
c:\documents and settings\Owner\My Documents\~WRL1495.tmp
c:\documents and settings\Owner\My Documents\~WRL1709.tmp
c:\documents and settings\Owner\My Documents\~WRL1738.tmp
c:\documents and settings\Owner\My Documents\~WRL1914.tmp
c:\documents and settings\Owner\My Documents\~WRL3046.tmp
c:\documents and settings\Owner\My Documents\~WRL3294.tmp
c:\documents and settings\Owner\My Documents\~WRL4075.tmp
c:\documents and settings\Owner\Recent\ANTIGEN.sys
c:\documents and settings\Owner\Recent\cb.dll
c:\documents and settings\Owner\Recent\ddv.sys
c:\documents and settings\Owner\Recent\eb.tmp
c:\documents and settings\Owner\Recent\energy.exe
c:\documents and settings\Owner\Recent\exec.dll
c:\documents and settings\Owner\Recent\fix.drv
c:\documents and settings\Owner\Recent\kernel32.exe
c:\documents and settings\Owner\Recent\PE.drv
c:\documents and settings\Owner\Recent\ppal.dll
c:\documents and settings\Owner\Recent\runddlkey.exe
c:\documents and settings\Owner\Recent\SICKBOY.tmp
c:\documents and settings\Owner\Recent\SM.exe
c:\documents and settings\Owner\Recent\snl2w.drv
c:\documents and settings\Owner\Recent\std.drv
c:\documents and settings\Owner\Recent\tjd.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\EventSystem.log
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET33.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\setb12.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETE8.tmp
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 19:59 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2012-07-03 19:59 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2012-06-29 17:12 . 2012-06-29 17:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 03:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 12:52 . 2010-04-21 21:26 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-04-21 21:26 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-02-24 00:09 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-04-21 21:26 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-04-21 21:26 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-04-21 21:26 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-04-21 21:26 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-04-21 21:26 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-30 19:07 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-04-21 21:25 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-11 22:27 . 2012-03-19 21:59 230808 ----a-r- c:\windows\cpnprt2.cid
2012-06-11 22:27 . 2012-03-19 21:59 230808 ------w- c:\windows\system32\cpnprt2.cid
2012-06-02 19:19 . 2007-06-19 01:36 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-19 01:36 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-26 18:01 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-26 18:01 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2004-08-26 18:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-19 01:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-06-22 01:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-26 18:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-26 16:11 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-06-19 01:36 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-26 18:01 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-26 18:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-04-04 16:02 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2009-04-04 16:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2009-04-04 16:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 19:41 . 2009-04-02 22:07 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-16 19:41 . 2009-04-02 22:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-16 19:41 . 2009-04-02 22:07 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-16 19:41 . 2009-04-02 22:07 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-16 15:08 . 2004-08-26 16:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-26 16:12 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-26 16:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-26 16:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-26 16:11 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 23:31 . 2012-04-01 20:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:31 . 2011-12-09 01:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12 . 2004-08-26 16:12 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 05:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-26 18:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-03-19 21:49 . 2003-03-18 21:20 2445741 ----a-w- c:\program files\PumpExpeditions.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-21 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"rpitsp"="c:\windows\rpitsp.exe" [2007-09-13 20480]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-19 150016]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-8-8 169472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinLIP.EXE [2009-2-7 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-05-16 19:41 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 23:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-21 22:44 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-13 20:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-10-18 22:05 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/23/2011 8:09 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/21/2010 5:26 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/21/2010 5:26 PM 21256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/1/2010 7:05 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/7/2012 7:12 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 4:14 PM 257696]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [7/24/2008 6:45 PM 13408]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:31]
.
2012-07-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 12:51]
.
2005-06-19 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hotmail.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCYYYYYYOVUS&fl=0&ptb=Z3Iw1Q1EAXDNDYiFYaR4DQ&ind=2008061719&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:25411
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{FF365CDC-88FE-4ffa-A3F3-357855231DFA} - c:\program files\puredefmusic\toolbar\1.bin\p3SrcAs.dll
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{E30A55B9-F1B7-43A4-B3F6-EC90CDC4FE60} - c:\program files\puredefmusic\toolbar\1.bin\p3bar.dll
Notify-WgaLogon - (no file)
SafeBoot-02641491.sys
SafeBoot-85990300.sys
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 16:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\WinLIP.EXE
c:\documents and settings\All Users\Start Menu\Programs\Startup\WinLIP.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\LVComS.exe
.
**************************************************************************
.
Completion time: 2012-07-03 16:19:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 20:18
.
Pre-Run: 36,833,976,320 bytes free
Post-Run: 39,214,452,736 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B184C9C0C35C5D6E28A70C3590222B41

#10 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 03:43 PM

How do I close this topic?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 AM

Posted 03 July 2012 - 05:09 PM

It is very early to be closing the topic as we still have work to do


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 05:43 PM

Oh, okay, I thought we're good - oops. I'll add the logs in a few minutes.

#13 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 06:25 PM

Here's TDSS:

18:37:34.0734 3148 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:37:35.0156 3148 ============================================================
18:37:35.0156 3148 Current date / time: 2012/07/03 18:37:35.0156
18:37:35.0156 3148 SystemInfo:
18:37:35.0156 3148
18:37:35.0156 3148 OS Version: 5.1.2600 ServicePack: 3.0
18:37:35.0156 3148 Product type: Workstation
18:37:35.0156 3148 ComputerName: JUNE2005
18:37:35.0156 3148 UserName: Owner
18:37:35.0156 3148 Windows directory: C:\WINDOWS
18:37:35.0156 3148 System windows directory: C:\WINDOWS
18:37:35.0156 3148 Processor architecture: Intel x86
18:37:35.0156 3148 Number of processors: 1
18:37:35.0156 3148 Page size: 0x1000
18:37:35.0171 3148 Boot type: Normal boot
18:37:35.0171 3148 ============================================================
18:37:36.0578 3148 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:36.0578 3148 Drive \Device\Harddisk1\DR3 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:37:36.0578 3148 ============================================================
18:37:36.0578 3148 \Device\Harddisk0\DR0:
18:37:36.0578 3148 MBR partitions:
18:37:36.0578 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x776127, BlocksNum 0x8D944D9
18:37:36.0578 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7760E8
18:37:36.0578 3148 \Device\Harddisk1\DR3:
18:37:36.0578 3148 MBR partitions:
18:37:36.0578 3148 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
18:37:36.0578 3148 ============================================================
18:37:36.0625 3148 C: <-> \Device\Harddisk0\DR0\Partition0
18:37:36.0625 3148 D: <-> \Device\Harddisk0\DR0\Partition1
18:37:36.0625 3148 ============================================================
18:37:36.0625 3148 Initialize success
18:37:36.0625 3148 ============================================================
18:37:41.0312 3256 ============================================================
18:37:41.0312 3256 Scan started
18:37:41.0312 3256 Mode: Manual;
18:37:41.0312 3256 ============================================================
18:37:42.0750 3256 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:37:42.0765 3256 Aavmker4 - ok
18:37:42.0765 3256 Abiosdsk - ok
18:37:42.0796 3256 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:37:42.0812 3256 abp480n5 - ok
18:37:42.0875 3256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:42.0875 3256 ACPI - ok
18:37:42.0921 3256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:37:42.0921 3256 ACPIEC - ok
18:37:43.0000 3256 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:37:43.0015 3256 AdobeFlashPlayerUpdateSvc - ok
18:37:43.0062 3256 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:37:43.0062 3256 adpu160m - ok
18:37:43.0078 3256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:43.0093 3256 aec - ok
18:37:43.0140 3256 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:37:43.0140 3256 AFD - ok
18:37:43.0203 3256 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:37:43.0203 3256 AFS2K - ok
18:37:43.0234 3256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:37:43.0234 3256 agp440 - ok
18:37:43.0250 3256 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:37:43.0250 3256 agpCPQ - ok
18:37:43.0328 3256 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:37:43.0328 3256 Aha154x - ok
18:37:43.0343 3256 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:37:43.0343 3256 aic78u2 - ok
18:37:43.0359 3256 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:37:43.0359 3256 aic78xx - ok
18:37:43.0515 3256 ALCXWDM (3cb2e2c258bfff962f90e26c0649c638) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:37:43.0531 3256 ALCXWDM - ok
18:37:43.0671 3256 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:37:43.0687 3256 Alerter - ok
18:37:43.0718 3256 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:37:43.0718 3256 ALG - ok
18:37:43.0781 3256 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:37:43.0781 3256 AliIde - ok
18:37:43.0812 3256 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:37:43.0812 3256 alim1541 - ok
18:37:43.0875 3256 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:37:43.0875 3256 amdagp - ok
18:37:43.0890 3256 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:37:43.0890 3256 amsint - ok
18:37:43.0890 3256 AppMgmt - ok
18:37:43.0921 3256 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:37:43.0937 3256 asc - ok
18:37:43.0937 3256 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:37:43.0937 3256 asc3350p - ok
18:37:43.0953 3256 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:37:43.0953 3256 asc3550 - ok
18:37:44.0125 3256 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:37:44.0203 3256 aspnet_state - ok
18:37:44.0234 3256 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:37:44.0234 3256 aswFsBlk - ok
18:37:44.0265 3256 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
18:37:44.0265 3256 aswMon2 - ok
18:37:44.0281 3256 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\aswRdr.sys
18:37:44.0296 3256 aswRdr - ok
18:37:44.0359 3256 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
18:37:44.0359 3256 aswSnx - ok
18:37:44.0421 3256 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
18:37:44.0421 3256 aswSP - ok
18:37:44.0453 3256 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
18:37:44.0453 3256 aswTdi - ok
18:37:44.0500 3256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:44.0500 3256 AsyncMac - ok
18:37:44.0515 3256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:44.0531 3256 atapi - ok
18:37:44.0531 3256 Atdisk - ok
18:37:44.0578 3256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:44.0593 3256 Atmarpc - ok
18:37:44.0640 3256 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:37:44.0640 3256 AudioSrv - ok
18:37:44.0687 3256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:44.0703 3256 audstub - ok
18:37:44.0828 3256 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:37:44.0828 3256 avast! Antivirus - ok
18:37:44.0859 3256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:44.0875 3256 Beep - ok
18:37:44.0937 3256 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:37:45.0093 3256 BITS - ok
18:37:45.0140 3256 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:37:45.0140 3256 Browser - ok
18:37:45.0156 3256 catchme - ok
18:37:45.0218 3256 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:37:45.0218 3256 cbidf - ok
18:37:45.0234 3256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:45.0234 3256 cbidf2k - ok
18:37:45.0296 3256 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:37:45.0296 3256 CCDECODE - ok
18:37:45.0312 3256 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:37:45.0312 3256 cd20xrnt - ok
18:37:45.0343 3256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:45.0343 3256 Cdaudio - ok
18:37:45.0390 3256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:45.0390 3256 Cdfs - ok
18:37:45.0406 3256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:45.0406 3256 Cdrom - ok
18:37:45.0421 3256 Changer - ok
18:37:45.0484 3256 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:37:45.0484 3256 CiSvc - ok
18:37:45.0531 3256 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:37:45.0531 3256 ClipSrv - ok
18:37:45.0703 3256 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:37:45.0703 3256 clr_optimization_v2.0.50727_32 - ok
18:37:45.0796 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:37:45.0921 3256 clr_optimization_v4.0.30319_32 - ok
18:37:45.0968 3256 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:37:45.0968 3256 CmdIde - ok
18:37:45.0984 3256 COMSysApp - ok
18:37:46.0015 3256 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:37:46.0015 3256 Cpqarray - ok
18:37:46.0062 3256 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:37:46.0062 3256 CryptSvc - ok
18:37:46.0125 3256 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:37:46.0125 3256 dac2w2k - ok
18:37:46.0140 3256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:37:46.0140 3256 dac960nt - ok
18:37:46.0203 3256 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:37:46.0265 3256 DcomLaunch - ok
18:37:46.0312 3256 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:37:46.0343 3256 Dhcp - ok
18:37:46.0390 3256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:46.0390 3256 Disk - ok
18:37:46.0406 3256 dmadmin - ok
18:37:46.0500 3256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:46.0515 3256 dmboot - ok
18:37:46.0546 3256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:37:46.0546 3256 dmio - ok
18:37:46.0593 3256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:46.0593 3256 dmload - ok
18:37:46.0640 3256 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:37:46.0640 3256 dmserver - ok
18:37:46.0671 3256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:46.0671 3256 DMusic - ok
18:37:46.0734 3256 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:37:46.0734 3256 Dnscache - ok
18:37:46.0796 3256 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:37:46.0796 3256 Dot3svc - ok
18:37:46.0843 3256 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:37:46.0843 3256 dpti2o - ok
18:37:46.0890 3256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:46.0890 3256 drmkaud - ok
18:37:46.0953 3256 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:37:46.0953 3256 E100B - ok
18:37:47.0000 3256 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:37:47.0000 3256 EapHost - ok
18:37:47.0046 3256 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:37:47.0046 3256 ERSvc - ok
18:37:47.0109 3256 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:47.0171 3256 Eventlog - ok
18:37:47.0234 3256 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:37:47.0250 3256 EventSystem - ok
18:37:47.0296 3256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:47.0296 3256 Fastfat - ok
18:37:47.0609 3256 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:47.0625 3256 FastUserSwitchingCompatibility - ok
18:37:47.0640 3256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:37:47.0640 3256 Fdc - ok
18:37:47.0703 3256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:47.0703 3256 Fips - ok
18:37:47.0859 3256 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:37:47.0875 3256 FLEXnet Licensing Service - ok
18:37:47.0906 3256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:37:47.0906 3256 Flpydisk - ok
18:37:47.0968 3256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:47.0968 3256 FltMgr - ok
18:37:48.0109 3256 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:37:48.0109 3256 FontCache3.0.0.0 - ok
18:37:48.0156 3256 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:37:48.0156 3256 fssfltr - ok
18:37:48.0281 3256 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:37:48.0312 3256 fsssvc - ok
18:37:48.0359 3256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:48.0375 3256 Fs_Rec - ok
18:37:48.0390 3256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:48.0390 3256 Ftdisk - ok
18:37:48.0453 3256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:48.0453 3256 Gpc - ok
18:37:48.0562 3256 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:37:48.0578 3256 helpsvc - ok
18:37:48.0625 3256 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:37:48.0625 3256 HidServ - ok
18:37:48.0640 3256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:37:48.0640 3256 HidUsb - ok
18:37:48.0687 3256 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:37:48.0687 3256 hkmsvc - ok
18:37:48.0765 3256 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:37:48.0765 3256 hpn - ok
18:37:48.0828 3256 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:37:48.0828 3256 HPZid412 - ok
18:37:48.0843 3256 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:37:48.0843 3256 HPZipr12 - ok
18:37:48.0890 3256 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:37:48.0890 3256 HPZius12 - ok
18:37:48.0953 3256 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:37:48.0953 3256 HSFHWBS2 - ok
18:37:49.0046 3256 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:37:49.0062 3256 HSF_DP - ok
18:37:49.0125 3256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:49.0140 3256 HTTP - ok
18:37:49.0171 3256 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:37:49.0218 3256 HTTPFilter - ok
18:37:49.0250 3256 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:37:49.0250 3256 i2omgmt - ok
18:37:49.0281 3256 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:37:49.0281 3256 i2omp - ok
18:37:49.0296 3256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:49.0296 3256 i8042prt - ok
18:37:49.0390 3256 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:37:49.0390 3256 ialm - ok
18:37:49.0546 3256 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:37:49.0578 3256 idsvc - ok
18:37:49.0718 3256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:49.0718 3256 Imapi - ok
18:37:49.0781 3256 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:37:49.0796 3256 ImapiService - ok
18:37:49.0843 3256 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:37:49.0843 3256 ini910u - ok
18:37:49.0875 3256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:37:49.0875 3256 IntelIde - ok
18:37:49.0937 3256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:49.0937 3256 intelppm - ok
18:37:49.0953 3256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:49.0953 3256 Ip6Fw - ok
18:37:49.0984 3256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:49.0984 3256 IpFilterDriver - ok
18:37:50.0000 3256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:50.0015 3256 IpInIp - ok
18:37:50.0031 3256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:50.0031 3256 IpNat - ok
18:37:50.0093 3256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:50.0093 3256 IPSec - ok
18:37:50.0109 3256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:50.0109 3256 IRENUM - ok
18:37:50.0140 3256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:50.0140 3256 isapnp - ok
18:37:50.0156 3256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:50.0156 3256 Kbdclass - ok
18:37:50.0203 3256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:37:50.0203 3256 kbdhid - ok
18:37:50.0234 3256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:50.0234 3256 kmixer - ok
18:37:50.0296 3256 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:50.0296 3256 KSecDD - ok
18:37:50.0359 3256 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:37:50.0390 3256 lanmanserver - ok
18:37:50.0453 3256 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:37:50.0531 3256 lanmanworkstation - ok
18:37:50.0546 3256 lbrtfdc - ok
18:37:50.0609 3256 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:37:50.0609 3256 LmHosts - ok
18:37:50.0765 3256 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:37:50.0765 3256 LMIGuardianSvc - ok
18:37:50.0812 3256 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:37:50.0812 3256 LMIInfo - ok
18:37:50.0828 3256 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
18:37:50.0843 3256 LMIMaint - ok
18:37:50.0890 3256 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:37:50.0890 3256 lmimirr - ok
18:37:50.0906 3256 LMIRfsClientNP - ok
18:37:50.0953 3256 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:37:50.0953 3256 LMIRfsDriver - ok
18:37:51.0015 3256 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:37:51.0015 3256 LogMeIn - ok
18:37:51.0078 3256 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:37:51.0078 3256 mdmxsdk - ok
18:37:51.0125 3256 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:37:51.0125 3256 Messenger - ok
18:37:51.0171 3256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:51.0171 3256 mnmdd - ok
18:37:51.0234 3256 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:37:51.0250 3256 mnmsrvc - ok
18:37:51.0296 3256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:51.0296 3256 Modem - ok
18:37:51.0312 3256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:51.0312 3256 Mouclass - ok
18:37:51.0375 3256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:37:51.0375 3256 mouhid - ok
18:37:51.0390 3256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:51.0406 3256 MountMgr - ok
18:37:51.0453 3256 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:37:51.0453 3256 mraid35x - ok
18:37:51.0515 3256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:51.0515 3256 MRxDAV - ok
18:37:51.0578 3256 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:51.0593 3256 MRxSmb - ok
18:37:51.0640 3256 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:37:51.0656 3256 MSDTC - ok
18:37:51.0703 3256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:51.0703 3256 Msfs - ok
18:37:51.0718 3256 MSIServer - ok
18:37:51.0765 3256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:51.0765 3256 MSKSSRV - ok
18:37:51.0781 3256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:51.0781 3256 MSPCLOCK - ok
18:37:51.0812 3256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:51.0812 3256 MSPQM - ok
18:37:51.0859 3256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:51.0875 3256 mssmbios - ok
18:37:51.0921 3256 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:37:51.0921 3256 MSTEE - ok
18:37:51.0968 3256 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:37:51.0984 3256 Mup - ok
18:37:52.0031 3256 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
18:37:52.0031 3256 mxnic - ok
18:37:52.0078 3256 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:37:52.0093 3256 NABTSFEC - ok
18:37:52.0140 3256 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:37:52.0171 3256 napagent - ok
18:37:52.0218 3256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:52.0218 3256 NDIS - ok
18:37:52.0281 3256 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:37:52.0281 3256 NdisIP - ok
18:37:52.0312 3256 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:52.0312 3256 NdisTapi - ok
18:37:52.0328 3256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:52.0328 3256 Ndisuio - ok
18:37:52.0359 3256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:52.0359 3256 NdisWan - ok
18:37:52.0406 3256 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:52.0406 3256 NDProxy - ok
18:37:52.0468 3256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:52.0468 3256 NetBIOS - ok
18:37:52.0484 3256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:52.0484 3256 NetBT - ok
18:37:52.0531 3256 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:52.0562 3256 NetDDE - ok
18:37:52.0562 3256 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:37:52.0578 3256 NetDDEdsdm - ok
18:37:52.0687 3256 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:52.0703 3256 Netlogon - ok
18:37:52.0828 3256 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:37:52.0859 3256 Netman - ok
18:37:53.0000 3256 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:37:53.0015 3256 NetTcpPortSharing - ok
18:37:53.0062 3256 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:37:53.0093 3256 Nla - ok
18:37:53.0140 3256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:53.0140 3256 Npfs - ok
18:37:53.0187 3256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:53.0203 3256 Ntfs - ok
18:37:53.0250 3256 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:53.0265 3256 NtLmSsp - ok
18:37:53.0328 3256 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:37:53.0343 3256 NtmsSvc - ok
18:37:53.0390 3256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:53.0390 3256 Null - ok
18:37:53.0500 3256 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:37:53.0515 3256 nv - ok
18:37:53.0718 3256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:53.0718 3256 NwlnkFlt - ok
18:37:53.0750 3256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:53.0750 3256 NwlnkFwd - ok
18:37:53.0796 3256 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
18:37:53.0812 3256 P3 - ok
18:37:53.0828 3256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:37:53.0843 3256 Parport - ok
18:37:53.0859 3256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:53.0859 3256 PartMgr - ok
18:37:53.0906 3256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:53.0906 3256 ParVdm - ok
18:37:53.0937 3256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:53.0937 3256 PCI - ok
18:37:53.0953 3256 PCIDump - ok
18:37:54.0000 3256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:54.0000 3256 PCIIde - ok
18:37:54.0062 3256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:37:54.0062 3256 Pcmcia - ok
18:37:54.0078 3256 PDCOMP - ok
18:37:54.0093 3256 PDFRAME - ok
18:37:54.0109 3256 PDRELI - ok
18:37:54.0109 3256 PDRFRAME - ok
18:37:54.0125 3256 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:37:54.0125 3256 perc2 - ok
18:37:54.0171 3256 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:37:54.0171 3256 perc2hib - ok
18:37:54.0250 3256 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:37:54.0265 3256 PlugPlay - ok
18:37:54.0312 3256 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:54.0328 3256 PolicyAgent - ok
18:37:54.0375 3256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:37:54.0375 3256 PptpMiniport - ok
18:37:54.0390 3256 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:54.0406 3256 ProtectedStorage - ok
18:37:54.0421 3256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:37:54.0437 3256 PSched - ok
18:37:54.0484 3256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:37:54.0484 3256 Ptilink - ok
18:37:54.0562 3256 QCMerced (b607f201293e884f36f9a2ac2c960853) C:\WINDOWS\system32\DRIVERS\LVCM.sys
18:37:54.0562 3256 QCMerced - ok
18:37:54.0593 3256 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:37:54.0609 3256 ql1080 - ok
18:37:54.0609 3256 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:37:54.0625 3256 Ql10wnt - ok
18:37:54.0640 3256 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:37:54.0640 3256 ql12160 - ok
18:37:54.0656 3256 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:37:54.0656 3256 ql1240 - ok
18:37:54.0671 3256 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:37:54.0687 3256 ql1280 - ok
18:37:54.0734 3256 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\WINDOWS\system32\DRIVERS\radpms.sys
18:37:54.0734 3256 radpms - ok
18:37:54.0750 3256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:37:54.0750 3256 RasAcd - ok
18:37:54.0796 3256 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:37:54.0828 3256 RasAuto - ok
18:37:54.0859 3256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:37:54.0859 3256 Rasl2tp - ok
18:37:54.0921 3256 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:37:54.0953 3256 RasMan - ok
18:37:54.0968 3256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:37:54.0984 3256 RasPppoe - ok
18:37:55.0031 3256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:37:55.0046 3256 Raspti - ok
18:37:55.0093 3256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:37:55.0093 3256 Rdbss - ok
18:37:55.0109 3256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:37:55.0109 3256 RDPCDD - ok
18:37:55.0156 3256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:37:55.0156 3256 rdpdr - ok
18:37:55.0203 3256 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:37:55.0203 3256 RDPWD - ok
18:37:55.0250 3256 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:37:55.0281 3256 RDSessMgr - ok
18:37:55.0312 3256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:37:55.0312 3256 redbook - ok
18:37:55.0359 3256 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:37:55.0375 3256 RemoteAccess - ok
18:37:55.0390 3256 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:37:55.0406 3256 RpcLocator - ok
18:37:55.0453 3256 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:37:55.0484 3256 RpcSs - ok
18:37:55.0531 3256 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:37:55.0562 3256 RSVP - ok
18:37:55.0609 3256 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:37:55.0625 3256 SamSs - ok
18:37:55.0671 3256 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:37:55.0718 3256 SCardSvr - ok
18:37:55.0781 3256 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:37:55.0796 3256 Schedule - ok
18:37:55.0875 3256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:37:55.0875 3256 Secdrv - ok
18:37:55.0921 3256 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:37:55.0921 3256 seclogon - ok
18:37:56.0000 3256 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:37:56.0000 3256 SENS - ok
18:37:56.0062 3256 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:37:56.0078 3256 serenum - ok
18:37:56.0125 3256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:37:56.0125 3256 Serial - ok
18:37:56.0203 3256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:37:56.0203 3256 Sfloppy - ok
18:37:56.0265 3256 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:37:56.0296 3256 SharedAccess - ok
18:37:56.0359 3256 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:56.0375 3256 ShellHWDetection - ok
18:37:56.0390 3256 Simbad - ok
18:37:56.0453 3256 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:37:56.0453 3256 sisagp - ok
18:37:56.0562 3256 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
18:37:56.0609 3256 SkypeUpdate - ok
18:37:56.0656 3256 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:37:56.0671 3256 SLIP - ok
18:37:56.0734 3256 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:37:56.0734 3256 Sparrow - ok
18:37:56.0750 3256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:37:56.0765 3256 splitter - ok
18:37:56.0812 3256 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:37:56.0828 3256 Spooler - ok
18:37:56.0875 3256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:37:56.0875 3256 sr - ok
18:37:56.0937 3256 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:37:56.0953 3256 srservice - ok
18:37:57.0031 3256 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:37:57.0031 3256 Srv - ok
18:37:57.0093 3256 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:37:57.0109 3256 SSDPSRV - ok
18:37:57.0171 3256 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:37:57.0171 3256 StillCam - ok
18:37:57.0250 3256 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:37:57.0281 3256 stisvc - ok
18:37:57.0328 3256 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:37:57.0343 3256 streamip - ok
18:37:57.0359 3256 Sunkfiltp - ok
18:37:57.0359 3256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:37:57.0375 3256 swenum - ok
18:37:57.0421 3256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:37:57.0421 3256 swmidi - ok
18:37:57.0437 3256 SwPrv - ok
18:37:57.0484 3256 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:37:57.0500 3256 symc810 - ok
18:37:57.0515 3256 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:37:57.0515 3256 symc8xx - ok
18:37:57.0531 3256 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:37:57.0531 3256 sym_hi - ok
18:37:57.0546 3256 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:37:57.0546 3256 sym_u3 - ok
18:37:57.0578 3256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:37:57.0578 3256 sysaudio - ok
18:37:57.0640 3256 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:37:57.0656 3256 SysmonLog - ok
18:37:57.0718 3256 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:37:57.0750 3256 TapiSrv - ok
18:37:57.0812 3256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:37:57.0828 3256 Tcpip - ok
18:37:57.0875 3256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:37:57.0875 3256 TDPIPE - ok
18:37:57.0890 3256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:37:57.0890 3256 TDTCP - ok
18:37:57.0953 3256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:37:57.0953 3256 TermDD - ok
18:37:58.0015 3256 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:37:58.0046 3256 TermService - ok
18:37:58.0109 3256 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:37:58.0125 3256 Themes - ok
18:37:58.0171 3256 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:37:58.0171 3256 TosIde - ok
18:37:58.0218 3256 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:37:58.0281 3256 TrkWks - ok
18:37:58.0312 3256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:37:58.0312 3256 Udfs - ok
18:37:58.0343 3256 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:37:58.0343 3256 ultra - ok
18:37:58.0421 3256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:37:58.0421 3256 Update - ok
18:37:58.0468 3256 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:37:58.0625 3256 upnphost - ok
18:37:58.0671 3256 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:37:58.0703 3256 UPS - ok
18:37:58.0750 3256 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:37:58.0765 3256 usbaudio - ok
18:37:58.0812 3256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:37:58.0812 3256 usbccgp - ok
18:37:58.0859 3256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:37:58.0875 3256 usbehci - ok
18:37:58.0890 3256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:37:58.0890 3256 usbhub - ok
18:37:58.0937 3256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:37:58.0937 3256 usbprint - ok
18:37:58.0953 3256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:37:58.0968 3256 usbscan - ok
18:37:59.0015 3256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:37:59.0031 3256 USBSTOR - ok
18:37:59.0046 3256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:37:59.0046 3256 usbuhci - ok
18:37:59.0062 3256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:37:59.0078 3256 VgaSave - ok
18:37:59.0125 3256 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:37:59.0125 3256 viaagp - ok
18:37:59.0140 3256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:37:59.0156 3256 ViaIde - ok
18:37:59.0203 3256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:37:59.0203 3256 VolSnap - ok
18:37:59.0281 3256 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:37:59.0312 3256 VSS - ok
18:37:59.0375 3256 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:37:59.0390 3256 W32Time - ok
18:37:59.0453 3256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:37:59.0453 3256 Wanarp - ok
18:37:59.0468 3256 wanatw - ok
18:37:59.0484 3256 WDICA - ok
18:37:59.0500 3256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:37:59.0515 3256 wdmaud - ok
18:37:59.0562 3256 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:37:59.0593 3256 WebClient - ok
18:37:59.0671 3256 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:37:59.0671 3256 winachsf - ok
18:37:59.0781 3256 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:37:59.0828 3256 winmgmt - ok
18:37:59.0937 3256 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
18:38:00.0015 3256 WinRM - ok
18:38:00.0078 3256 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:38:00.0093 3256 WmdmPmSN - ok
18:38:00.0187 3256 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:38:00.0203 3256 WmiApSrv - ok
18:38:00.0375 3256 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:38:00.0406 3256 WMPNetworkSvc - ok
18:38:00.0500 3256 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:38:00.0500 3256 WpdUsb - ok
18:38:00.0734 3256 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:38:00.0765 3256 WPFFontCache_v0400 - ok
18:38:00.0812 3256 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:38:00.0812 3256 WS2IFSL - ok
18:38:00.0875 3256 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:38:00.0906 3256 wscsvc - ok
18:38:00.0953 3256 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:38:00.0953 3256 WSTCODEC - ok
18:38:01.0015 3256 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:38:01.0062 3256 wuauserv - ok
18:38:01.0093 3256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:38:01.0109 3256 WudfPf - ok
18:38:01.0125 3256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:38:01.0140 3256 WudfRd - ok
18:38:01.0156 3256 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:38:01.0171 3256 WudfSvc - ok
18:38:01.0250 3256 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:38:01.0281 3256 WZCSVC - ok
18:38:01.0328 3256 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:38:01.0375 3256 xmlprov - ok
18:38:01.0406 3256 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
18:38:01.0453 3256 \Device\Harddisk0\DR0 - ok
18:38:01.0468 3256 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
18:38:01.0484 3256 \Device\Harddisk1\DR3 - ok
18:38:01.0484 3256 Boot (0x1200) (2531f20d240332341d2ec3bf48246807) \Device\Harddisk0\DR0\Partition0
18:38:01.0484 3256 \Device\Harddisk0\DR0\Partition0 - ok
18:38:01.0500 3256 Boot (0x1200) (52473fef13efcd43e506cd10618ec751) \Device\Harddisk0\DR0\Partition1
18:38:01.0500 3256 \Device\Harddisk0\DR0\Partition1 - ok
18:38:01.0515 3256 Boot (0x1200) (3dccbefbb2fbee32622c0794c2d99492) \Device\Harddisk1\DR3\Partition0
18:38:01.0515 3256 \Device\Harddisk1\DR3\Partition0 - ok
18:38:01.0515 3256 ============================================================
18:38:01.0515 3256 Scan finished
18:38:01.0515 3256 ============================================================
18:38:01.0531 3244 Detected object count: 0
18:38:01.0531 3244 Actual detected object count: 0

#14 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 06:27 PM

And the second one:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 18:40:37
-----------------------------
18:40:37.125 OS Version: Windows 5.1.2600 Service Pack 3
18:40:37.125 Number of processors: 1 586 0x304
18:40:37.125 ComputerName: JUNE2005 UserName: Owner
18:40:37.953 Initialize success
18:40:41.593 AVAST engine defs: 12070301
18:41:42.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:41:42.796 Disk 0 Vendor: WDC_WD800BB-22JHC0 05.01C05 Size: 76319MB BusType: 3
18:41:42.828 Disk 0 MBR read successfully
18:41:42.828 Disk 0 MBR scan
18:41:42.828 Disk 0 unknown MBR code
18:41:42.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72488 MB offset 7823655
18:41:42.843 Disk 0 Partition 2 00 0B FAT32 RECOVERY 3820 MB offset 63
18:41:42.859 Disk 0 scanning sectors +156280320
18:41:42.968 Disk 0 scanning C:\WINDOWS\system32\drivers
18:42:07.968 Service scanning
18:42:45.500 Modules scanning
18:43:06.078 Disk 0 trace - called modules:
18:43:06.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:43:06.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b67ab8]
18:43:06.609 3 CLASSPNP.SYS[f78b2fd7] -> nt!IofCallDriver -> \Device\00000086[0x86b69f18]
18:43:06.609 5 ACPI.sys[f77a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b71940]
18:43:07.187 AVAST engine scan C:\WINDOWS
18:43:32.671 AVAST engine scan C:\WINDOWS\system32
18:47:10.375 AVAST engine scan C:\WINDOWS\system32\drivers
18:47:33.265 AVAST engine scan C:\Documents and Settings\Owner
19:07:16.437 AVAST engine scan C:\Documents and Settings\All Users
19:18:14.968 Scan finished successfully
19:22:55.421 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
19:22:55.453 The log file has been saved successfully to "J:\aswMBR.txt"

#15 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 03 July 2012 - 06:52 PM

By the way, I noticed once the PC starts, before getting to Windows, a screen appears (for 5 seconds max) with several Windows options but "Windows XP Home..." is always chosen. I just never seen it before.

The rest of the PC is almost good - Avast icon doesn't appear next to the clock in the lower-right, but I'm not worried about it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users