Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox being redirected, system running slow - help!


  • Please log in to reply
11 replies to this topic

#1 bison

bison

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 July 2012 - 10:39 AM

Hi -

I've run into a virus, certainly due to my downloading a "free" program to convert video files. I've removed that program but am now having problems with Firefox being redirected to various ads (and away from bleepingcomputer.com!) and my system is running extremely slowly. I'm also getting intermittent error messages about "scripts". Please help!

Thanks -

Bruce

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 15 July 2012 - 10:40 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bison

bison
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 July 2012 - 03:07 PM

TDSS:
11:15:46.0843 2976 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:15:47.0312 2976 ============================================================
11:15:47.0312 2976 Current date / time: 2012/07/15 11:15:47.0312
11:15:47.0312 2976 SystemInfo:
11:15:47.0312 2976
11:15:47.0312 2976 OS Version: 5.1.2600 ServicePack: 3.0
11:15:47.0312 2976 Product type: Workstation
11:15:47.0312 2976 ComputerName: BRUCE-OFFICE
11:15:47.0312 2976 UserName: Bruce
11:15:47.0312 2976 Windows directory: C:\WINDOWS
11:15:47.0312 2976 System windows directory: C:\WINDOWS
11:15:47.0312 2976 Processor architecture: Intel x86
11:15:47.0312 2976 Number of processors: 2
11:15:47.0312 2976 Page size: 0x1000
11:15:47.0312 2976 Boot type: Normal boot
11:15:47.0312 2976 ============================================================
11:15:48.0515 2976 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:15:48.0515 2976 Drive \Device\Harddisk1\DR4 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:15:48.0515 2976 ============================================================
11:15:48.0515 2976 \Device\Harddisk0\DR0:
11:15:48.0515 2976 MBR partitions:
11:15:48.0515 2976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x120A4B98
11:15:48.0515 2976 \Device\Harddisk1\DR4:
11:15:48.0515 2976 MBR partitions:
11:15:48.0515 2976 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
11:15:48.0515 2976 ============================================================
11:15:48.0562 2976 C: <-> \Device\Harddisk0\DR0\Partition0
11:15:49.0359 2976 G: <-> \Device\Harddisk1\DR4\Partition0
11:15:49.0359 2976 ============================================================
11:15:49.0359 2976 Initialize success
11:15:49.0359 2976 ============================================================
11:15:57.0281 2740 ============================================================
11:15:57.0281 2740 Scan started
11:15:57.0281 2740 Mode: Manual; TDLFS;
11:15:57.0281 2740 ============================================================
11:15:57.0609 2740 Abiosdsk - ok
11:15:57.0656 2740 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:15:57.0656 2740 abp480n5 - ok
11:15:57.0687 2740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:15:57.0703 2740 ACPI - ok
11:15:57.0734 2740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:15:57.0734 2740 ACPIEC - ok
11:15:57.0812 2740 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:57.0812 2740 AdobeFlashPlayerUpdateSvc - ok
11:15:57.0828 2740 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:15:57.0828 2740 adpu160m - ok
11:15:57.0859 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:15:57.0859 2740 aec - ok
11:15:57.0906 2740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:15:57.0906 2740 AFD - ok
11:15:57.0937 2740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:15:57.0937 2740 agp440 - ok
11:15:57.0953 2740 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:15:57.0968 2740 agpCPQ - ok
11:15:57.0968 2740 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:15:57.0968 2740 Aha154x - ok
11:15:57.0984 2740 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:15:57.0984 2740 aic78u2 - ok
11:15:58.0000 2740 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:15:58.0000 2740 aic78xx - ok
11:15:58.0031 2740 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:15:58.0031 2740 Alerter - ok
11:15:58.0062 2740 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:15:58.0062 2740 ALG - ok
11:15:58.0093 2740 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:15:58.0093 2740 AliIde - ok
11:15:58.0093 2740 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:15:58.0093 2740 alim1541 - ok
11:15:58.0125 2740 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:15:58.0125 2740 amdagp - ok
11:15:58.0140 2740 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:15:58.0140 2740 amsint - ok
11:15:58.0265 2740 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:15:58.0265 2740 Apple Mobile Device - ok
11:15:58.0296 2740 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:15:58.0296 2740 AppMgmt - ok
11:15:58.0312 2740 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:15:58.0312 2740 asc - ok
11:15:58.0328 2740 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:15:58.0328 2740 asc3350p - ok
11:15:58.0343 2740 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:15:58.0343 2740 asc3550 - ok
11:15:58.0375 2740 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
11:15:58.0375 2740 ASCTRM - ok
11:15:58.0500 2740 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:15:58.0500 2740 aspnet_state - ok
11:15:58.0531 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:15:58.0531 2740 AsyncMac - ok
11:15:58.0562 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:15:58.0562 2740 atapi - ok
11:15:58.0578 2740 Atdisk - ok
11:15:58.0640 2740 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
11:15:58.0640 2740 Ati HotKey Poller - ok
11:15:58.0734 2740 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:15:58.0734 2740 ati2mtag - ok
11:15:58.0781 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:15:58.0781 2740 Atmarpc - ok
11:15:58.0812 2740 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:15:58.0812 2740 AudioSrv - ok
11:15:58.0828 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:15:58.0828 2740 audstub - ok
11:15:58.0843 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:15:58.0843 2740 Beep - ok
11:15:58.0906 2740 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:15:58.0906 2740 BITS - ok
11:15:59.0000 2740 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:15:59.0015 2740 Bonjour Service - ok
11:15:59.0031 2740 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:15:59.0031 2740 Browser - ok
11:15:59.0031 2740 bvrp_pci - ok
11:15:59.0062 2740 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:15:59.0062 2740 cbidf - ok
11:15:59.0062 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:15:59.0078 2740 cbidf2k - ok
11:15:59.0109 2740 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
11:15:59.0109 2740 cbVSCService - ok
11:15:59.0140 2740 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:15:59.0140 2740 cd20xrnt - ok
11:15:59.0140 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:15:59.0140 2740 Cdaudio - ok
11:15:59.0171 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:15:59.0187 2740 Cdfs - ok
11:15:59.0187 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:15:59.0187 2740 Cdrom - ok
11:15:59.0203 2740 Changer - ok
11:15:59.0234 2740 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:15:59.0234 2740 CiSvc - ok
11:15:59.0234 2740 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:15:59.0234 2740 ClipSrv - ok
11:15:59.0343 2740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:59.0343 2740 clr_optimization_v2.0.50727_32 - ok
11:15:59.0375 2740 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:15:59.0375 2740 CmdIde - ok
11:15:59.0453 2740 CobianBackup10 (06302ea7eda9dcdd7f82cec2a03d2015) C:\Program Files\Cobian Backup 10\cbService.exe
11:15:59.0453 2740 CobianBackup10 - ok
11:15:59.0468 2740 COMSysApp - ok
11:15:59.0484 2740 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:15:59.0484 2740 Cpqarray - ok
11:15:59.0531 2740 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:15:59.0531 2740 CryptSvc - ok
11:15:59.0562 2740 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:15:59.0562 2740 dac2w2k - ok
11:15:59.0578 2740 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:15:59.0578 2740 dac960nt - ok
11:15:59.0625 2740 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:15:59.0625 2740 DcomLaunch - ok
11:15:59.0671 2740 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:15:59.0671 2740 Dhcp - ok
11:15:59.0687 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:15:59.0687 2740 Disk - ok
11:15:59.0703 2740 dmadmin - ok
11:15:59.0765 2740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:15:59.0765 2740 dmboot - ok
11:15:59.0796 2740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:15:59.0796 2740 dmio - ok
11:15:59.0812 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:15:59.0812 2740 dmload - ok
11:15:59.0859 2740 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:15:59.0859 2740 dmserver - ok
11:15:59.0875 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:15:59.0875 2740 DMusic - ok
11:15:59.0921 2740 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:15:59.0921 2740 Dnscache - ok
11:15:59.0953 2740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:15:59.0968 2740 Dot3svc - ok
11:15:59.0984 2740 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:15:59.0984 2740 dpti2o - ok
11:16:00.0000 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:16:00.0000 2740 drmkaud - ok
11:16:00.0031 2740 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
11:16:00.0031 2740 drvmcdb - ok
11:16:00.0078 2740 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
11:16:00.0078 2740 drvnddm - ok
11:16:00.0187 2740 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
11:16:00.0187 2740 DSBrokerService - ok
11:16:00.0218 2740 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
11:16:00.0218 2740 DSproct - ok
11:16:00.0234 2740 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
11:16:00.0250 2740 dsunidrv - ok
11:16:00.0296 2740 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:16:00.0296 2740 E100B - ok
11:16:00.0328 2740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:16:00.0328 2740 EapHost - ok
11:16:00.0406 2740 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
11:16:00.0406 2740 ehRecvr - ok
11:16:00.0421 2740 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
11:16:00.0421 2740 ehSched - ok
11:16:00.0437 2740 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
11:16:00.0437 2740 ElbyCDFL - ok
11:16:00.0468 2740 ElbyCDIO (389823db299b350f2ee830d47376eeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
11:16:00.0468 2740 ElbyCDIO - ok
11:16:00.0484 2740 ElbyVCD (c4143fc2f7d39a5a8b1cfe0bc4bd8a9e) C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
11:16:00.0484 2740 ElbyVCD - ok
11:16:00.0500 2740 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
11:16:00.0500 2740 enodpl - ok
11:16:00.0515 2740 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:16:00.0515 2740 ERSvc - ok
11:16:00.0562 2740 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:16:00.0562 2740 Eventlog - ok
11:16:00.0609 2740 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:16:00.0609 2740 EventSystem - ok
11:16:00.0656 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:16:00.0656 2740 Fastfat - ok
11:16:00.0703 2740 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:16:00.0703 2740 FastUserSwitchingCompatibility - ok
11:16:00.0734 2740 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:16:00.0750 2740 Fax - ok
11:16:00.0765 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:16:00.0765 2740 Fdc - ok
11:16:00.0796 2740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:16:00.0796 2740 Fips - ok
11:16:00.0921 2740 FlipShare Service (0b9167adfe8e42b6b4c5e929bfbc7080) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
11:16:00.0921 2740 FlipShare Service - ok
11:16:00.0953 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:16:00.0953 2740 Flpydisk - ok
11:16:01.0000 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:16:01.0000 2740 FltMgr - ok
11:16:01.0125 2740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:16:01.0125 2740 FontCache3.0.0.0 - ok
11:16:01.0156 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:16:01.0156 2740 Fs_Rec - ok
11:16:01.0187 2740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:16:01.0187 2740 Ftdisk - ok
11:16:01.0203 2740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:16:01.0218 2740 GEARAspiWDM - ok
11:16:01.0281 2740 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:16:01.0296 2740 GoogleDesktopManager-051210-111108 - ok
11:16:01.0343 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:16:01.0343 2740 Gpc - ok
11:16:01.0375 2740 gupdate1c9f93683e12f69 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:01.0375 2740 gupdate1c9f93683e12f69 - ok
11:16:01.0390 2740 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:01.0390 2740 gupdatem - ok
11:16:01.0421 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:16:01.0421 2740 HDAudBus - ok
11:16:01.0500 2740 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:16:01.0500 2740 helpsvc - ok
11:16:01.0546 2740 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:16:01.0546 2740 HidServ - ok
11:16:01.0562 2740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:16:01.0562 2740 HidUsb - ok
11:16:01.0593 2740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:16:01.0593 2740 hkmsvc - ok
11:16:01.0625 2740 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:16:01.0625 2740 hpn - ok
11:16:01.0703 2740 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:16:01.0703 2740 hpqcxs08 - ok
11:16:01.0734 2740 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:16:01.0734 2740 hpqddsvc - ok
11:16:01.0765 2740 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:16:01.0765 2740 HPSLPSVC - ok
11:16:01.0796 2740 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:16:01.0812 2740 HPZid412 - ok
11:16:01.0812 2740 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:16:01.0812 2740 HPZipr12 - ok
11:16:01.0843 2740 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:16:01.0843 2740 HPZius12 - ok
11:16:01.0859 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:16:01.0859 2740 HTTP - ok
11:16:01.0875 2740 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:16:01.0890 2740 HTTPFilter - ok
11:16:01.0921 2740 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:16:01.0921 2740 i2omgmt - ok
11:16:01.0968 2740 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:16:01.0968 2740 i2omp - ok
11:16:01.0968 2740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:16:01.0968 2740 i8042prt - ok
11:16:02.0109 2740 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:16:02.0109 2740 IDriverT - ok
11:16:02.0218 2740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:16:02.0234 2740 idsvc - ok
11:16:02.0265 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:16:02.0265 2740 Imapi - ok
11:16:02.0312 2740 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:16:02.0312 2740 ImapiService - ok
11:16:02.0343 2740 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:16:02.0343 2740 ini910u - ok
11:16:02.0406 2740 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
11:16:02.0406 2740 IntelC51 - ok
11:16:02.0453 2740 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
11:16:02.0453 2740 IntelC52 - ok
11:16:02.0484 2740 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
11:16:02.0484 2740 IntelC53 - ok
11:16:02.0531 2740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:16:02.0531 2740 IntelIde - ok
11:16:02.0546 2740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:16:02.0546 2740 intelppm - ok
11:16:02.0578 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:16:02.0578 2740 Ip6Fw - ok
11:16:02.0593 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:16:02.0593 2740 IpFilterDriver - ok
11:16:02.0609 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:16:02.0609 2740 IpInIp - ok
11:16:02.0640 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:16:02.0640 2740 IpNat - ok
11:16:02.0765 2740 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:16:02.0765 2740 iPod Service - ok
11:16:02.0812 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:16:02.0812 2740 IPSec - ok
11:16:02.0843 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:16:02.0843 2740 IRENUM - ok
11:16:02.0875 2740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:16:02.0875 2740 isapnp - ok
11:16:03.0000 2740 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:16:03.0000 2740 JavaQuickStarterService - ok
11:16:03.0015 2740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:16:03.0015 2740 Kbdclass - ok
11:16:03.0015 2740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:16:03.0031 2740 kbdhid - ok
11:16:03.0046 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:16:03.0046 2740 kmixer - ok
11:16:03.0093 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:16:03.0093 2740 KSecDD - ok
11:16:03.0125 2740 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:16:03.0140 2740 lanmanserver - ok
11:16:03.0187 2740 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:16:03.0187 2740 lanmanworkstation - ok
11:16:03.0187 2740 lbrtfdc - ok
11:16:03.0203 2740 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:16:03.0203 2740 LmHosts - ok
11:16:03.0296 2740 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
11:16:03.0296 2740 McrdSvc - ok
11:16:03.0312 2740 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:16:03.0312 2740 Messenger - ok
11:16:03.0343 2740 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
11:16:03.0343 2740 MHN - ok
11:16:03.0375 2740 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:16:03.0375 2740 MHNDRV - ok
11:16:03.0390 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:16:03.0390 2740 mnmdd - ok
11:16:03.0421 2740 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:16:03.0421 2740 mnmsrvc - ok
11:16:03.0453 2740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:16:03.0453 2740 Modem - ok
11:16:03.0468 2740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:16:03.0468 2740 MODEMCSA - ok
11:16:03.0484 2740 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
11:16:03.0484 2740 mohfilt - ok
11:16:03.0484 2740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:16:03.0484 2740 Mouclass - ok
11:16:03.0531 2740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:16:03.0531 2740 mouhid - ok
11:16:03.0546 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:16:03.0546 2740 MountMgr - ok
11:16:03.0609 2740 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:16:03.0609 2740 MozillaMaintenance - ok
11:16:03.0656 2740 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:16:03.0656 2740 MpFilter - ok
11:16:03.0687 2740 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:16:03.0687 2740 mraid35x - ok
11:16:03.0687 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:16:03.0703 2740 MRxDAV - ok
11:16:03.0750 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:16:03.0750 2740 MRxSmb - ok
11:16:03.0796 2740 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:16:03.0796 2740 MSDTC - ok
11:16:03.0812 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:16:03.0812 2740 Msfs - ok
11:16:03.0828 2740 MSIServer - ok
11:16:03.0859 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:16:03.0859 2740 MSKSSRV - ok
11:16:03.0875 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:16:03.0875 2740 MSPCLOCK - ok
11:16:03.0890 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:16:03.0890 2740 MSPQM - ok
11:16:03.0921 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:16:03.0921 2740 mssmbios - ok
11:16:03.0937 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:16:03.0937 2740 Mup - ok
11:16:03.0984 2740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:16:03.0984 2740 napagent - ok
11:16:04.0015 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:16:04.0015 2740 NDIS - ok
11:16:04.0062 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:16:04.0062 2740 NdisTapi - ok
11:16:04.0078 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:16:04.0078 2740 Ndisuio - ok
11:16:04.0078 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:16:04.0078 2740 NdisWan - ok
11:16:04.0125 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:16:04.0125 2740 NDProxy - ok
11:16:04.0171 2740 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
11:16:04.0171 2740 Net Driver HPZ12 - ok
11:16:04.0171 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:16:04.0187 2740 NetBIOS - ok
11:16:04.0187 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:16:04.0187 2740 NetBT - ok
11:16:04.0234 2740 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:16:04.0234 2740 NetDDE - ok
11:16:04.0234 2740 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:16:04.0250 2740 NetDDEdsdm - ok
11:16:04.0296 2740 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:16:04.0296 2740 Netlogon - ok
11:16:04.0343 2740 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:16:04.0343 2740 Netman - ok
11:16:04.0500 2740 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
11:16:04.0500 2740 NetSvc - ok
11:16:04.0578 2740 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:16:04.0593 2740 NetTcpPortSharing - ok
11:16:04.0625 2740 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:16:04.0625 2740 Nla - ok
11:16:04.0640 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:16:04.0656 2740 Npfs - ok
11:16:04.0656 2740 NSNDIS5 - ok
11:16:04.0718 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:16:04.0718 2740 Ntfs - ok
11:16:04.0734 2740 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:16:04.0734 2740 NtLmSsp - ok
11:16:04.0796 2740 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:16:04.0796 2740 NtmsSvc - ok
11:16:04.0828 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:16:04.0828 2740 Null - ok
11:16:04.0937 2740 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:16:04.0953 2740 nv - ok
11:16:05.0125 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:16:05.0125 2740 NwlnkFlt - ok
11:16:05.0140 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:16:05.0140 2740 NwlnkFwd - ok
11:16:05.0171 2740 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:16:05.0171 2740 OMCI - ok
11:16:05.0265 2740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:05.0265 2740 ose - ok
11:16:05.0312 2740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:16:05.0312 2740 Parport - ok
11:16:05.0343 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:16:05.0343 2740 PartMgr - ok
11:16:05.0375 2740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:16:05.0375 2740 ParVdm - ok
11:16:05.0390 2740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:16:05.0390 2740 PCI - ok
11:16:05.0406 2740 PCIDump - ok
11:16:05.0453 2740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:16:05.0453 2740 PCIIde - ok
11:16:05.0484 2740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:16:05.0484 2740 Pcmcia - ok
11:16:05.0484 2740 PDCOMP - ok
11:16:05.0500 2740 PDFRAME - ok
11:16:05.0500 2740 PDRELI - ok
11:16:05.0500 2740 PDRFRAME - ok
11:16:05.0531 2740 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:16:05.0531 2740 perc2 - ok
11:16:05.0546 2740 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:16:05.0546 2740 perc2hib - ok
11:16:05.0593 2740 PLCMPR5 - ok
11:16:05.0625 2740 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) C:\PROGRA~1\PLE200\PLCNDIS5.SYS
11:16:05.0625 2740 PLCNDIS5 - ok
11:16:05.0671 2740 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:16:05.0671 2740 PlugPlay - ok
11:16:05.0703 2740 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
11:16:05.0703 2740 Pml Driver HPZ12 - ok
11:16:05.0781 2740 PnkBstrA (a9d6b1e7ef097c7f3b5dc4f56c0e7386) C:\WINDOWS\system32\PnkBstrA.exe
11:16:05.0781 2740 PnkBstrA - ok
11:16:05.0812 2740 PnkBstrB (d6a2586209c116a68e6f3a705234ab32) C:\WINDOWS\system32\PnkBstrB.exe
11:16:05.0812 2740 PnkBstrB - ok
11:16:05.0843 2740 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:16:05.0859 2740 PolicyAgent - ok
11:16:05.0890 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:16:05.0890 2740 PptpMiniport - ok
11:16:05.0906 2740 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:16:05.0906 2740 ProtectedStorage - ok
11:16:05.0906 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:16:05.0906 2740 PSched - ok
11:16:05.0937 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:16:05.0937 2740 Ptilink - ok
11:16:05.0968 2740 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:16:05.0968 2740 PxHelp20 - ok
11:16:06.0000 2740 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:16:06.0000 2740 ql1080 - ok
11:16:06.0000 2740 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:16:06.0000 2740 Ql10wnt - ok
11:16:06.0015 2740 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:16:06.0015 2740 ql12160 - ok
11:16:06.0031 2740 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:16:06.0031 2740 ql1240 - ok
11:16:06.0031 2740 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:16:06.0031 2740 ql1280 - ok
11:16:06.0062 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:16:06.0062 2740 RasAcd - ok
11:16:06.0093 2740 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:16:06.0109 2740 RasAuto - ok
11:16:06.0125 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:16:06.0125 2740 Rasl2tp - ok
11:16:06.0187 2740 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:16:06.0187 2740 RasMan - ok
11:16:06.0187 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:16:06.0187 2740 RasPppoe - ok
11:16:06.0203 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:16:06.0203 2740 Raspti - ok
11:16:06.0234 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:16:06.0234 2740 Rdbss - ok
11:16:06.0234 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:16:06.0234 2740 RDPCDD - ok
11:16:06.0250 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:16:06.0250 2740 rdpdr - ok
11:16:06.0296 2740 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:16:06.0296 2740 RDPWD - ok
11:16:06.0328 2740 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:16:06.0328 2740 RDSessMgr - ok
11:16:06.0359 2740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:16:06.0359 2740 redbook - ok
11:16:06.0390 2740 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:16:06.0406 2740 RemoteAccess - ok
11:16:06.0437 2740 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:16:06.0437 2740 RemoteRegistry - ok
11:16:06.0468 2740 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:16:06.0468 2740 RpcLocator - ok
11:16:06.0515 2740 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:16:06.0515 2740 RpcSs - ok
11:16:06.0562 2740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:16:06.0562 2740 RSVP - ok
11:16:06.0593 2740 RTLWUSB (f564f1c5813b47a86903d42cd778311c) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
11:16:06.0593 2740 RTLWUSB - ok
11:16:06.0640 2740 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:16:06.0640 2740 SamSs - ok
11:16:06.0656 2740 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:16:06.0671 2740 SCardSvr - ok
11:16:06.0703 2740 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:16:06.0703 2740 Schedule - ok
11:16:06.0750 2740 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
11:16:06.0750 2740 SDDMI2 - ok
11:16:06.0781 2740 SDSTOR2K (74012f7625025ce72f01dd37b34cd284) C:\WINDOWS\system32\DRIVERS\SDSTOR2K.SYS
11:16:06.0781 2740 SDSTOR2K - ok
11:16:06.0812 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:16:06.0812 2740 Secdrv - ok
11:16:06.0843 2740 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:16:06.0843 2740 seclogon - ok
11:16:06.0859 2740 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:16:06.0859 2740 SENS - ok
11:16:06.0890 2740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:16:06.0890 2740 serenum - ok
11:16:06.0921 2740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:16:06.0921 2740 Serial - ok
11:16:06.0937 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:16:06.0937 2740 Sfloppy - ok
11:16:06.0984 2740 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:16:06.0984 2740 ShellHWDetection - ok
11:16:07.0000 2740 Simbad - ok
11:16:07.0031 2740 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:16:07.0031 2740 sisagp - ok
11:16:07.0078 2740 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:16:07.0078 2740 SONYPVU1 - ok
11:16:07.0093 2740 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:16:07.0093 2740 Sparrow - ok
11:16:07.0125 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:16:07.0125 2740 splitter - ok
11:16:07.0171 2740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:16:07.0171 2740 Spooler - ok
11:16:07.0218 2740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:16:07.0218 2740 sr - ok
11:16:07.0265 2740 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:16:07.0265 2740 srservice - ok
11:16:07.0328 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:16:07.0328 2740 Srv - ok
11:16:07.0375 2740 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
11:16:07.0375 2740 sscdbhk5 - ok
11:16:07.0421 2740 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:16:07.0421 2740 SSDPSRV - ok
11:16:07.0437 2740 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
11:16:07.0437 2740 ssrtln - ok
11:16:07.0484 2740 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
11:16:07.0484 2740 STHDA - ok
11:16:07.0531 2740 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
11:16:07.0531 2740 StillCam - ok
11:16:07.0546 2740 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:16:07.0562 2740 stisvc - ok
11:16:07.0578 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:16:07.0578 2740 swenum - ok
11:16:07.0578 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:16:07.0593 2740 swmidi - ok
11:16:07.0593 2740 SwPrv - ok
11:16:07.0640 2740 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:16:07.0640 2740 symc810 - ok
11:16:07.0640 2740 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:16:07.0640 2740 symc8xx - ok
11:16:07.0671 2740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:16:07.0671 2740 sym_hi - ok
11:16:07.0687 2740 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:16:07.0687 2740 sym_u3 - ok
11:16:07.0718 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:16:07.0718 2740 sysaudio - ok
11:16:07.0750 2740 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:16:07.0750 2740 SysmonLog - ok
11:16:07.0796 2740 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
11:16:07.0796 2740 tandpl - ok
11:16:07.0812 2740 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:16:07.0828 2740 TapiSrv - ok
11:16:07.0875 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:16:07.0875 2740 Tcpip - ok
11:16:07.0906 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:16:07.0906 2740 TDPIPE - ok
11:16:07.0921 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:16:07.0921 2740 TDTCP - ok
11:16:07.0953 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:16:07.0953 2740 TermDD - ok
11:16:07.0984 2740 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:16:07.0984 2740 TermService - ok
11:16:08.0062 2740 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
11:16:08.0062 2740 tfsnboio - ok
11:16:08.0078 2740 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
11:16:08.0078 2740 tfsncofs - ok
11:16:08.0093 2740 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
11:16:08.0093 2740 tfsndrct - ok
11:16:08.0109 2740 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
11:16:08.0109 2740 tfsndres - ok
11:16:08.0125 2740 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
11:16:08.0125 2740 tfsnifs - ok
11:16:08.0140 2740 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
11:16:08.0140 2740 tfsnopio - ok
11:16:08.0140 2740 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
11:16:08.0140 2740 tfsnpool - ok
11:16:08.0156 2740 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
11:16:08.0156 2740 tfsnudf - ok
11:16:08.0171 2740 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
11:16:08.0171 2740 tfsnudfa - ok
11:16:08.0187 2740 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:16:08.0203 2740 Themes - ok
11:16:08.0218 2740 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:16:08.0218 2740 TlntSvr - ok
11:16:08.0250 2740 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:16:08.0250 2740 TosIde - ok
11:16:08.0296 2740 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:16:08.0296 2740 TrkWks - ok
11:16:08.0328 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:16:08.0328 2740 Udfs - ok
11:16:08.0375 2740 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:16:08.0375 2740 ultra - ok
11:16:08.0421 2740 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
11:16:08.0421 2740 UMWdf - ok
11:16:08.0468 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:16:08.0468 2740 Update - ok
11:16:08.0500 2740 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:16:08.0515 2740 upnphost - ok
11:16:08.0531 2740 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:16:08.0531 2740 UPS - ok
11:16:08.0562 2740 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:16:08.0562 2740 USBAAPL - ok
11:16:08.0593 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:16:08.0593 2740 usbccgp - ok
11:16:08.0640 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:16:08.0640 2740 usbehci - ok
11:16:08.0656 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:16:08.0656 2740 usbhub - ok
11:16:08.0671 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:16:08.0671 2740 usbprint - ok
11:16:08.0718 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:16:08.0718 2740 usbscan - ok
11:16:08.0734 2740 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
11:16:08.0734 2740 usbser - ok
11:16:08.0765 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:16:08.0765 2740 USBSTOR - ok
11:16:08.0781 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:16:08.0781 2740 usbuhci - ok
11:16:08.0796 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:16:08.0796 2740 VgaSave - ok
11:16:08.0812 2740 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:16:08.0812 2740 viaagp - ok
11:16:08.0828 2740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:16:08.0843 2740 ViaIde - ok
11:16:08.0859 2740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:16:08.0859 2740 VolSnap - ok
11:16:08.0906 2740 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:16:08.0921 2740 VSS - ok
11:16:08.0937 2740 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:16:08.0937 2740 w32time - ok
11:16:08.0953 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:16:08.0953 2740 Wanarp - ok
11:16:08.0968 2740 wanatw - ok
11:16:09.0015 2740 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:16:09.0015 2740 WDC_SAM - ok
11:16:09.0015 2740 WDICA - ok
11:16:09.0046 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:16:09.0046 2740 wdmaud - ok
11:16:09.0062 2740 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:16:09.0062 2740 WebClient - ok
11:16:09.0109 2740 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
11:16:09.0109 2740 wg111nd5 - ok
11:16:09.0187 2740 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:16:09.0187 2740 winmgmt - ok
11:16:09.0234 2740 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
11:16:09.0234 2740 WmdmPmSN - ok
11:16:09.0296 2740 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:16:09.0296 2740 Wmi - ok
11:16:09.0343 2740 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:16:09.0343 2740 WmiApSrv - ok
11:16:09.0375 2740 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:16:09.0390 2740 wuauserv - ok
11:16:09.0437 2740 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:16:09.0453 2740 WZCSVC - ok
11:16:09.0484 2740 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:16:09.0484 2740 xmlprov - ok
11:16:09.0515 2740 MBR (0x1B8) (91722e6bc3a2b40ff00222dca4a3db3e) \Device\Harddisk0\DR0
11:16:09.0968 2740 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:16:09.0968 2740 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:16:10.0265 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
11:16:10.0421 2740 \Device\Harddisk1\DR4 - ok
11:16:10.0421 2740 Boot (0x1200) (b6b59034cfbc928faa276fcb0f3ced86) \Device\Harddisk0\DR0\Partition0
11:16:10.0421 2740 \Device\Harddisk0\DR0\Partition0 - ok
11:16:10.0468 2740 Boot (0x1200) (e106c08c8107be1a082a6be8203dbec8) \Device\Harddisk1\DR4\Partition0
11:16:10.0468 2740 \Device\Harddisk1\DR4\Partition0 - ok
11:16:10.0468 2740 ============================================================
11:16:10.0468 2740 Scan finished
11:16:10.0468 2740 ============================================================
11:16:10.0484 2632 Detected object count: 1
11:16:10.0484 2632 Actual detected object count: 1
11:16:31.0062 2632 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:16:31.0062 2632 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

ASW

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 11:16:54
-----------------------------
11:16:54.718 OS Version: Windows 5.1.2600 Service Pack 3
11:16:54.718 Number of processors: 2 586 0x403
11:16:54.718 ComputerName: BRUCE-OFFICE UserName: Bruce
11:16:55.453 Initialize success
11:18:15.468 AVAST engine defs: 12071500
11:19:07.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
11:19:07.984 Disk 0 Vendor: ST3160828AS 8.04 Size: 152587MB BusType: 3
11:19:07.984 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000066
11:19:07.984 Disk 1 Vendor: Size: 152587MB BusType: 0
11:19:08.000 Disk 0 MBR read successfully
11:19:08.015 Disk 0 MBR scan
11:19:08.062 Disk 0 unknown MBR code
11:19:08.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
11:19:08.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147785 MB offset 96390
11:19:08.109 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
11:19:08.109 Disk 0 scanning sectors +312496380
11:19:08.187 Disk 0 scanning C:\WINDOWS\system32\drivers
11:19:19.765 Service scanning
11:19:36.515 Modules scanning
11:19:42.546 Disk 0 trace - called modules:
11:19:42.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:19:42.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f84ab8]
11:19:42.578 3 CLASSPNP.SYS[f76a2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f87d98]
11:19:43.015 AVAST engine scan C:\WINDOWS
11:19:50.718 AVAST engine scan C:\WINDOWS\system32
11:22:51.406 AVAST engine scan C:\WINDOWS\system32\drivers
11:23:09.812 AVAST engine scan C:\Documents and Settings\Bruce
11:27:01.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\MBR.dat"
11:27:01.625 The log file has been saved successfully to "C:\Documents and Settings\Bruce\Desktop\aswMBR.txt"

Eset
C:\Documents and Settings\Bruce\Local Settings\Application Data\{abad4498-c8f7-8450-be56-97a3ef6f61bf}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Bruce\Local Settings\Application Data\{abad4498-c8f7-8450-be56-97a3ef6f61bf}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Documents and Settings\Bruce\Local Settings\Temp\ICReinstall\cnet2_Pazera_Free_MP4_to_AVI_Converter_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1846213928-882383356-3278438763-1005\Dc114.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP409\A0038626.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\WINDOWS\Installer\{abad4498-c8f7-8450-be56-97a3ef6f61bf}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{abad4498-c8f7-8450-be56-97a3ef6f61bf}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 15 July 2012 - 07:05 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 bison

bison
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 July 2012 - 11:12 PM

FSS
Farbar Service Scanner Version: 08-07-2012
Ran by Bruce (administrator) on 15-07-2012 at 17:57:24
Running from "C:\Documents and Settings\Bruce\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A0000000400000001000000020000000300000009000000080000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MB

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bruce :: BRUCE-OFFICE [administrator]

7/15/2012 6:00:53 PM
mbam-log-2012-07-15 (18-00-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342618
Time elapsed: 1 hour(s), 31 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 15-07-2012
Ran by Bruce (administrator) on 15-07-2012 at 21:10:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Bruce-Office

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-BA-A8-DA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.15

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 11:06:15 AM

Lease Expires . . . . . . . . . . : Monday, July 16, 2012 11:06:15 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.39, 74.125.224.34, 74.125.224.46, 74.125.224.41
74.125.224.40, 74.125.224.37, 74.125.224.36, 74.125.224.35, 74.125.224.32
74.125.224.38, 74.125.224.33



Pinging google.com [74.125.224.104] with 32 bytes of data:



Reply from 74.125.224.104: bytes=32 time=19ms TTL=55

Reply from 74.125.224.104: bytes=32 time=19ms TTL=55



Ping statistics for 74.125.224.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 19ms, Average = 19ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=20ms TTL=53

Reply from 72.30.38.140: bytes=32 time=107ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 107ms, Average = 63ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f ba a8 da ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.15 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.15 192.168.1.15 20
192.168.1.0 255.255.255.0 192.168.1.15 192.168.1.15 20
192.168.1.15 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.15 192.168.1.15 20
224.0.0.0 240.0.0.0 192.168.1.15 192.168.1.15 20
255.255.255.255 255.255.255.255 192.168.1.15 192.168.1.15 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38240610

Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38240610

Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13828

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13828

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11875

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11875

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922


System errors:
=============
Error: (07/15/2012 11:08:07 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (07/15/2012 11:07:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/15/2012 10:40:09 AM) (Source: DCOM) (User: BRUCE-OFFICE)
Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.

Error: (07/15/2012 09:23:37 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (07/15/2012 09:23:04 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/15/2012 07:49:24 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (07/15/2012 07:48:51 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/14/2012 09:55:22 AM) (Source: DCOM) (User: BRUCE-OFFICE)
Description: The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.

Error: (07/13/2012 05:26:31 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (07/13/2012 04:01:20 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1335.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38240610

Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38240610

Error: (07/14/2012 08:53:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13828

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13828

Error: (07/13/2012 10:16:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11875

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11875

Error: (07/13/2012 10:16:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2012 10:16:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9922


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
6400_Help (Version: 1.00.0000)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Any Video Converter 3.4.0
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
CCleaner (Version: 2.36)
CloneCD
Cobian Backup 10
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Paint Shop Pro X (Version: 10.0)
Corel Photo Album 6 (Version: 6.00)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell ResourceCD
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Content Portal (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 12.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Easy Thumbnails (Remove only) (Version: 3.0)
EducateU (Version: 1.00.0000)
ELIcon (Version: 1.00.0000)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
eSupportQFolder (Version: 1.00.0000)
eXplorist Wizard
Fax (Version: 120.0.194.000)
File Uploader (Version: 1.2.5)
Flickr Uploadr 3.1.4
FlipShare (Version: 5.0.5.52727)
Foxit Reader (Version: 4.3.1.323)
GIMP 2.6.11 (Version: 2.6.11)
Google AFE
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J6400 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.005.003)
HP_Network_UserGuide (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 100.0.170.000)
iDailyDiary 3.61
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
iTunes (Version: 10.6.1.7)
J6400 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LAME v3.98.3 for Audacity
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MapSend Topo 3D USA
MarketResearch (Version: 100.0.170.000)
McAfee Clean Up Tool
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Digital Image Suite 2006 (Version: 11.0.0422)
Microsoft Digital Image Suite 2006 Editor (Version: 11.0.0422)
Microsoft Digital Image Suite 2006 Library (Version: 11.0.0422)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mozilla Thunderbird 13.0.1 (x86 en-US) (Version: 13.0.1)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 110.0.180.000)
NetZeroInstallers (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Otto
PrimoPDF (Version: 4.0.1)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.69.80.9)
RealPlayer Basic
Recuva (Version: 1.40)
SanDisk ImageMate/SecureMate
Scan (Version: 10.1.0.0)
Scouting Assistant version 1.4.0.1 (Version: 1.4.0.1)
Shop for HP Supplies (Version: 10.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic DLA (Version: 4.95)
Sonic Encoders (Version: 1.00)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SpywareBlaster 4.4 (Version: 4.4.0)
Status (Version: 110.0.180.000)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 110.0.180.000)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
VideoPad Video Editor
VideoToolkit01 (Version: 100.0.128.000)
Viewpoint Media Player
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Backup Utility (Version: 5.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 20.5.2011.0)

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1022.07 MB
Available physical RAM: 381.39 MB
Total Pagefile: 2458.71 MB
Available Pagefile: 1679.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:144.32 GB) (Free:75.47 GB) NTFS
2 Drive d: (St. Marks School Grad Party 201) (CDROM) (Total:2.83 GB) (Free:0 GB) UDF
5 Drive g: (Backup Drive) (Fixed) (Total:931.48 GB) (Free:542.96 GB) NTFS

========================= Users: ========================================

User accounts for \\BRUCE-OFFICE

Administrator Bruce Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 15 July 2012 - 11:23 PM

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files

Click ok,now go to

C:\Documents and Settings\Bruce\Local Settings\Application Data\{abad4498-c8f7-8450-be56-97a3ef6f61bf}
C:\WINDOWS\Installer\{abad4498-c8f7-8450-be56-97a3ef6f61bf}

delete both the folders

Create a restore point before trying this

Download

SharedAccess
wscsvc

Launch the registry keys and click YES

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Remove Policies Set By Infections
Repair Winsock & DNS Cache

Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Edited by narenxp, 15 July 2012 - 11:24 PM.


#7 bison

bison
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 16 July 2012 - 06:57 PM

Did it all - no problems.

I assume you meant to re-run FSS and post a new log - here it is:

Farbar Service Scanner Version: 08-07-2012
Ran by Bruce (administrator) on 16-07-2012 at 16:56:30
Running from "C:\Documents and Settings\Bruce\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A0000000400000001000000020000000300000009000000080000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 16 July 2012 - 07:52 PM

Any current issues?

#9 bison

bison
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 16 July 2012 - 08:48 PM

Nope - looks good thanks! What was wrong (in simple terms)? Also any recommendation for backup software? The one I use (Cobian) seems to make the computer awful slow.

Thanks!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 16 July 2012 - 08:54 PM

Nope - looks good thanks! What was wrong (in simple terms)? Also any recommendation for backup software? The one I use (Cobian) seems to make the computer awful slow.


You were infected by zero access rootkit.I would recommend Acronis or comodo

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 bison

bison
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 16 July 2012 - 11:36 PM

Awesome - THANK YOU!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:34 AM

Posted 17 July 2012 - 12:51 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users