Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 tmcgrail

tmcgrail

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 12 August 2012 - 01:10 PM

All my Google search liks are redirected.

Also, at the same time that the redirect issue started, I intermittently receive a Runtime Error "R6025 pure virtual function call".

Thanks for your help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tom at 9:35:37 on 2012-08-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -4:00]
.
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\download.dll
TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\download.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
TCP: Interfaces\{F1BE68B2-CEA1-4CA3-8942-69273F0310E7} : DhcpNameServer = 192.168.0.1 71.243.0.12
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-7-10 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-11-10 52824]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\totrec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
=============== Created Last 30 ================
.
2012-08-12 13:24:55 892 ----a-w- c:\documents and settings\all users\application data\ohxqaaa.tmp
.
==================== Find3M ====================
.
2012-07-03 21:10:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 21:10:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 9:37:02.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 14 August 2012 - 01:10 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 14 August 2012 - 09:13 PM

Gringo,

Thanks for taking the time to help. Unfortunately, Google is still being redirected.

Here's the logs you requested:


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 34% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


ComboFix 12-08-14.05 - Tom 08/14/2012 21:05:09.12.2 - x86
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ohxqaaa.tmp
c:\documents and settings\Tom\Application Data\PriceGong
c:\documents and settings\Tom\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\413.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\488.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Tom\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Tom\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Tom\Application Data\Tomlog.dat
c:\windows\EventSystem.log
c:\windows\expl.dat
c:\windows\system32\SET100.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET108.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\svch.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\windir
c:\windows\system32\winl.dat
F:\autorun.inf
G:\autorun.inf
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-11 18:39 . 2012-08-11 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2012-08-11 18:35 . 2012-08-11 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-08-11 18:28 . 2012-08-11 18:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-08-11 18:28 . 2012-08-11 18:28 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ant.com
2012-08-11 18:28 . 2012-08-11 18:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\BabylonToolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 21:10 . 2012-04-11 00:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 21:10 . 2011-05-15 18:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2009-10-17 21:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . BFB5D90A4D0A99B1A8E9BE83571E1BA0 . 544768 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 547A470CF3B56C3BBAE7BC3085D28942 . 39424 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2007-07-29 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 9497804CDE6D699BD88E966412FA48D5 . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2011-11-27_15.42.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-10 02:27 . 2004-09-03 15:00 90112 c:\windows\system32\snymsico.dll
- 2006-11-10 02:27 . 2005-10-14 21:40 90112 c:\windows\system32\snymsico.dll
+ 2006-11-10 02:27 . 2005-05-07 00:06 16480 c:\windows\system32\rixdicon.dll
- 2006-11-10 02:27 . 2005-10-14 21:40 16480 c:\windows\system32\rixdicon.dll
+ 2006-12-08 02:17 . 2012-01-05 02:03 48848 c:\windows\system32\Restore\rstrlog.dat
+ 2011-12-03 02:28 . 2005-10-14 21:40 28544 c:\windows\system32\ReinstallBackups\0024\DriverFiles\rimmptsk.sys
+ 2011-12-03 02:28 . 2005-10-14 21:40 16480 c:\windows\system32\ReinstallBackups\0023\DriverFiles\rixdicon.dll
+ 2011-12-03 02:28 . 2005-10-14 21:40 90112 c:\windows\system32\ReinstallBackups\0013\DriverFiles\snymsico.dll
+ 2011-12-03 02:28 . 2005-10-14 21:40 51328 c:\windows\system32\ReinstallBackups\0013\DriverFiles\rimsptsk.sys
+ 2011-12-03 01:47 . 2006-05-23 20:01 77824 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2011-12-03 01:47 . 2001-11-09 09:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2011-12-03 01:47 . 2006-05-23 19:31 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2011-12-03 01:47 . 2006-05-23 19:59 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2011-12-03 01:47 . 2006-05-23 20:01 26112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2011-12-03 01:47 . 2006-05-23 20:00 61440 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2011-12-03 01:47 . 2006-05-23 19:19 45056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2011-12-03 01:47 . 2006-05-23 20:00 41984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2011-12-03 02:28 . 2006-11-14 22:35 37376 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdptsk.sys
+ 2011-12-03 02:28 . 2005-05-07 00:06 16480 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdicon.dll
+ 2011-12-03 02:28 . 2004-09-03 15:00 90112 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\snymsico.dll
+ 2011-12-03 02:28 . 2006-11-15 00:42 43520 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\rimsptsk.sys
+ 2011-12-03 02:28 . 2006-11-15 05:16 32256 c:\windows\system32\DRVSTORE\rimmptsk_01759BDBD4096A5241053A76A22A5A5BAC1000AE\rimmptsk.sys
- 2004-08-04 05:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2004-08-04 05:08 . 2008-04-13 19:45 49408 c:\windows\system32\drivers\stream.sys
+ 2006-11-10 02:27 . 2006-11-14 22:35 37376 c:\windows\system32\drivers\rixdptsk.sys
+ 2006-11-10 02:27 . 2006-11-15 00:42 43520 c:\windows\system32\drivers\rimsptsk.sys
+ 2006-11-10 02:27 . 2006-11-15 05:16 32256 c:\windows\system32\drivers\rimmptsk.sys
- 2004-08-04 05:14 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2004-08-04 05:14 . 2008-04-13 20:18 52480 c:\windows\system32\drivers\i8042prt.sys
+ 2006-11-10 02:51 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
- 2006-11-10 02:51 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2004-08-04 05:08 . 2008-04-13 19:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2004-08-04 05:14 . 2008-04-13 20:18 52480 c:\windows\system32\dllcache\i8042prt.sys
+ 2006-11-10 02:51 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2012-08-13 04:06 . 2012-08-14 03:54 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012081320120814\index.dat
+ 2012-08-15 00:24 . 2012-08-15 00:24 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D031B9F-E66F-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 22:43 . 2012-08-11 22:43 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F43A33D0-E405-11E1-B4F0-0015C5BF02FA}.dat
+ 2012-08-14 23:29 . 2012-08-14 23:34 58880 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC0C1DA8-E667-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 01:45 . 2012-08-14 01:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C7E93ACE-E5B1-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-14 03:54 . 2012-08-14 03:54 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2C49ADA-E5C3-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-12 16:21 . 2012-08-12 16:21 25600 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C1523046-E499-11E1-B4F2-0015C5BF02FA}.dat
+ 2012-08-12 20:09 . 2012-08-12 20:10 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB297D76-E4B9-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-12 16:20 . 2012-08-12 16:26 72704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9E7AF318-E499-11E1-B4F2-0015C5BF02FA}.dat
+ 2012-08-13 01:02 . 2012-08-13 01:03 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9DDECBBB-E4E2-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 02:49 . 2012-08-14 02:55 89088 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9AA5CF46-E5BA-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-15 00:24 . 2012-08-15 00:24 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{86EBD9B0-E66F-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 20:09 . 2012-08-11 20:16 42496 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{74048EE0-E3F0-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 19:26 . 2012-08-11 19:32 30720 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B6B583C-E3EA-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 20:44 . 2012-08-11 20:44 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5EF60660-E3F5-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 13:48 . 2012-08-12 13:48 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{58B14D7E-E484-11E1-B4F2-0015C5BF02FA}.dat
+ 2012-08-11 20:01 . 2012-08-11 20:01 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{564295E2-E3EF-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 21:04 . 2012-08-12 21:04 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{556E48A0-E4C1-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 08:16 . 2012-08-14 08:22 26112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CA2FB8E-E5E8-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 20:15 . 2012-08-11 20:15 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{41FF985E-E3F1-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 22:34 . 2012-08-14 22:34 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3CBB17F2-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-13 04:06 . 2012-08-13 04:12 76800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36277771-E4FC-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 22:38 . 2012-08-11 22:42 44032 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{33E8C410-E405-11E1-B4F0-0015C5BF02FA}.dat
+ 2012-08-11 20:43 . 2012-08-11 20:44 51712 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3351BAF4-E3F5-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 03:45 . 2012-08-12 03:45 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1AC51B22-E430-11E1-B4F0-0015C5BF02FA}.dat
+ 2012-08-11 19:23 . 2012-08-11 19:27 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0C0FAA96-E3EA-11E1-B4EF-0015C5BF02FA}.dat
- 2011-11-13 09:00 . 2011-11-23 01:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-13 09:00 . 2012-08-14 23:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-11 18:28 . 2012-08-15 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2011-11-05 16:16 . 2012-08-14 23:29 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-11-05 16:16 . 2011-11-26 02:12 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-08-11 18:35 . 2012-08-15 00:24 52098 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2011-12-03 01:44 . 2011-12-03 01:44 94208 c:\windows\Installer\710da.msi
- 2011-10-12 22:36 . 2011-10-12 22:36 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-12 22:36 . 2012-07-03 03:19 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2006-11-10 02:51 . 2008-04-14 01:11 4096 c:\windows\system32\ksuser.dll
- 2006-11-10 02:51 . 2008-04-14 00:11 4096 c:\windows\system32\ksuser.dll
+ 2006-11-10 02:51 . 2008-04-14 01:11 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2012-08-14 22:46 . 2012-08-14 22:46 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{D9F3086B-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 22:46 . 2012-08-14 22:46 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{D9F30868-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 08:22 . 2012-08-15 00:24 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{22EA544F-E5E9-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-14 22:46 . 2012-08-14 22:46 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{D9F3086C-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 22:46 . 2012-08-14 22:46 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{D9F30869-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 01:18 . 2012-08-14 01:18 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FAB4F797-E5AD-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-14 22:39 . 2012-08-14 22:45 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EFFDE6D1-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 20:20 . 2012-08-11 20:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{ED1E9FFD-E3F1-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 20:41 . 2012-08-11 20:44 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{ECC585E1-E3F4-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 23:29 . 2012-08-14 23:36 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EC0C1DA7-E667-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-14 01:25 . 2012-08-14 01:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E66A5349-E5AE-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 19:01 . 2012-08-11 19:01 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E39BA67F-E3E6-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-14 01:39 . 2012-08-14 01:45 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DE70137F-E5B0-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 18:53 . 2012-08-11 18:53 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DB3BC4B1-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-13 04:32 . 2012-08-13 04:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D5427576-E4FF-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 19:57 . 2012-08-11 19:57 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D39AD7CF-E3EE-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 19:14 . 2012-08-11 19:14 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C8B98109-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 03:54 . 2012-08-14 03:54 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C2C49AD9-E5C3-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 19:14 . 2012-08-11 19:14 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BAF0E8B9-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 19:49 . 2012-08-11 19:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AE92D23F-E3ED-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 20:09 . 2012-08-12 20:09 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AB297D75-E4B9-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-12 16:20 . 2012-08-12 16:21 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9E7AF317-E499-11E1-B4F2-0015C5BF02FA}.dat
+ 2012-08-13 01:02 . 2012-08-13 01:02 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9DDECBBA-E4E2-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 02:49 . 2012-08-14 02:55 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9AA5CF45-E5BA-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-12 19:04 . 2012-08-12 19:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{990A2445-E4B0-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-15 00:24 . 2012-08-15 00:24 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{86EBD9AF-E66F-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-12 23:43 . 2012-08-12 23:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{78F24427-E4D7-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 20:09 . 2012-08-11 20:15 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{74048EDF-E3F0-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 19:26 . 2012-08-11 19:26 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B6B583B-E3EA-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 18:50 . 2012-08-11 18:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{615C5025-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-12 13:48 . 2012-08-12 13:48 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{58B14D7D-E484-11E1-B4F2-0015C5BF02FA}.dat
+ 2012-08-11 20:01 . 2012-08-11 20:01 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{564295E1-E3EF-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 21:04 . 2012-08-12 21:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{556E489F-E4C1-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-12 20:00 . 2012-08-12 20:00 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{501ACE7B-E4B8-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 18:49 . 2012-08-11 18:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3DB5A65D-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-14 22:34 . 2012-08-14 22:34 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3CBB17F1-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-13 04:06 . 2012-08-13 04:06 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{36277770-E4FC-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 22:38 . 2012-08-11 22:43 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{33E8C40F-E405-11E1-B4F0-0015C5BF02FA}.dat
+ 2012-08-11 19:10 . 2012-08-11 19:10 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2BFBA83D-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 08:15 . 2012-08-14 08:22 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2ABC8BE1-E5E8-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-12 03:45 . 2012-08-12 03:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1AC51B21-E430-11E1-B4F0-0015C5BF02FA}.dat
+ 2012-08-14 01:12 . 2012-08-14 01:12 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1367542F-E5AD-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 18:40 . 2012-08-11 18:40 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{12A971B1-E3E4-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-11 19:23 . 2012-08-11 19:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0C0FAA95-E3EA-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 01:18 . 2012-08-14 01:25 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FAB4F798-E5AD-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-14 01:25 . 2012-08-14 01:25 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E66A534A-E5AE-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 19:01 . 2012-08-11 19:01 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E39BA680-E3E6-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-14 01:39 . 2012-08-14 01:39 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE701380-E5B0-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 18:53 . 2012-08-11 18:53 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DB3BC4B2-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-11 19:57 . 2012-08-11 19:57 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D39AD7D0-E3EE-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 23:36 . 2012-08-14 23:36 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD9AB622-E668-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 19:14 . 2012-08-11 19:14 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C8B9810A-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 23:02 . 2012-08-12 23:02 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C41802D6-E4D1-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-11 19:14 . 2012-08-11 19:14 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BAF0E8BA-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 22:45 . 2012-08-14 22:46 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B15CC04C-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 19:49 . 2012-08-11 19:49 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE92D240-E3ED-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 19:04 . 2012-08-12 19:05 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{990A2446-E4B0-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 02:55 . 2012-08-14 02:55 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{87FEC8D4-E5BB-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-12 23:43 . 2012-08-12 23:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{78F24428-E4D7-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 22:43 . 2012-08-14 22:46 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7309C7A4-E661-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 18:50 . 2012-08-11 18:50 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{615C5026-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-11 20:01 . 2012-08-11 20:01 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{564295E3-E3EF-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-12 20:00 . 2012-08-12 20:00 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{501ACE7C-E4B8-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 22:34 . 2012-08-14 22:34 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{42CD9530-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 18:49 . 2012-08-11 18:49 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3DB5A65E-E3E5-11E1-B4EE-0015C5BF02FA}.dat
+ 2012-08-14 22:34 . 2012-08-14 22:34 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3CBB17F3-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 19:10 . 2012-08-11 19:10 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2BFBA83E-E3E8-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-14 01:12 . 2012-08-14 01:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{13675430-E5AD-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 18:40 . 2012-08-11 18:41 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{12A971B2-E3E4-11E1-B4EE-0015C5BF02FA}.dat
+ 2006-11-10 02:27 . 2007-05-10 15:23 270336 c:\windows\system32\stacapi.dll
+ 2011-12-03 01:33 . 2007-08-21 14:58 146944 c:\windows\system32\st325602.dll
+ 2011-12-03 02:28 . 2005-10-14 21:40 307968 c:\windows\system32\ReinstallBackups\0023\DriverFiles\rixdptsk.sys
+ 2011-12-03 01:47 . 2006-05-23 20:01 114688 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2011-12-03 01:47 . 2006-05-23 19:32 204800 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2011-12-03 01:47 . 2006-05-23 20:10 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2011-12-03 01:47 . 2006-04-28 14:05 127614 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2011-12-03 01:47 . 2006-05-23 19:33 290816 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGR.dll
+ 2011-12-03 01:47 . 2006-05-23 19:59 409600 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2011-12-03 01:47 . 2006-05-23 20:06 260096 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2011-12-03 01:47 . 2006-05-23 19:25 282624 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2005-08-16 10:18 . 2012-08-12 19:05 449980 c:\windows\system32\perfc009.dat
+ 2012-07-03 21:10 . 2012-07-03 21:10 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-07-03 21:10 . 2012-07-03 21:10 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-04-11 00:10 . 2012-07-03 21:10 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-03-16 17:58 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
- 2004-03-16 17:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
- 2004-08-04 05:15 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
+ 2004-08-04 05:15 . 2008-04-13 20:16 141056 c:\windows\system32\drivers\ks.sys
+ 2004-03-16 17:58 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-04 05:15 . 2008-04-13 20:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2012-08-14 04:01 . 2012-08-15 00:24 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012081420120815\index.dat
+ 2012-08-13 04:06 . 2012-08-13 04:06 294912 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012080620120813\index.dat
+ 2006-11-16 00:00 . 2012-08-15 00:25 720896 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-08-14 22:39 . 2012-08-14 22:46 396288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EFFDE6D2-E660-11E1-B4F5-0015C5BF02FA}.dat
+ 2012-08-11 20:20 . 2012-08-11 20:25 338944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED1E9FFE-E3F1-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-11 20:41 . 2012-08-11 20:44 163840 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ECC585E2-E3F4-11E1-B4EF-0015C5BF02FA}.dat
+ 2012-08-13 04:32 . 2012-08-13 04:36 199680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5427577-E4FF-11E1-B4F3-0015C5BF02FA}.dat
+ 2012-08-14 08:15 . 2012-08-14 08:22 387072 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2ABC8BE2-E5E8-11E1-B4F4-0015C5BF02FA}.dat
+ 2012-08-11 18:28 . 2012-08-15 00:25 163840 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-10 02:51 . 2007-05-10 15:22 405504 c:\windows\stsystra.exe
+ 2011-12-03 18:09 . 2011-12-03 18:09 380928 c:\windows\Installer\{3127F76D-5335-4AC7-BD1E-2F5247A23C24}\iTunesIco.exe
+ 2006-11-10 02:51 . 2007-04-10 22:02 1601536 c:\windows\system32\stlang.dll
+ 2011-12-03 01:47 . 2006-05-23 19:45 1751296 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2011-12-03 01:47 . 2006-05-23 19:25 5050368 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2011-12-03 01:47 . 2006-05-23 19:28 6684672 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglx1.dll
+ 2011-12-03 01:47 . 2006-05-23 19:51 2754848 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2011-12-03 01:47 . 2006-05-23 20:06 1578496 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2005-08-16 10:18 . 2012-08-12 19:05 1099950 c:\windows\system32\perfh009.dat
+ 2006-11-10 02:27 . 2007-05-10 15:24 1222840 c:\windows\system32\drivers\sthda.sys
+ 2012-08-11 18:28 . 2012-08-15 00:24 1146880 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2011-12-03 18:13 . 2011-12-03 18:13 9474048 c:\windows\Installer\27184f.msi
+ 2011-12-03 18:09 . 2011-12-03 18:09 5769728 c:\windows\Installer\2715a2.msi
+ 2011-12-03 18:03 . 2011-12-03 18:03 1717248 c:\windows\Installer\270a19.msi
+ 2012-01-23 18:08 . 2012-01-23 18:08 1104896 c:\windows\Installer\124fc72c.msi
+ 2011-11-27 16:27 . 2011-11-27 16:27 1094656 c:\windows\Installer\124c1a.msi
+ 2012-07-03 03:18 . 2012-07-03 03:18 20343808 c:\windows\Installer\11112c8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-07-03 686280]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 19:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 23:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 16:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-11-22 21:23 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [6/29/2011 2:26 PM 520216]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 9:23 AM 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [11/10/2010 11:15 PM 52824]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-07-20 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-11-11 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 21:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,1f,f1,10,f4,90,0a,42,af,03,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,1f,f1,10,f4,90,0a,42,af,03,db,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-14 21:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 01:48
ComboFix2.txt 2011-11-30 01:50
ComboFix3.txt 2011-11-29 01:27
ComboFix4.txt 2011-07-08 03:18
ComboFix5.txt 2011-12-01 00:09
.
Pre-Run: 10,588,602,368 bytes free
Post-Run: 12,226,129,920 bytes free
.
- - End Of File - - 7EDA4881FC264C8AE5E44F1965B5D56D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 14 August 2012 - 09:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 15 August 2012 - 09:18 PM

Gringo,

TDSSKiller found no threats; MBR found some infected files.

Here's the logs:


21:27:28.0546 3824 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:27:28.0953 3824 ============================================================
21:27:28.0953 3824 Current date / time: 2012/08/15 21:27:28.0953
21:27:28.0953 3824 SystemInfo:
21:27:28.0953 3824
21:27:28.0953 3824 OS Version: 5.1.2600 ServicePack: 3.0
21:27:28.0953 3824 Product type: Workstation
21:27:28.0953 3824 ComputerName: DAD
21:27:28.0953 3824 UserName: Tom
21:27:28.0953 3824 Windows directory: C:\WINDOWS
21:27:28.0953 3824 System windows directory: C:\WINDOWS
21:27:28.0953 3824 Processor architecture: Intel x86
21:27:28.0953 3824 Number of processors: 2
21:27:28.0953 3824 Page size: 0x1000
21:27:28.0953 3824 Boot type: Normal boot
21:27:28.0953 3824 ============================================================
21:27:30.0968 3824 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:27:30.0968 3824 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:27:30.0984 3824 Drive \Device\Harddisk2\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:27:30.0984 3824 ============================================================
21:27:30.0984 3824 \Device\Harddisk0\DR0:
21:27:30.0984 3824 MBR partitions:
21:27:30.0984 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xACECF57
21:27:31.0000 3824 \Device\Harddisk1\DR5:
21:27:31.0000 3824 MBR partitions:
21:27:31.0000 3824 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:27:31.0000 3824 \Device\Harddisk2\DR7:
21:27:31.0000 3824 MBR partitions:
21:27:31.0000 3824 \Device\Harddisk2\DR7\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:27:31.0000 3824 ============================================================
21:27:31.0078 3824 C: <-> \Device\Harddisk0\DR0\Partition1
21:27:31.0140 3824 F: <-> \Device\Harddisk1\DR5\Partition1
21:27:31.0171 3824 G: <-> \Device\Harddisk2\DR7\Partition1
21:27:31.0265 3824 ============================================================
21:27:31.0265 3824 Initialize success
21:27:31.0265 3824 ============================================================
21:27:39.0562 3816 ============================================================
21:27:39.0562 3816 Scan started
21:27:39.0562 3816 Mode: Manual;
21:27:39.0562 3816 ============================================================
21:27:40.0265 3816 ================ Scan services =============================
21:27:40.0875 3816 Abiosdsk - ok
21:27:40.0937 3816 [ 6abb91494fe6c59089b9336452ab2ea3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:27:40.0953 3816 abp480n5 - ok
21:27:41.0078 3816 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:27:41.0140 3816 ACPI - ok
21:27:41.0171 3816 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:27:41.0171 3816 ACPIEC - ok
21:27:41.0250 3816 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:27:41.0312 3816 adpu160m - ok
21:27:41.0421 3816 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:27:41.0500 3816 aec - ok
21:27:41.0546 3816 [ a7b8a3a79d35215d798a300df49ed23f ] Afc C:\WINDOWS\system32\drivers\Afc.sys
21:27:41.0546 3816 Afc - ok
21:27:41.0640 3816 [ 7e775010ef291da96ad17ca4b17137d7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:27:41.0703 3816 AFD - ok
21:27:41.0781 3816 [ 08fd04aa961bdc77fb983f328334e3d7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:27:41.0796 3816 agp440 - ok
21:27:41.0859 3816 [ 03a7e0922acfe1b07d5db2eeb0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:27:41.0890 3816 agpCPQ - ok
21:27:41.0953 3816 [ c23ea9b5f46c7f7910db3eab648ff013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:27:41.0953 3816 Aha154x - ok
21:27:42.0000 3816 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:27:42.0031 3816 aic78u2 - ok
21:27:42.0078 3816 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:27:42.0109 3816 aic78xx - ok
21:27:42.0140 3816 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:27:42.0156 3816 Alerter - ok
21:27:42.0203 3816 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
21:27:42.0203 3816 ALG - ok
21:27:42.0234 3816 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:27:42.0234 3816 AliIde - ok
21:27:42.0281 3816 [ cb08aed0de2dd889a8a820cd8082d83c ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:27:42.0296 3816 alim1541 - ok
21:27:42.0343 3816 [ 95b4fb835e28aa1336ceeb07fd5b9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:27:42.0359 3816 amdagp - ok
21:27:42.0390 3816 [ 79f5add8d24bd6893f2903a3e2f3fad6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:27:42.0390 3816 amsint - ok
21:27:42.0796 3816 [ c710b5d634dccf966661939193175de4 ] AntUpdaterService C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
21:27:43.0078 3816 AntUpdaterService - ok
21:27:43.0125 3816 [ ec94e05b76d033b74394e7b2175103cf ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:27:43.0125 3816 APPDRV - ok
21:27:43.0265 3816 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:27:43.0281 3816 Apple Mobile Device - ok
21:27:43.0421 3816 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:27:43.0515 3816 AppMgmt - ok
21:27:43.0578 3816 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:27:43.0609 3816 Arp1394 - ok
21:27:43.0687 3816 [ 62d318e9a0c8fc9b780008e724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:27:43.0703 3816 asc - ok
21:27:43.0734 3816 [ 69eb0cc7714b32896ccbfd5edcbea447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:27:43.0734 3816 asc3350p - ok
21:27:43.0765 3816 [ 5d8de112aa0254b907861e9e9c31d597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:27:43.0765 3816 asc3550 - ok
21:27:43.0968 3816 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:27:44.0031 3816 aspnet_state - ok
21:27:44.0078 3816 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:27:44.0093 3816 AsyncMac - ok
21:27:44.0171 3816 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:27:44.0187 3816 atapi - ok
21:27:44.0187 3816 Atdisk - ok
21:27:44.0453 3816 [ 3b11be07af444314794372af5d7c9a5a ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:27:44.0671 3816 Ati HotKey Poller - ok
21:27:45.0609 3816 [ 2573c08729dd52b7b4f18df1592e0b37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:27:45.0625 3816 ati2mtag - ok
21:27:45.0703 3816 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:27:45.0750 3816 Atmarpc - ok
21:27:45.0812 3816 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:27:45.0812 3816 AudioSrv - ok
21:27:45.0828 3816 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:27:45.0843 3816 audstub - ok
21:27:46.0187 3816 [ b89bcf0a25aeb3b47030ac83287f894a ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:27:46.0515 3816 BCM43XX - ok
21:27:46.0593 3816 [ 6489310d11971f6ba6c7f49be0baf6e0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:27:46.0593 3816 bcm4sbxp - ok
21:27:46.0625 3816 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:27:46.0625 3816 Beep - ok
21:27:46.0937 3816 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:27:47.0140 3816 Bonjour Service - ok
21:27:47.0234 3816 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
21:27:47.0250 3816 Browser - ok
21:27:47.0250 3816 catchme - ok
21:27:47.0281 3816 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:27:47.0296 3816 cbidf - ok
21:27:47.0312 3816 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:27:47.0312 3816 cbidf2k - ok
21:27:47.0343 3816 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:27:47.0359 3816 CCDECODE - ok
21:27:47.0390 3816 [ f3ec03299634490e97bbce94cd2954c7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:27:47.0421 3816 cd20xrnt - ok
21:27:47.0453 3816 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:27:47.0468 3816 Cdaudio - ok
21:27:47.0546 3816 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:27:47.0562 3816 Cdfs - ok
21:27:47.0625 3816 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:27:47.0656 3816 Cdrom - ok
21:27:47.0656 3816 Changer - ok
21:27:47.0687 3816 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:27:47.0750 3816 CiSvc - ok
21:27:47.0796 3816 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:27:47.0812 3816 ClipSrv - ok
21:27:47.0875 3816 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:27:48.0031 3816 clr_optimization_v2.0.50727_32 - ok
21:27:48.0062 3816 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:27:48.0062 3816 CmBatt - ok
21:27:48.0125 3816 [ e5dcb56c533014ecbc556a8357c929d5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:27:48.0125 3816 CmdIde - ok
21:27:48.0156 3816 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:27:48.0156 3816 Compbatt - ok
21:27:48.0171 3816 COMSysApp - ok
21:27:48.0218 3816 [ 9dbd4a34f6f292ab4ddc3b209ec07c2f ] CO_Mon C:\WINDOWS\system32\Drivers\CO_Mon.sys
21:27:48.0250 3816 CO_Mon - ok
21:27:48.0265 3816 [ 3ee529119eed34cd212a215e8c40d4b6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:27:48.0281 3816 Cpqarray - ok
21:27:48.0359 3816 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:27:48.0406 3816 CryptSvc - ok
21:27:48.0531 3816 [ e550e7418984b65a78299d248f0a7f36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:27:48.0687 3816 dac2w2k - ok
21:27:48.0718 3816 [ 683789caa3864eb46125ae86ff677d34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:27:48.0718 3816 dac960nt - ok
21:27:48.0968 3816 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:27:49.0421 3816 DcomLaunch - ok
21:27:49.0546 3816 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:27:49.0593 3816 Dhcp - ok
21:27:49.0640 3816 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:27:49.0656 3816 Disk - ok
21:27:49.0656 3816 dmadmin - ok
21:27:50.0140 3816 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:27:50.0578 3816 dmboot - ok
21:27:50.0671 3816 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:27:50.0718 3816 dmio - ok
21:27:50.0765 3816 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:27:50.0765 3816 dmload - ok
21:27:50.0828 3816 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:27:50.0843 3816 dmserver - ok
21:27:50.0890 3816 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:27:50.0921 3816 DMusic - ok
21:27:50.0968 3816 [ 474b4dc3983173e4b4c9740b0dac98a6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:27:50.0968 3816 Dnscache - ok
21:27:51.0078 3816 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:27:51.0156 3816 Dot3svc - ok
21:27:51.0187 3816 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:27:51.0203 3816 dpti2o - ok
21:27:51.0250 3816 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:27:51.0250 3816 drmkaud - ok
21:27:51.0312 3816 [ e814854e6b246ccf498874839ab64d77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
21:27:51.0328 3816 drvmcdb - ok
21:27:51.0359 3816 [ ee83a4ebae70bc93cf14879d062f548b ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
21:27:51.0375 3816 drvnddm - ok
21:27:51.0421 3816 [ b2c3f71b86e25c3df78339ddb40a7562 ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
21:27:51.0421 3816 dsNcAdpt - ok
21:27:51.0812 3816 [ 42c22c0d63da380807da2781c6c6d38a ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
21:27:52.0156 3816 dsNcService - ok
21:27:52.0234 3816 [ 2ac2372ffad9adc85672cc8e8ae14be9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
21:27:52.0250 3816 DSproct - ok
21:27:52.0343 3816 [ 3fca03cbca11269f973b70fa483c88ef ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:27:52.0406 3816 E100B - ok
21:27:52.0468 3816 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:27:52.0484 3816 EapHost - ok
21:27:52.0718 3816 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
21:27:52.0859 3816 ehRecvr - ok
21:27:52.0953 3816 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
21:27:53.0000 3816 ehSched - ok
21:27:53.0046 3816 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:27:53.0046 3816 ERSvc - ok
21:27:53.0156 3816 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:27:53.0187 3816 Eventlog - ok
21:27:53.0375 3816 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
21:27:53.0468 3816 EventSystem - ok
21:27:53.0593 3816 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:27:53.0687 3816 Fastfat - ok
21:27:53.0812 3816 [ 1926899bf9ffe2602b63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:27:53.0890 3816 FastUserSwitchingCompatibility - ok
21:27:54.0062 3816 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:27:54.0203 3816 Fax - ok
21:27:54.0250 3816 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:27:54.0265 3816 Fdc - ok
21:27:54.0281 3816 [ 093913a016845fe257ed9b7fc8e28ed8 ] FileDisk C:\WINDOWS\system32\drivers\FileDisk.sys
21:27:54.0296 3816 FileDisk - ok
21:27:54.0359 3816 [ bcef16e3aedd1b44bca45f748d975d73 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:27:54.0375 3816 FilterService - ok
21:27:54.0406 3816 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:27:54.0406 3816 Fips - ok
21:27:54.0453 3816 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:27:54.0468 3816 Flpydisk - ok
21:27:54.0578 3816 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:27:54.0609 3816 FltMgr - ok
21:27:54.0734 3816 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:27:54.0781 3816 FontCache3.0.0.0 - ok
21:27:54.0828 3816 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:27:54.0843 3816 Fs_Rec - ok
21:27:54.0906 3816 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:27:54.0953 3816 Ftdisk - ok
21:27:55.0000 3816 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:27:55.0000 3816 GEARAspiWDM - ok
21:27:55.0046 3816 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:27:55.0078 3816 Gpc - ok
21:27:55.0203 3816 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:27:55.0218 3816 HDAudBus - ok
21:27:55.0312 3816 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:27:55.0312 3816 helpsvc - ok
21:27:55.0312 3816 HidServ - ok
21:27:55.0359 3816 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:27:55.0359 3816 HidUsb - ok
21:27:55.0421 3816 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:27:55.0468 3816 hkmsvc - ok
21:27:55.0500 3816 [ b028377dea0546a5fcfba928a8aefae0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:27:55.0515 3816 hpn - ok
21:27:55.0671 3816 [ 1c8caa80e91fb71864e9426f9eed048d ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:27:55.0796 3816 HSFHWAZL - ok
21:27:56.0390 3816 [ 698204d9c2832e53633e53a30a53fc3d ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:27:56.0937 3816 HSF_DPV - ok
21:27:57.0125 3816 [ f6aacf5bce2893e0c1754afeb672e5c9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:27:57.0265 3816 HTTP - ok
21:27:57.0312 3816 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:27:57.0343 3816 HTTPFilter - ok
21:27:57.0375 3816 [ 9368670bd426ebea5e8b18a62416ec28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:27:57.0375 3816 i2omgmt - ok
21:27:57.0421 3816 [ f10863bf1ccc290babd1a09188ae49e0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:27:57.0437 3816 i2omp - ok
21:27:57.0500 3816 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:27:57.0531 3816 i8042prt - ok
21:27:57.0703 3816 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:27:57.0781 3816 IDriverT - ok
21:27:58.0312 3816 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:27:58.0796 3816 idsvc - ok
21:27:58.0875 3816 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:27:58.0890 3816 Imapi - ok
21:27:59.0015 3816 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:27:59.0093 3816 ImapiService - ok
21:27:59.0203 3816 [ 1da147acb525a4822228be06154c7cbb ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
21:27:59.0203 3816 InCDfs - ok
21:27:59.0234 3816 [ 2ec469a401ae6fe7a67d80effd3091b1 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
21:27:59.0234 3816 InCDPass - ok
21:27:59.0265 3816 [ 544498d06b8ca187a5960b4f3b4bd63e ] InCDRec C:\WINDOWS\system32\drivers\InCDRec.sys
21:27:59.0265 3816 InCDRec - ok
21:27:59.0296 3816 [ 2863a00b0f64d937f0cd9561c53b5a37 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
21:27:59.0296 3816 incdrm - ok
21:28:00.0234 3816 [ ca32ea0f5fc2a36ca44ad7238f18c248 ] InCDsrv C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
21:28:01.0000 3816 InCDsrv - ok
21:28:01.0046 3816 [ 4a40e045faee58631fd8d91afc620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:28:01.0046 3816 ini910u - ok
21:28:01.0093 3816 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:28:01.0093 3816 IntelIde - ok
21:28:01.0125 3816 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:28:01.0156 3816 intelppm - ok
21:28:01.0203 3816 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:28:01.0234 3816 Ip6Fw - ok
21:28:01.0312 3816 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:28:01.0328 3816 IpFilterDriver - ok
21:28:01.0359 3816 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:28:01.0359 3816 IpInIp - ok
21:28:01.0453 3816 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:28:01.0546 3816 IpNat - ok
21:28:02.0062 3816 [ ca1972397b845b2f53f5dc63c22fd98a ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:28:02.0500 3816 iPod Service - ok
21:28:02.0578 3816 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:28:02.0625 3816 IPSec - ok
21:28:02.0671 3816 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:28:02.0671 3816 IRENUM - ok
21:28:02.0703 3816 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:28:02.0718 3816 isapnp - ok
21:28:02.0734 3816 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:28:02.0750 3816 Kbdclass - ok
21:28:02.0859 3816 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:28:02.0953 3816 kmixer - ok
21:28:03.0015 3816 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:28:03.0031 3816 KSecDD - ok
21:28:03.0125 3816 [ f385f4b02c535bffe1d70cab80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:28:03.0156 3816 lanmanserver - ok
21:28:03.0265 3816 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:28:03.0328 3816 lanmanworkstation - ok
21:28:03.0328 3816 lbrtfdc - ok
21:28:03.0359 3816 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:28:03.0359 3816 LmHosts - ok
21:28:04.0562 3816 [ 8113133ec42dd6c566908008ce913edd ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys
21:28:05.0781 3816 LVcKap - ok
21:28:05.0953 3816 [ 9e41266c68c11d7101a2d18cd1f7553e ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
21:28:06.0078 3816 LVCOMSer - ok
21:28:07.0250 3816 [ 0dd5b8af4917a2821047450195c511b3 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
21:28:08.0421 3816 LVMVDrv - ok
21:28:09.0500 3816 [ e1158b0cb852db0573922c92e6e564de ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
21:28:10.0578 3816 lvpopflt - ok
21:28:10.0640 3816 [ 406b1d186f75b4b4832d6237859e1b00 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:28:10.0640 3816 LVPr2Mon - ok
21:28:10.0750 3816 [ 85c2e84bc1224c75a20b5560d5a15db9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:28:10.0828 3816 LVPrcSrv - ok
21:28:10.0921 3816 [ 656180e9c0c5199520972426c44bc2f0 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
21:28:11.0000 3816 LVSrvLauncher - ok
21:28:11.0062 3816 [ be5e104be263921d6842c555db6a5c23 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:28:11.0062 3816 LVUSBSta - ok
21:28:13.0109 3816 [ eacd1eb2d82ed2adc753afeee1d4d660 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:28:15.0109 3816 LVUVC - ok
21:28:15.0281 3816 [ f96cdd0edb411c1193c5dd9925c306db ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
21:28:15.0390 3816 Maxtor Sync Service - ok
21:28:15.0484 3816 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
21:28:15.0562 3816 McrdSvc - ok
21:28:15.0812 3816 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:28:15.0984 3816 MDM - ok
21:28:16.0015 3816 [ 3c318b9cd391371bed62126581ee9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:28:16.0015 3816 mdmxsdk - ok
21:28:16.0062 3816 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:28:16.0093 3816 Messenger - ok
21:28:16.0187 3816 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
21:28:16.0234 3816 MHN - ok
21:28:16.0265 3816 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:28:16.0265 3816 MHNDRV - ok
21:28:16.0296 3816 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:28:16.0296 3816 mnmdd - ok
21:28:16.0343 3816 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:28:16.0375 3816 mnmsrvc - ok
21:28:16.0421 3816 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:28:16.0421 3816 Modem - ok
21:28:16.0468 3816 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:28:16.0484 3816 Mouclass - ok
21:28:16.0515 3816 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:28:16.0515 3816 mouhid - ok
21:28:16.0562 3816 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:28:16.0562 3816 MountMgr - ok
21:28:16.0593 3816 [ 3f4bb95e5a44f3be34824e8e7caf0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:28:16.0593 3816 mraid35x - ok
21:28:16.0734 3816 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:28:16.0734 3816 MRxDAV - ok
21:28:16.0984 3816 [ 60ae98742484e7ab80c3c1450e708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:28:17.0218 3816 MRxSmb - ok
21:28:17.0281 3816 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:28:17.0281 3816 MSDTC - ok
21:28:17.0312 3816 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:28:17.0312 3816 Msfs - ok
21:28:17.0328 3816 MSIServer - ok
21:28:17.0343 3816 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:28:17.0343 3816 MSKSSRV - ok
21:28:17.0359 3816 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:28:17.0359 3816 MSPCLOCK - ok
21:28:17.0390 3816 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:28:17.0390 3816 MSPQM - ok
21:28:17.0421 3816 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:28:17.0421 3816 mssmbios - ok
21:28:17.0453 3816 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:28:17.0468 3816 MSTEE - ok
21:28:17.0562 3816 [ 2f625d11385b1a94360bfc70aaefdee1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:28:17.0578 3816 Mup - ok
21:28:17.0640 3816 [ 216ac775320f64de28cfeb7c179c4ff9 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
21:28:17.0640 3816 MXOPSWD - ok
21:28:17.0703 3816 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:28:17.0765 3816 NABTSFEC - ok
21:28:17.0953 3816 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:28:18.0125 3816 napagent - ok
21:28:18.0250 3816 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:28:18.0312 3816 NDIS - ok
21:28:18.0328 3816 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:28:18.0343 3816 NdisIP - ok
21:28:18.0390 3816 [ 1ab3d00c991ab086e69db84b6c0ed78f ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:28:18.0390 3816 NdisTapi - ok
21:28:18.0406 3816 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:28:18.0421 3816 Ndisuio - ok
21:28:18.0484 3816 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:28:18.0531 3816 NdisWan - ok
21:28:18.0562 3816 [ 6215023940cfd3702b46abc304e1d45a ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:28:18.0593 3816 NDProxy - ok
21:28:18.0671 3816 [ a8960fa773ccc3e38515f637e19a76c0 ] NeroRegInCDSrv C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
21:28:18.0687 3816 NeroRegInCDSrv - ok
21:28:18.0718 3816 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:28:18.0718 3816 NetBIOS - ok
21:28:18.0828 3816 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:28:18.0906 3816 NetBT - ok
21:28:19.0000 3816 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
21:28:19.0062 3816 NetDDE - ok
21:28:19.0125 3816 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:28:19.0140 3816 NetDDEdsdm - ok
21:28:19.0250 3816 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:28:19.0250 3816 Netlogon - ok
21:28:19.0375 3816 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
21:28:19.0468 3816 Netman - ok
21:28:19.0562 3816 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:19.0640 3816 NetTcpPortSharing - ok
21:28:19.0718 3816 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:28:19.0750 3816 NIC1394 - ok
21:28:20.0031 3816 [ 3855171a89280fc7860dd17760754603 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
21:28:20.0265 3816 NICCONFIGSVC - ok
21:28:20.0421 3816 [ 832e4dd8964ab7acc880b2837cb1ed20 ] Nla C:\WINDOWS\System32\mswsock.dll
21:28:20.0546 3816 Nla - ok
21:28:20.0984 3816 [ cb992ae1506985d9167e85883b4c3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:28:21.0281 3816 NMIndexingService - ok
21:28:21.0328 3816 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:28:21.0328 3816 Npfs - ok
21:28:21.0671 3816 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:28:21.0953 3816 Ntfs - ok
21:28:21.0968 3816 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:28:21.0968 3816 NtLmSsp - ok
21:28:22.0265 3816 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:28:22.0500 3816 NtmsSvc - ok
21:28:22.0515 3816 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
21:28:22.0515 3816 Null - ok
21:28:23.0546 3816 [ 2b298519edbfcf451d43e0f1e8f1006d ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:28:24.0578 3816 nv - ok
21:28:24.0640 3816 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:28:24.0640 3816 NwlnkFlt - ok
21:28:24.0671 3816 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:28:24.0703 3816 NwlnkFwd - ok
21:28:24.0765 3816 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:28:24.0765 3816 ohci1394 - ok
21:28:24.0796 3816 [ b17228142cec9b3c222239fd935a37ca ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
21:28:24.0796 3816 omci - ok
21:28:24.0890 3816 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:24.0937 3816 ose - ok
21:28:25.0031 3816 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:28:25.0078 3816 Parport - ok
21:28:25.0093 3816 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:28:25.0093 3816 PartMgr - ok
21:28:25.0109 3816 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:28:25.0125 3816 ParVdm - ok
21:28:25.0171 3816 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:28:25.0171 3816 PCI - ok
21:28:25.0187 3816 PCIDump - ok
21:28:25.0203 3816 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:28:25.0203 3816 PCIIde - ok
21:28:25.0281 3816 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:28:25.0343 3816 Pcmcia - ok
21:28:25.0359 3816 PDCOMP - ok
21:28:25.0359 3816 PDFRAME - ok
21:28:25.0375 3816 PDRELI - ok
21:28:25.0375 3816 PDRFRAME - ok
21:28:25.0421 3816 [ 6c14b9c19ba84f73d3a86dba11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:28:25.0437 3816 perc2 - ok
21:28:25.0453 3816 [ f50f7c27f131afe7beba13e14a3b9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:28:25.0453 3816 perc2hib - ok
21:28:25.0546 3816 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:28:25.0546 3816 PlugPlay - ok
21:28:25.0578 3816 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:28:25.0578 3816 PolicyAgent - ok
21:28:25.0640 3816 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:28:25.0687 3816 PptpMiniport - ok
21:28:25.0703 3816 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:28:25.0703 3816 ProtectedStorage - ok
21:28:25.0765 3816 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:28:25.0796 3816 PSched - ok
21:28:25.0859 3816 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:28:25.0875 3816 Ptilink - ok
21:28:25.0921 3816 [ d86b4a68565e444d76457f14172c875a ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:28:25.0921 3816 PxHelp20 - ok
21:28:26.0000 3816 [ 0a63fb54039eb5662433caba3b26dba7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:28:26.0015 3816 ql1080 - ok
21:28:26.0062 3816 [ 6503449e1d43a0ff0201ad5cb1b8c706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:28:26.0078 3816 Ql10wnt - ok
21:28:26.0125 3816 [ 156ed0ef20c15114ca097a34a30d8a01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:28:26.0140 3816 ql12160 - ok
21:28:26.0171 3816 [ 70f016bebde6d29e864c1230a07cc5e6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:28:26.0203 3816 ql1240 - ok
21:28:26.0250 3816 [ 907f0aeea6bc451011611e732bd31fcf ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:28:26.0265 3816 ql1280 - ok
21:28:26.0296 3816 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:28:26.0296 3816 RasAcd - ok
21:28:26.0406 3816 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:28:26.0453 3816 RasAuto - ok
21:28:26.0531 3816 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:28:26.0562 3816 Rasl2tp - ok
21:28:26.0734 3816 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:28:26.0843 3816 RasMan - ok
21:28:26.0875 3816 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:28:26.0906 3816 RasPppoe - ok
21:28:26.0921 3816 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:28:26.0937 3816 Raspti - ok
21:28:27.0046 3816 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:28:27.0093 3816 Rdbss - ok
21:28:27.0125 3816 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:28:27.0125 3816 RDPCDD - ok
21:28:27.0234 3816 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:28:27.0343 3816 rdpdr - ok
21:28:27.0484 3816 [ 6728e45b66f93c08f11de2e316fc70dd ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:28:27.0578 3816 RDPWD - ok
21:28:27.0687 3816 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:28:27.0765 3816 RDSessMgr - ok
21:28:27.0812 3816 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:28:27.0843 3816 redbook - ok
21:28:27.0937 3816 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:28:27.0968 3816 RemoteAccess - ok
21:28:28.0046 3816 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:28:28.0062 3816 RemoteRegistry - ok
21:28:28.0109 3816 [ d85e3fa9f5b1f29bb4ed185c450d1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:28:28.0125 3816 rimmptsk - ok
21:28:28.0156 3816 [ db8eb01c58c9fada00c70b1775278ae0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:28:28.0156 3816 rimsptsk - ok
21:28:28.0203 3816 [ f17713d108aca124a139fde877eef68a ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
21:28:28.0218 3816 RimUsb - ok
21:28:28.0250 3816 [ d9b34325ee5df78b8f28a3de9f577c7d ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:28:28.0265 3816 RimVSerPort - ok
21:28:28.0312 3816 [ 6c1f93c0760c9f79a1869d07233df39d ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:28:28.0312 3816 rismxdp - ok
21:28:28.0375 3816 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:28:28.0390 3816 ROOTMODEM - ok
21:28:28.0500 3816 [ afd61a7c48a3e15c86a6fadf0b69a2e4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
21:28:28.0562 3816 Roxio UPnP Renderer 9 - ok
21:28:28.0765 3816 [ efbb36e2bb02169d26e9980778fc20d3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
21:28:28.0953 3816 Roxio Upnp Server 9 - ok
21:28:29.0265 3816 [ a440254f41e219aaaa1dff8d57dfe554 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
21:28:29.0453 3816 RoxLiveShare9 - ok
21:28:30.0093 3816 [ d798b432c7440863a057b006f73e4b17 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:28:30.0734 3816 RoxMediaDB9 - ok
21:28:30.0859 3816 [ 9f335c21d8ff9f992cb7e73f59488d31 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
21:28:30.0953 3816 RoxWatch9 - ok
21:28:31.0046 3816 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
21:28:31.0093 3816 RpcLocator - ok
21:28:31.0312 3816 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:28:31.0328 3816 RpcSs - ok
21:28:31.0453 3816 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:28:31.0531 3816 RSVP - ok
21:28:31.0546 3816 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:28:31.0562 3816 SamSs - ok
21:28:31.0593 3816 [ b244960e5a1db8e9d5d17086de37c1e4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
21:28:31.0593 3816 sbp2port - ok
21:28:31.0656 3816 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:28:31.0718 3816 SCardSvr - ok
21:28:31.0859 3816 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:28:31.0937 3816 Schedule - ok
21:28:32.0031 3816 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:28:32.0062 3816 sdbus - ok
21:28:32.0125 3816 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:28:32.0125 3816 Secdrv - ok
21:28:32.0156 3816 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:28:32.0156 3816 seclogon - ok
21:28:32.0203 3816 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
21:28:32.0203 3816 SENS - ok
21:28:32.0234 3816 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:28:32.0234 3816 serenum - ok
21:28:32.0296 3816 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:28:32.0328 3816 Serial - ok
21:28:32.0343 3816 [ 0fa803c64df0914b41f807ea276bf2a6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
21:28:32.0359 3816 sffdisk - ok
21:28:32.0406 3816 [ c17c331e435ed8737525c86a7557b3ac ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
21:28:32.0421 3816 sffp_sd - ok
21:28:32.0453 3816 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:28:32.0468 3816 Sfloppy - ok
21:28:32.0734 3816 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:28:32.0875 3816 SharedAccess - ok
21:28:32.0968 3816 [ 1926899bf9ffe2602b63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:28:32.0968 3816 ShellHWDetection - ok
21:28:32.0968 3816 Simbad - ok
21:28:33.0031 3816 [ 6b33d0ebd30db32e27d1d78fe946a754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:28:33.0062 3816 sisagp - ok
21:28:33.0109 3816 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:28:33.0125 3816 SLIP - ok
21:28:33.0187 3816 [ 83c0f71f86d3bdaf915685f3d568b20e ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:28:33.0187 3816 Sparrow - ok
21:28:33.0234 3816 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:28:33.0250 3816 splitter - ok
21:28:33.0312 3816 [ d8e14a61acc1d4a6cd0d38aebac7fa3b ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:28:33.0328 3816 Spooler - ok
21:28:33.0375 3816 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:28:33.0390 3816 sr - ok
21:28:33.0546 3816 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:28:33.0625 3816 srservice - ok
21:28:33.0828 3816 [ 3bb03f2ba89d2be417206c373d2af17c ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:28:33.0968 3816 Srv - ok
21:28:34.0000 3816 [ d7968049be0adbb6a57cee3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:28:34.0015 3816 sscdbhk5 - ok
21:28:34.0062 3816 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:28:34.0093 3816 SSDPSRV - ok
21:28:34.0109 3816 [ c3ffd65abfb6441e7606cf74f1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
21:28:34.0109 3816 ssrtln - ok
21:28:34.0171 3816 [ 8bb19094def583e0eece1830457444ee ] stdriver C:\WINDOWS\system32\DRIVERS\stdriver32.sys
21:28:34.0187 3816 stdriver - ok
21:28:34.0921 3816 [ 951801dfb54d86f611f0af47825476f9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
21:28:34.0937 3816 STHDA - ok
21:28:35.0140 3816 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:28:35.0312 3816 stisvc - ok
21:28:35.0328 3816 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:28:35.0359 3816 streamip - ok
21:28:35.0390 3816 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:28:35.0406 3816 swenum - ok
21:28:35.0437 3816 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:28:35.0484 3816 swmidi - ok
21:28:35.0500 3816 SwPrv - ok
21:28:35.0546 3816 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:28:35.0546 3816 symc810 - ok
21:28:35.0578 3816 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:28:35.0593 3816 symc8xx - ok
21:28:35.0625 3816 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:28:35.0640 3816 sym_hi - ok
21:28:35.0656 3816 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:28:35.0687 3816 sym_u3 - ok
21:28:35.0843 3816 [ fa2daa32bed908023272a0f77d625dae ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:28:35.0953 3816 SynTP - ok
21:28:36.0015 3816 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:28:36.0046 3816 sysaudio - ok
21:28:36.0140 3816 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:28:36.0187 3816 SysmonLog - ok
21:28:36.0359 3816 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:28:36.0484 3816 TapiSrv - ok
21:28:36.0703 3816 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:28:36.0906 3816 Tcpip - ok
21:28:36.0937 3816 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:28:36.0953 3816 TDPIPE - ok
21:28:36.0984 3816 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:28:36.0984 3816 TDTCP - ok
21:28:37.0031 3816 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:28:37.0046 3816 TermDD - ok
21:28:37.0250 3816 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
21:28:37.0390 3816 TermService - ok
21:28:37.0453 3816 [ 30698355067d07da5f9eb81132c9fdd6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
21:28:37.0468 3816 tfsnboio - ok
21:28:37.0531 3816 [ fb9d825bb4a2abdf24600f7505050e2b ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
21:28:37.0562 3816 tfsncofs - ok
21:28:37.0578 3816 [ cafd8cca11aa1e8b6d2ea1ba8f70ec33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
21:28:37.0578 3816 tfsndrct - ok
21:28:37.0593 3816 [ 8db1e78fbf7c426d8ec3d8f1a33d6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
21:28:37.0593 3816 tfsndres - ok
21:28:37.0656 3816 [ b92f67a71cc8176f331b8aa8d9f555ad ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
21:28:37.0703 3816 tfsnifs - ok
21:28:37.0734 3816 [ 85985faa9a71e2358fcc2edefc2a3c5c ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
21:28:37.0734 3816 tfsnopio - ok
21:28:37.0750 3816 [ bba22094f0f7c210567efdaf11f64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
21:28:37.0750 3816 tfsnpool - ok
21:28:37.0812 3816 [ 81340bef80b9811e98ce64611e67e3ff ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
21:28:37.0875 3816 tfsnudf - ok
21:28:37.0937 3816 [ c035fd116224ccc8325f384776b6a8bb ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
21:28:37.0984 3816 tfsnudfa - ok
21:28:38.0078 3816 [ 1926899bf9ffe2602b63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:28:38.0078 3816 Themes - ok
21:28:38.0156 3816 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:28:38.0187 3816 TlntSvr - ok
21:28:38.0250 3816 [ f2790f6af01321b172aa62f8e1e187d9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:28:38.0265 3816 TosIde - ok
21:28:38.0265 3816 TotRec8 - ok
21:28:38.0343 3816 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:28:38.0390 3816 TrkWks - ok
21:28:38.0468 3816 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:28:38.0515 3816 Udfs - ok
21:28:38.0562 3816 [ 1b698a51cd528d8da4ffaed66dfc51b9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:28:38.0578 3816 ultra - ok
21:28:38.0812 3816 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:28:39.0031 3816 Update - ok
21:28:39.0156 3816 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:28:39.0265 3816 upnphost - ok
21:28:39.0296 3816 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
21:28:39.0312 3816 UPS - ok
21:28:39.0375 3816 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:28:39.0390 3816 USBAAPL - ok
21:28:39.0453 3816 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:28:39.0484 3816 usbaudio - ok
21:28:39.0593 3816 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:28:39.0609 3816 usbccgp - ok
21:28:39.0640 3816 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:28:39.0656 3816 usbehci - ok
21:28:39.0703 3816 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:28:39.0734 3816 usbhub - ok
21:28:39.0765 3816 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:28:39.0765 3816 usbscan - ok
21:28:39.0796 3816 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:28:39.0812 3816 USBSTOR - ok
21:28:39.0843 3816 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:28:39.0843 3816 usbuhci - ok
21:28:39.0890 3816 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:28:39.0906 3816 VgaSave - ok
21:28:39.0968 3816 [ 754292ce5848b3738281b4f3607eaef4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:28:39.0984 3816 viaagp - ok
21:28:40.0015 3816 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:28:40.0031 3816 ViaIde - ok
21:28:40.0031 3816 vmusb - ok
21:28:40.0078 3816 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:28:40.0078 3816 VolSnap - ok
21:28:40.0281 3816 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
21:28:40.0437 3816 VSS - ok
21:28:40.0562 3816 [ 54af4b1d5459500ef0937f6d33b1914f ] w32time C:\WINDOWS\system32\w32time.dll
21:28:40.0656 3816 w32time - ok
21:28:40.0687 3816 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:28:40.0718 3816 Wanarp - ok
21:28:40.0718 3816 WDICA - ok
21:28:40.0781 3816 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:28:40.0828 3816 wdmaud - ok
21:28:40.0828 3816 WD_FireWire_HID - ok
21:28:40.0875 3816 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:28:40.0906 3816 WebClient - ok
21:28:41.0343 3816 [ 74cf3f2e4e40c4a2e18d39d6300a5c24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:28:41.0750 3816 winachsf - ok
21:28:41.0953 3816 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:28:42.0015 3816 winmgmt - ok
21:28:42.0046 3816 wltrysvc - ok
21:28:42.0093 3816 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:28:42.0109 3816 WmdmPmSN - ok
21:28:42.0453 3816 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:28:42.0812 3816 Wmi - ok
21:28:42.0843 3816 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:28:42.0843 3816 WmiAcpi - ok
21:28:42.0937 3816 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:28:43.0000 3816 WmiApSrv - ok
21:28:43.0578 3816 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:28:44.0062 3816 WMPNetworkSvc - ok
21:28:44.0125 3816 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
21:28:44.0156 3816 WpdUsb - ok
21:28:44.0171 3816 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:28:44.0171 3816 WS2IFSL - ok
21:28:44.0265 3816 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:28:44.0296 3816 wscsvc - ok
21:28:44.0312 3816 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:28:44.0328 3816 WSTCODEC - ok
21:28:44.0359 3816 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:28:44.0375 3816 wuauserv - ok
21:28:44.0468 3816 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:28:44.0515 3816 WudfPf - ok
21:28:44.0562 3816 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:28:44.0625 3816 WudfRd - ok
21:28:44.0671 3816 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:28:44.0718 3816 WudfSvc - ok
21:28:45.0046 3816 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:28:45.0281 3816 WZCSVC - ok
21:28:45.0375 3816 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:28:45.0453 3816 xmlprov - ok
21:28:45.0468 3816 ================ Scan global ===============================
21:28:45.0531 3816 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
21:28:45.0765 3816 (1618f36d4f7f6ccceb3ee44ba95be85c) C:\WINDOWS\system32\winsrv.dll
21:28:46.0109 3816 (1618f36d4f7f6ccceb3ee44ba95be85c) C:\WINDOWS\system32\winsrv.dll
21:28:46.0203 3816 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:28:46.0203 3816 [Global] - ok
21:28:46.0203 3816 ================ Scan MBR ==================================
21:28:46.0234 3816 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
21:28:46.0593 3816 \Device\Harddisk0\DR0 - ok
21:28:46.0593 3816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5
21:28:46.0593 3816 \Device\Harddisk1\DR5 - ok
21:28:46.0625 3816 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR7
21:28:47.0015 3816 \Device\Harddisk2\DR7 - ok
21:28:47.0015 3816 ================ Scan VBR ==================================
21:28:47.0031 3816 Boot (0x1200) (e64db88e9cbd3e3642583fff17f895af) \Device\Harddisk0\DR0\Partition1
21:28:47.0046 3816 \Device\Harddisk0\DR0\Partition1 - ok
21:28:47.0046 3816 Boot (0x1200) (6559b7c4e0ebc360d051d011cd425fd9) \Device\Harddisk1\DR5\Partition1
21:28:47.0046 3816 \Device\Harddisk1\DR5\Partition1 - ok
21:28:47.0062 3816 Boot (0x1200) (ca29075e29e9fba9e299d96468e5de72) \Device\Harddisk2\DR7\Partition1
21:28:47.0062 3816 \Device\Harddisk2\DR7\Partition1 - ok
21:28:47.0062 3816 ============================================================
21:28:47.0062 3816 Scan finished
21:28:47.0062 3816 ============================================================
21:28:47.0078 1656 Detected object count: 0
21:28:47.0078 1656 Actual detected object count: 0
21:35:10.0203 0820 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 21:35:42
-----------------------------
21:35:42.000 OS Version: Windows 5.1.2600 Service Pack 3
21:35:42.000 Number of processors: 2 586 0xE08
21:35:42.000 ComputerName: DAD UserName: Tom
21:35:44.265 Initialize success
21:40:18.774 AVAST engine defs: 12081503
21:40:25.384 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:40:25.384 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
21:40:25.399 Disk 0 MBR read successfully
21:40:25.399 Disk 0 MBR scan
21:40:25.571 Disk 0 unknown MBR code
21:40:25.571 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:40:25.587 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 88537 MB offset 96390
21:40:25.587 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 181438110
21:40:25.618 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 185631075
21:40:25.634 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 181438173
21:40:25.649 Disk 0 scanning sectors +195366465
21:40:25.790 Disk 0 scanning C:\WINDOWS\system32\drivers
21:41:28.743 Service scanning
21:42:47.181 Service SharedAccess C:\WINDOWS\System32\svchost.exe **INFECTED** Win32:Malware-gen
21:43:02.290 Modules scanning
21:43:31.759 Disk 0 trace - called modules:
21:43:31.790 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:43:31.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87572ab8]
21:43:31.790 3 CLASSPNP.SYS[f75d1fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8756cf18]
21:43:31.790 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87583940]
21:43:37.977 AVAST engine scan C:\WINDOWS
21:44:21.462 AVAST engine scan C:\WINDOWS\system32
21:53:23.243 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Malware-gen
21:55:29.181 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:59:59.102 AVAST engine scan C:\WINDOWS\system32\drivers
22:01:15.618 AVAST engine scan C:\Documents and Settings\Tom
22:12:08.571 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tom\Desktop\MBR.dat"
22:12:08.571 The log file has been saved successfully to "C:\Documents and Settings\Tom\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 15 August 2012 - 09:24 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 15 August 2012 - 09:32 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:28 on 15/08/2012 by Tom
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1058304 bytes [10:18 16/08/2005] [00:12 14/04/2008] 9497804CDE6D699BD88E966412FA48D5
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1032192 bytes [03:08 23/10/2009] [11:00 10/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [21:04 19/10/2009] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [00:12 14/04/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "svchost.exe"
C:\i386\svchost.exe --a---- 14336 bytes [04:33 17/11/2006] [11:00 10/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 217672 bytes [14:29 14/01/2012] [17:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c- 14336 bytes [03:08 23/10/2009] [22:53 29/07/2007] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe --a---- 14336 bytes [21:04 19/10/2009] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------- 14336 bytes [00:12 14/04/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a---- 39424 bytes [10:18 16/08/2005] [00:12 14/04/2008] 547A470CF3B56C3BBAE7BC3085D28942

Searching for "winlogon.exe"
C:\i386\winlogon.exe --a---- 502272 bytes [04:35 17/11/2006] [11:00 10/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 217672 bytes [14:29 14/01/2012] [17:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 502272 bytes [03:08 23/10/2009] [11:00 10/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a---- 507904 bytes [21:04 19/10/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------- 507904 bytes [00:12 14/04/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a---- 544768 bytes [10:18 16/08/2005] [00:12 14/04/2008] BFB5D90A4D0A99B1A8E9BE83571E1BA0

-= EOF =-

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 15 August 2012 - 09:33 PM

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\WINDOWS\system32\dllcache\winlogon.exe
C:\WINDOWS\ServicePackFiles\i386\svchost.exe C:\WINDOWS\system32\dllcache\svchost.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 15 August 2012 - 09:49 PM

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\svchost.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\explorer.exe", destinationFile = "\??\c:\windows\system32\dllcache\explorer.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\winlogon.exe", destinationFile = "\??\c:\windows\system32\dllcache\winlogon.exe"CopyFileOnReboot: sourceFile = "\??\c:\windows\servicepackfiles\i386\svchost.exe", destinationFile = "\??\c:\windows\system32\dllcache\svchost.exe"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 15 August 2012 - 10:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\windows\system32\config\systemprofile\Application Data\BabylonToolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 16 August 2012 - 07:42 PM

SUCCESS!!

Both the redirect virus and the runtime error are gone.

Here's the log and a donation is on the way.

Thanks for all your help.

ComboFix 12-08-16.01 - Tom 08/16/2012 18:44:03.13.2 - x86
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\L\00000004.@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\L\201d3dde
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\n
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\U\00000004.@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\U\00000008.@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\U\000000cb.@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\U\80000000.@
c:\windows\Installer\{b4a3f6f1-267f-4282-3615-b4425085a578}\U\80000032.@
c:\windows\system32\config\systemprofile\Application Data\BabylonToolbar
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{b4a3f6f1-267f-4282-3615-b4425085a578}
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{b4a3f6f1-267f-4282-3615-b4425085a578}\@
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{b4a3f6f1-267f-4282-3615-b4425085a578}\n
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 02:40 . 2012-08-16 02:40 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2012-08-16 02:40 . 2012-08-16 02:40 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2012-08-16 02:40 . 2012-08-16 02:40 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2012-08-11 18:39 . 2012-08-11 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2012-08-11 18:35 . 2012-08-11 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-08-11 18:28 . 2012-08-11 18:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-08-11 18:28 . 2012-08-11 18:28 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ant.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 02:40 . 2005-08-16 10:18 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-08-16 02:40 . 2005-08-16 10:18 14336 ----a-w- c:\windows\system32\svchost.exe
2012-08-16 02:40 . 2005-08-16 10:18 1033728 ----a-w- c:\windows\explorer.exe
2012-07-03 21:10 . 2012-04-11 00:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 21:10 . 2011-05-15 18:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2009-10-17 21:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-15_01.40.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 12:00 . 2012-08-16 02:38 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012081520120816\index.dat
+ 2012-08-16 02:04 . 2012-08-16 02:04 32256 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{ACAA20E7-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 01:39 . 2012-08-16 01:43 31744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3C2157CE-E743-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 01:38 . 2012-08-16 01:43 63488 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{18C23496-E743-11E1-B4F9-0015C5BF02FA}.dat
- 2011-11-13 09:00 . 2012-08-14 23:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-13 09:00 . 2012-08-15 23:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-11 18:28 . 2012-08-16 02:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2012-08-11 18:28 . 2012-08-15 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2011-11-05 16:16 . 2012-08-16 01:38 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-11-05 16:16 . 2012-08-14 23:29 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-08-15 02:03 . 2012-08-16 02:38 65536 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-08-15 23:51 . 2012-08-15 23:45 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
- 2012-08-11 18:35 . 2012-08-15 00:24 52098 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2012-08-11 18:35 . 2012-08-16 01:39 52098 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2012-08-16 01:43 . 2012-08-16 02:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{C8184A4B-E743-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:04 . 2012-08-16 02:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{ACAA20E8-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:04 . 2012-08-16 02:04 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{ACAA20E6-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:04 . 2012-08-16 02:38 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{ACA9F9D6-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:04 . 2012-08-16 02:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{ACAA20EA-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:04 . 2012-08-16 02:04 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{ACAA20E9-E746-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 02:38 . 2012-08-16 02:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{794161A3-E74B-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 01:43 . 2012-08-16 01:44 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{D8E55C85-E743-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-15 23:25 . 2012-08-15 23:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{907D5A6D-E730-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-15 23:45 . 2012-08-15 23:45 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4AD2C1A3-E733-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-15 03:20 . 2012-08-15 03:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2F768427-E688-11E1-B4F8-0015C5BF02FA}.dat
+ 2012-08-16 01:38 . 2012-08-16 01:43 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{18C23495-E743-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-16 01:44 . 2012-08-16 01:44 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D8E55C86-E743-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-15 03:20 . 2012-08-15 03:20 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2F768428-E688-11E1-B4F8-0015C5BF02FA}.dat
+ 2005-08-16 10:18 . 2012-08-15 01:46 450524 c:\windows\system32\perfc009.dat
+ 2012-08-14 04:01 . 2012-08-15 03:20 131072 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012081420120815\index.dat
+ 2006-11-16 00:00 . 2012-08-16 02:38 770048 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-08-15 23:25 . 2012-08-15 23:32 159232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{907D5A6E-E730-11E1-B4F9-0015C5BF02FA}.dat
+ 2012-08-15 23:45 . 2012-08-15 23:52 115200 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4AD2C1A4-E733-11E1-B4F9-0015C5BF02FA}.dat
+ 2005-08-16 10:18 . 2012-08-15 01:46 1100852 c:\windows\system32\perfh009.dat
+ 2012-08-11 18:28 . 2012-08-16 02:38 1261568 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" [2012-07-03 686280]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-09-19 19:06 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 03:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-05-02 23:16 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-26 16:23 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-09 00:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2006-11-22 21:23 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [6/29/2011 2:26 PM 520216]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 9:23 AM 53032]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [11/10/2010 11:15 PM 52824]
S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-07-20 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-11-11 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.0.1 71.243.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 19:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,1f,f1,10,f4,90,0a,42,af,03,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,1f,f1,10,f4,90,0a,42,af,03,db,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-08-16 19:12:27
ComboFix-quarantined-files.txt 2012-08-16 23:12
ComboFix2.txt 2012-08-15 01:49
ComboFix3.txt 2011-11-30 01:50
ComboFix4.txt 2011-11-29 01:27
ComboFix5.txt 2012-08-16 04:06
.
Pre-Run: 11,607,875,584 bytes free
Post-Run: 12,108,771,328 bytes free
.
- - End Of File - - 8B30607D59ADA7A0EBF63D9EED90D86B

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 17 August 2012 - 07:22 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.0.8
AutoUpdate
Babylon toolbar on IE
BitTorrent
Freecorder 5
J2SE Runtime Environment 5.0 Update 6
WhiteSmoke Bar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 17 August 2012 - 08:17 AM

Gringo,

Thank you very much for all the assistance. I will implement all your suggestions.

I won't have access to my computer this weekend, but I should be able to post the logs by Monday evening, but I will get it done.

Tom

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:16 PM

Posted 17 August 2012 - 05:21 PM

thank you for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tmcgrail

tmcgrail
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 21 August 2012 - 07:05 PM

Gringo,

I got delayed, but here are the mbam and hijackthis logs.

Everything appears to be running fine on my computer.

Tom


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:18 PM, on 8/21/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ant.com\IE add-on\antmaintainer.exe
C:\Documents and Settings\Tom\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\download.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\download.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6132 bytes



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tom :: DAD [administrator]

8/21/2012 7:15:37 PM
mbam-log-2012-08-21 (19-15-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215211
Time elapsed: 25 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users