Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Pro issue with Luhe.Sirefef.A, bts.scour.com, Generic_r.BAT, "\?";"Hidden driver


  • Please log in to reply
30 replies to this topic

#1 dchrysostom

dchrysostom

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 15 September 2012 - 07:30 PM

I'm running Windows XP professional, and about a year ago, Internet Explorer and Firefox stopped working. They would simply not launch at all. I could see the processes running in the Task Manager, but the windows wouldn't open. I installed AVG Free Virus Scanner, Malware Bytes Free Version, and they were unable to run at all.

Finally, I noticed online something about Kaspersky TDSSKiller, and I ran it. Somehow, things were working again - I could get AVG and Malware Bytes to run, and they found several different issues, and I could use IE and Firefox again. A couple of months later, IE and Firefox stopped working again, but so did the AVG GUI (which I had left running as my virus scanner). If I used windows safe mode, IE and Firefox worked fine, but I couldn't use them in regular Windows. I read something online about RKill (I know... I was just shooting from the hip), and I tried it. From a fresh restart, I couldn't open AVG, IE, or Firefox, but after running RKILL, I could run all three of the above applications. Once again, I ran Malware Bytes and AVG... They detected some items but never the same ones. RKILL was always pointing out the same files as being malware in it's logs, but since I could run the PC OK simply by starting up and using RKILL, I didn't take any other action.

About once a month (I note this now, because it's happened repeatedly), the computer would freeze entirely, so that I COULDN'T start AVG, IE, or Firefox, and even RKILL was useless. I was pressed for time, and needed my PC, so I got in the habit (3 times now) of just rolling back to a saved image of my hard drive and continuing to use the PC. It usually takes about a month of normal functioning for everything to tank. It would also seem that the more I restart the PC (usually just leave it running, unless I install a driver or something that REQUIRES a restart) the quicker it hastens its demise. The last time, I could actually open AVG, but not IE or Firefox, and when I shutoff AVG's protection, IE and Firefox would startup cleanly (apparently). Regardless, the PC eventually died.

Now, I just rolled back the hard drive image about a week ago, and something new has occurred. I can't open AVG, IE, or Firefox, but just before that became an issue, I appeared to have several unsolicited redirects to bts.scour.com. Also, Adobe Flash kept attempting again and again to install an update, but it seems fishy because I had "automatic updates" for Adobe Flash turned off (I know this, because sometimes updates cause me to have to restart the PC, so I generally try to do all my updates manually, in one shot). In any case, I restarted in Windows safe mode, and Malware Bytes found Luhe.Sirefef.A, Generic_r.BAT, and "\?";"Hidden driver. But I can't seem to get the computer functioning again. I tried following the directions I saw online for fixing the bts.scour.com problem (ComboFix wouldn't create a text log, so I'm not sure that it finished correctly and Eset Online Scanner found "Operating Memory - Multiple Threats", but didn't seem to take any action with respect to removing them. I know I'm not supposed to put "HELP!" in my topic listing, but I will put it here. I'm lost. HELP!

Thank you.
dchrysostom

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 15 September 2012 - 07:37 PM

...Update... Writing the posting reminded me that I hadn't tried using TDSSKiller again. I just ran it and it found two issues:

:36:30.0828 1696 Detected object count: 2
20:36:30.0828 1696 Actual detected object count: 2
20:37:02.0359 1696 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
20:37:03.0156 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\@ - copied to quarantine
20:37:03.0171 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\Desktop.ini - copied to quarantine
20:37:03.0187 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\L\00000004.@ - copied to quarantine
20:37:03.0187 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\L\201d3dde - copied to quarantine
20:37:03.0203 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\L\lmfjtnzm - copied to quarantine
20:37:03.0218 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\00000004.@ - copied to quarantine
20:37:03.0218 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\00000008.@ - copied to quarantine
20:37:03.0234 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\000000cb.@ - copied to quarantine
20:37:03.0234 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\80000000.@ - copied to quarantine
20:37:03.0250 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\80000032.@ - copied to quarantine
20:37:10.0015 1696 Backup copy found, using it..
20:37:10.0031 1696 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
20:37:10.0109 1696 C:\WINDOWS\$NtUninstallKB55339$\4025467713 - will be deleted on reboot
20:37:10.0109 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\@ - will be deleted on reboot
20:37:10.0203 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\Desktop.ini - will be deleted on reboot
20:37:10.0375 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\00000004.@ - will be deleted on reboot
20:37:10.0375 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\00000008.@ - will be deleted on reboot
20:37:10.0375 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\000000cb.@ - will be deleted on reboot
20:37:10.0375 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\80000000.@ - will be deleted on reboot
20:37:10.0375 1696 C:\WINDOWS\$NtUninstallKB55339$\752219390\U\80000032.@ - will be deleted on reboot
20:37:10.0421 1696 Cdrom ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:37:10.0546 1696 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
20:37:10.0546 1696 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 17 September 2012 - 10:21 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 17 September 2012 - 07:12 PM

narenxp, thanks for offering your assistance. I got sent on travel from work, rather suddenly, so I won't have access to my computer until the end of the week. Once I get back, I will do what you have recommended as the next step.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 17 September 2012 - 11:00 PM

:thumbup2:

#6 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 23 September 2012 - 06:58 PM

Ran TDSSKILLER. Even though I just ran it today, and the date in Windows clearly states 9/23/12,the TDSSKILLER log has a different date... Don't know if that's indicative of something.

19:27:35.0953 3048 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:27:36.0203 3048 ============================================================
19:27:36.0203 3048 Current date / time: 2012/09/23 19:27:36.0203
19:27:36.0203 3048 SystemInfo:
19:27:36.0203 3048
19:27:36.0203 3048 OS Version: 5.1.2600 ServicePack: 3.0
19:27:36.0203 3048 Product type: Workstation
19:27:36.0203 3048 ComputerName: STERLING
19:27:36.0203 3048 UserName: DH
19:27:36.0203 3048 Windows directory: C:\WINDOWS
19:27:36.0203 3048 System windows directory: C:\WINDOWS
19:27:36.0203 3048 Processor architecture: Intel x86
19:27:36.0203 3048 Number of processors: 1
19:27:36.0203 3048 Page size: 0x1000
19:27:36.0203 3048 Boot type: Normal boot
19:27:36.0203 3048 ============================================================
19:27:38.0187 3048 BG loaded
19:27:38.0718 3048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:28:21.0125 3048 ============================================================
19:28:21.0125 3048 \Device\Harddisk0\DR0:
19:28:21.0140 3048 MBR partitions:
19:28:21.0140 3048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF7FDBD
19:28:21.0156 3048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDF7FDFC, BlocksNum 0x2C404E45
19:28:21.0156 3048 ============================================================
19:28:21.0187 3048 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:21.0218 3048 D: <-> \Device\Harddisk0\DR0\Partition2
19:28:21.0234 3048 ============================================================
19:28:21.0234 3048 Initialize success
19:28:21.0234 3048 ============================================================
19:30:43.0703 1972 ============================================================
19:30:43.0703 1972 Scan started
19:30:43.0703 1972 Mode: Manual; TDLFS;
19:30:43.0703 1972 ============================================================
19:30:44.0390 1972 ================ Scan system memory ========================
19:30:44.0406 1972 System memory - ok
19:30:44.0406 1972 ================ Scan services =============================
19:30:44.0468 1972 Abiosdsk - ok
19:30:44.0484 1972 abp480n5 - ok
19:30:44.0531 1972 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:30:44.0531 1972 ACPI - ok
19:30:44.0562 1972 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:30:44.0562 1972 ACPIEC - ok
19:30:44.0625 1972 [ 0C8195154778D642BF1A94BBBFD4B010 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:30:44.0625 1972 AcrSch2Svc - ok
19:30:44.0640 1972 adpu160m - ok
19:30:44.0640 1972 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
19:30:44.0640 1972 aeaudio - ok
19:30:44.0687 1972 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:30:44.0687 1972 aec - ok
19:30:44.0718 1972 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:30:44.0750 1972 AFD - ok
19:30:44.0781 1972 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:30:44.0781 1972 agp440 - ok
19:30:44.0796 1972 Aha154x - ok
19:30:44.0796 1972 aic78u2 - ok
19:30:44.0812 1972 aic78xx - ok
19:30:44.0828 1972 [ 1E5D9193EDDFE528F5A8BF32EC07CAF3 ] aiptektp C:\WINDOWS\system32\DRIVERS\aiptektp.sys
19:30:44.0843 1972 aiptektp - ok
19:30:44.0875 1972 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:30:44.0875 1972 Alerter - ok
19:30:44.0890 1972 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:30:44.0890 1972 ALG - ok
19:30:44.0906 1972 AliIde - ok
19:30:44.0921 1972 amsint - ok
19:30:44.0953 1972 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:30:44.0953 1972 AppMgmt - ok
19:30:44.0968 1972 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:30:44.0968 1972 Arp1394 - ok
19:30:44.0968 1972 asc - ok
19:30:44.0984 1972 asc3350p - ok
19:30:44.0984 1972 asc3550 - ok
19:30:45.0015 1972 [ 54AB078660E536DA72B21A27F56B035B ] ASPI32 C:\WINDOWS\system32\drivers\aspi32.sys
19:30:45.0015 1972 ASPI32 - ok
19:30:45.0078 1972 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:30:45.0093 1972 aspnet_state - ok
19:30:45.0125 1972 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:30:45.0125 1972 AsyncMac - ok
19:30:45.0140 1972 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:30:45.0140 1972 atapi - ok
19:30:45.0156 1972 Atdisk - ok
19:30:45.0171 1972 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:45.0171 1972 Atmarpc - ok
19:30:45.0203 1972 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:30:45.0203 1972 AudioSrv - ok
19:30:45.0234 1972 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:45.0234 1972 audstub - ok
19:30:45.0375 1972 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
19:30:45.0421 1972 AVGIDSAgent - ok
19:30:45.0453 1972 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:30:45.0453 1972 AVGIDSDriver - ok
19:30:45.0484 1972 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:30:45.0484 1972 AVGIDSFilter - ok
19:30:45.0500 1972 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:30:45.0500 1972 AVGIDSHX - ok
19:30:45.0515 1972 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:30:45.0515 1972 AVGIDSShim - ok
19:30:45.0531 1972 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:30:45.0531 1972 Avgldx86 - ok
19:30:45.0546 1972 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:30:45.0546 1972 Avgmfx86 - ok
19:30:45.0562 1972 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:30:45.0562 1972 Avgrkx86 - ok
19:30:45.0578 1972 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:30:45.0593 1972 Avgtdix - ok
19:30:45.0625 1972 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:30:45.0625 1972 avgwd - ok
19:30:45.0765 1972 [ CA71D836F8E36A153F65EF0C3C53F8F1 ] awixaf C:\Documents and Settings\DH\Desktop\Comodo\cce_2.5.242177.201_x32\CCE\ccekrnl.dat
19:30:45.0796 1972 awixaf - ok
19:30:45.0843 1972 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:30:45.0875 1972 BCMModem - ok
19:30:45.0906 1972 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:30:45.0906 1972 Beep - ok
19:30:45.0953 1972 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:30:45.0953 1972 BITS - ok
19:30:45.0984 1972 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:46.0000 1972 Bonjour Service - ok
19:30:46.0031 1972 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
19:30:46.0031 1972 Browser - ok
19:30:46.0078 1972 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
19:30:46.0093 1972 BrYNSvc - ok
19:30:46.0312 1972 catchme - ok
19:30:46.0406 1972 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:46.0406 1972 cbidf2k - ok
19:30:46.0421 1972 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:30:46.0437 1972 CCDECODE - ok
19:30:46.0437 1972 cd20xrnt - ok
19:30:46.0453 1972 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:46.0453 1972 Cdaudio - ok
19:30:46.0484 1972 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:46.0484 1972 Cdfs - ok
19:30:46.0531 1972 [ 7BB548F646500F735FA8320D29830D2A ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:30:46.0546 1972 Cdr4_xp - ok
19:30:46.0546 1972 [ 5E839AE76FDB359F3D2C2ED6345F23A3 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:30:46.0562 1972 Cdralw2k - ok
19:30:46.0578 1972 Cdrom - ok
19:30:46.0593 1972 Changer - ok
19:30:46.0640 1972 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:30:46.0640 1972 CiSvc - ok
19:30:46.0656 1972 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:30:46.0656 1972 ClipSrv - ok
19:30:46.0703 1972 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:46.0718 1972 clr_optimization_v2.0.50727_32 - ok
19:30:46.0718 1972 CmdIde - ok
19:30:46.0750 1972 [ 1EF05B641E9A67DED74AC8AD40055DBF ] COMMONFX.DLL C:\WINDOWS\system32\COMMONFX.DLL
19:30:46.0765 1972 COMMONFX.DLL - ok
19:30:46.0765 1972 COMSysApp - ok
19:30:46.0781 1972 Cpqarray - ok
19:30:46.0812 1972 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:30:46.0812 1972 CryptSvc - ok
19:30:46.0828 1972 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\WINDOWS\system32\CT20XUT.DLL
19:30:46.0843 1972 CT20XUT.DLL - ok
19:30:46.0859 1972 [ 8AC5F77E30E37D2D11BD99EFF0C53D8C ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
19:30:46.0875 1972 ctac32k - ok
19:30:46.0906 1972 [ 673241D314E932F4890509AE8EBF26DB ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
19:30:46.0906 1972 ctaud2k - ok
19:30:46.0937 1972 [ 472B82D7E549E7FAB428852E4D16F21D ] CTAUDFX.DLL C:\WINDOWS\system32\CTAUDFX.DLL
19:30:46.0968 1972 CTAUDFX.DLL - ok
19:30:47.0000 1972 [ ED316D4C3D39C5B6C23DE067E275C183 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:30:47.0015 1972 ctdvda2k - ok
19:30:47.0031 1972 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\WINDOWS\system32\CTEAPSFX.DLL
19:30:47.0046 1972 CTEAPSFX.DLL - ok
19:30:47.0062 1972 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\WINDOWS\system32\CTEDSPFX.DLL
19:30:47.0078 1972 CTEDSPFX.DLL - ok
19:30:47.0093 1972 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\WINDOWS\system32\CTEDSPIO.DLL
19:30:47.0109 1972 CTEDSPIO.DLL - ok
19:30:47.0125 1972 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\WINDOWS\system32\CTEDSPSY.DLL
19:30:47.0140 1972 CTEDSPSY.DLL - ok
19:30:47.0156 1972 [ D3FBD9983325435B06795F29CB57ED3D ] CTERFXFX.DLL C:\WINDOWS\system32\CTERFXFX.DLL
19:30:47.0156 1972 CTERFXFX.DLL - ok
19:30:47.0187 1972 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\WINDOWS\system32\CTEXFIFX.DLL
19:30:47.0250 1972 CTEXFIFX.DLL - ok
19:30:47.0250 1972 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\WINDOWS\system32\CTHWIUT.DLL
19:30:47.0265 1972 CTHWIUT.DLL - ok
19:30:47.0281 1972 [ 34E7F8A499FD8361DF14FEDB724C0AD3 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:30:47.0281 1972 ctprxy2k - ok
19:30:47.0296 1972 [ 679AE21EB7F48A08184813AEBABDEC7C ] CTSBLFX.DLL C:\WINDOWS\system32\CTSBLFX.DLL
19:30:47.0312 1972 CTSBLFX.DLL - ok
19:30:47.0328 1972 [ 32098497CB4DFE9EA7660FA62DD91060 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:30:47.0343 1972 ctsfm2k - ok
19:30:47.0343 1972 dac2w2k - ok
19:30:47.0359 1972 dac960nt - ok
19:30:47.0390 1972 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:30:47.0390 1972 DcomLaunch - ok
19:30:47.0421 1972 [ D8CD6A2A94F545858EEC6117F0D5DFF4 ] dfmirage C:\WINDOWS\system32\DRIVERS\dfmirage.sys
19:30:47.0421 1972 dfmirage - ok
19:30:47.0453 1972 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:30:47.0468 1972 Dhcp - ok
19:30:47.0500 1972 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:47.0500 1972 Disk - ok
19:30:47.0515 1972 dmadmin - ok
19:30:47.0546 1972 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:30:47.0562 1972 dmboot - ok
19:30:47.0593 1972 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:30:47.0593 1972 dmio - ok
19:30:47.0625 1972 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:30:47.0625 1972 dmload - ok
19:30:47.0656 1972 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:30:47.0656 1972 dmserver - ok
19:30:47.0671 1972 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:30:47.0671 1972 DMusic - ok
19:30:47.0703 1972 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:30:47.0703 1972 Dnscache - ok
19:30:47.0734 1972 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:30:47.0750 1972 Dot3svc - ok
19:30:47.0750 1972 dpti2o - ok
19:30:47.0781 1972 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:47.0781 1972 drmkaud - ok
19:30:47.0812 1972 [ B930B8D83996FADECC3B24F4F91207FE ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
19:30:47.0828 1972 DVDVRRdr_xp - ok
19:30:47.0875 1972 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:30:47.0875 1972 E100B - ok
19:30:47.0890 1972 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:30:47.0890 1972 EapHost - ok
19:30:47.0921 1972 [ 2885F72D2DAFFD0329272F12E16D6579 ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
19:30:47.0921 1972 emupia - ok
19:30:47.0953 1972 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:30:47.0953 1972 ERSvc - ok
19:30:48.0000 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:30:48.0000 1972 Eventlog - ok
19:30:48.0000 1972 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
19:30:48.0015 1972 EventSystem - ok
19:30:48.0031 1972 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:48.0031 1972 Fastfat - ok
19:30:48.0062 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:30:48.0078 1972 FastUserSwitchingCompatibility - ok
19:30:48.0078 1972 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:30:48.0093 1972 Fdc - ok
19:30:48.0109 1972 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:30:48.0125 1972 Fips - ok
19:30:48.0187 1972 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:30:48.0218 1972 FLEXnet Licensing Service - ok
19:30:48.0234 1972 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:30:48.0234 1972 Flpydisk - ok
19:30:48.0265 1972 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:30:48.0265 1972 FltMgr - ok
19:30:48.0312 1972 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:30:48.0312 1972 FontCache3.0.0.0 - ok
19:30:48.0328 1972 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:48.0328 1972 Fs_Rec - ok
19:30:48.0343 1972 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:48.0343 1972 Ftdisk - ok
19:30:48.0375 1972 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:30:48.0390 1972 GEARAspiWDM - ok
19:30:48.0390 1972 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:48.0406 1972 Gpc - ok
19:30:48.0421 1972 [ DA2C735B66D2E7B739F9A46146581A9D ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:30:48.0437 1972 ha10kx2k - ok
19:30:48.0453 1972 [ 5C7D6D68796E4621B4168C879908DAE0 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
19:30:48.0453 1972 hap16v2k - ok
19:30:48.0484 1972 [ A595B88AD16D8B5693DDF08113CAF30E ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
19:30:48.0484 1972 hap17v2k - ok
19:30:48.0531 1972 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:30:48.0531 1972 helpsvc - ok
19:30:48.0546 1972 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:30:48.0546 1972 HidServ - ok
19:30:48.0578 1972 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:48.0578 1972 HidUsb - ok
19:30:48.0609 1972 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:30:48.0609 1972 hkmsvc - ok
19:30:48.0609 1972 hpn - ok
19:30:48.0656 1972 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:30:48.0656 1972 HTTP - ok
19:30:48.0687 1972 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:30:48.0687 1972 HTTPFilter - ok
19:30:48.0687 1972 i2omgmt - ok
19:30:48.0703 1972 i2omp - ok
19:30:48.0734 1972 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:30:48.0750 1972 i8042prt - ok
19:30:48.0781 1972 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:30:48.0796 1972 IDriverT - ok
19:30:48.0875 1972 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:30:48.0890 1972 idsvc - ok
19:30:48.0906 1972 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:30:48.0906 1972 Imapi - ok
19:30:48.0921 1972 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:30:48.0937 1972 ImapiService - ok
19:30:48.0937 1972 ini910u - ok
19:30:48.0953 1972 IntelIde - ok
19:30:48.0968 1972 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:30:48.0968 1972 intelppm - ok
19:30:49.0000 1972 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:30:49.0000 1972 ip6fw - ok
19:30:49.0015 1972 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:30:49.0031 1972 IpFilterDriver - ok
19:30:49.0031 1972 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:30:49.0031 1972 IpInIp - ok
19:30:49.0062 1972 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:30:49.0062 1972 IpNat - ok
19:30:49.0093 1972 [ 7A3611564FCE7C8BE50B03F58CB3EB7D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:30:49.0109 1972 iPod Service - ok
19:30:49.0140 1972 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:30:49.0156 1972 IPSec - ok
19:30:49.0171 1972 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:30:49.0171 1972 IRENUM - ok
19:30:49.0187 1972 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:30:49.0203 1972 isapnp - ok
19:30:49.0250 1972 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:30:49.0250 1972 JavaQuickStarterService - ok
19:30:49.0250 1972 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:30:49.0265 1972 Kbdclass - ok
19:30:49.0281 1972 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:30:49.0281 1972 kbdhid - ok
19:30:49.0296 1972 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:30:49.0312 1972 kmixer - ok
19:30:49.0328 1972 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:30:49.0328 1972 KSecDD - ok
19:30:49.0468 1972 [ CA71D836F8E36A153F65EF0C3C53F8F1 ] kxfrxt C:\Documents and Settings\DH\Desktop\Comodo\cce_2.5.242177.201_x32\CCE\ccekrnl.dat
19:30:49.0468 1972 kxfrxt - ok
19:30:49.0500 1972 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:30:49.0500 1972 lanmanserver - ok
19:30:49.0531 1972 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:30:49.0531 1972 lanmanworkstation - ok
19:30:49.0546 1972 lbrtfdc - ok
19:30:49.0578 1972 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:30:49.0578 1972 LmHosts - ok
19:30:49.0625 1972 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:30:49.0625 1972 LVRS - ok
19:30:49.0718 1972 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:30:49.0796 1972 LVUVC - ok
19:30:49.0843 1972 [ 0AEB868B9B13B74D9A6FB06630FD32DD ] lxdwCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
19:30:49.0875 1972 lxdwCATSCustConnectService - ok
19:30:49.0890 1972 lxdw_device - ok
19:30:49.0953 1972 [ C90552FCCC991E35B06212BDB83A924D ] matlabserver C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
19:30:49.0953 1972 matlabserver - ok
19:30:49.0984 1972 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:30:49.0984 1972 Messenger - ok
19:30:50.0000 1972 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:30:50.0000 1972 mnmdd - ok
19:30:50.0031 1972 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:30:50.0031 1972 mnmsrvc - ok
19:30:50.0078 1972 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:30:50.0078 1972 Modem - ok
19:30:50.0109 1972 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:30:50.0109 1972 MODEMCSA - ok
19:30:50.0125 1972 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:30:50.0140 1972 Mouclass - ok
19:30:50.0156 1972 [ 9B5D39ED7659BA9B38B64DF2A83F1768 ] moufiltr C:\WINDOWS\system32\DRIVERS\moufiltr.sys
19:30:50.0156 1972 moufiltr - ok
19:30:50.0171 1972 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:30:50.0171 1972 mouhid - ok
19:30:50.0187 1972 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:30:50.0203 1972 MountMgr - ok
19:30:50.0250 1972 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:30:50.0250 1972 MozillaMaintenance - ok
19:30:50.0250 1972 mraid35x - ok
19:30:50.0265 1972 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:30:50.0281 1972 MRxDAV - ok
19:30:50.0296 1972 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:30:50.0328 1972 MRxSmb - ok
19:30:50.0359 1972 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:30:50.0359 1972 MSDTC - ok
19:30:50.0375 1972 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:30:50.0375 1972 Msfs - ok
19:30:50.0390 1972 MSIServer - ok
19:30:50.0406 1972 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:30:50.0406 1972 MSKSSRV - ok
19:30:50.0421 1972 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:30:50.0421 1972 MSPCLOCK - ok
19:30:50.0453 1972 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:30:50.0453 1972 MSPQM - ok
19:30:50.0468 1972 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:30:50.0468 1972 mssmbios - ok
19:30:50.0500 1972 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:30:50.0500 1972 MSTEE - ok
19:30:50.0531 1972 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:30:50.0546 1972 Mup - ok
19:30:50.0562 1972 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:30:50.0562 1972 NABTSFEC - ok
19:30:50.0593 1972 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:30:50.0593 1972 napagent - ok
19:30:50.0609 1972 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:30:50.0609 1972 NDIS - ok
19:30:50.0625 1972 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:30:50.0625 1972 NdisIP - ok
19:30:50.0656 1972 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:30:50.0671 1972 NdisTapi - ok
19:30:50.0703 1972 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:30:50.0703 1972 Ndisuio - ok
19:30:50.0718 1972 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:30:50.0718 1972 NdisWan - ok
19:30:50.0734 1972 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:30:50.0750 1972 NDProxy - ok
19:30:50.0750 1972 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:30:50.0750 1972 NetBIOS - ok
19:30:50.0781 1972 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:30:50.0796 1972 NetBT - ok
19:30:50.0828 1972 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:30:50.0828 1972 NetDDE - ok
19:30:50.0828 1972 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:30:50.0843 1972 NetDDEdsdm - ok
19:30:50.0875 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:30:50.0875 1972 Netlogon - ok
19:30:50.0890 1972 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:30:50.0890 1972 Netman - ok
19:30:50.0921 1972 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:50.0921 1972 NetTcpPortSharing - ok
19:30:50.0968 1972 [ CA71D836F8E36A153F65EF0C3C53F8F1 ] nhsqte C:\Documents and Settings\DH\Desktop\Comodo\cce_2.5.242177.201_x32\CCE\ccekrnl.dat
19:30:50.0968 1972 nhsqte - ok
19:30:51.0000 1972 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:30:51.0000 1972 NIC1394 - ok
19:30:51.0015 1972 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:30:51.0015 1972 Nla - ok
19:30:51.0031 1972 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:30:51.0031 1972 Npfs - ok
19:30:51.0078 1972 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:30:51.0093 1972 Ntfs - ok
19:30:51.0109 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:30:51.0109 1972 NtLmSsp - ok
19:30:51.0140 1972 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:30:51.0156 1972 NtmsSvc - ok
19:30:51.0171 1972 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:30:51.0171 1972 Null - ok
19:30:51.0234 1972 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:30:51.0265 1972 nv - ok
19:30:51.0312 1972 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:30:51.0312 1972 NwlnkFlt - ok
19:30:51.0312 1972 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:30:51.0312 1972 NwlnkFwd - ok
19:30:51.0390 1972 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:30:51.0406 1972 odserv - ok
19:30:51.0421 1972 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:30:51.0421 1972 ohci1394 - ok
19:30:51.0437 1972 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:51.0453 1972 ose - ok
19:30:51.0468 1972 [ 61C85AFEAA6EF0C1B32D43F84F7BFBCF ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
19:30:51.0468 1972 ossrv - ok
19:30:51.0515 1972 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:30:51.0515 1972 Parport - ok
19:30:51.0531 1972 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:30:51.0531 1972 PartMgr - ok
19:30:51.0562 1972 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:30:51.0562 1972 ParVdm - ok
19:30:51.0578 1972 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:30:51.0578 1972 PCI - ok
19:30:51.0578 1972 PCIDump - ok
19:30:51.0609 1972 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:30:51.0609 1972 PCIIde - ok
19:30:51.0625 1972 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:30:51.0640 1972 Pcmcia - ok
19:30:51.0640 1972 PDCOMP - ok
19:30:51.0656 1972 PDFRAME - ok
19:30:51.0656 1972 PDRELI - ok
19:30:51.0671 1972 PDRFRAME - ok
19:30:51.0671 1972 perc2 - ok
19:30:51.0687 1972 perc2hib - ok
19:30:51.0718 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:30:51.0718 1972 PlugPlay - ok
19:30:51.0734 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:30:51.0734 1972 PolicyAgent - ok
19:30:51.0750 1972 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:30:51.0765 1972 PptpMiniport - ok
19:30:51.0781 1972 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:30:51.0781 1972 Processor - ok
19:30:51.0796 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:30:51.0796 1972 ProtectedStorage - ok
19:30:51.0796 1972 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:30:51.0796 1972 PSched - ok
19:30:51.0812 1972 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:30:51.0812 1972 Ptilink - ok
19:30:51.0859 1972 [ C8AFE59E2D1FDA67A6C5777A13082103 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
19:30:51.0875 1972 QBCFMonitorService - ok
19:30:51.0921 1972 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
19:30:51.0921 1972 QBFCService - ok
19:30:51.0937 1972 ql1080 - ok
19:30:51.0953 1972 Ql10wnt - ok
19:30:51.0953 1972 ql12160 - ok
19:30:51.0968 1972 ql1240 - ok
19:30:51.0968 1972 ql1280 - ok
19:30:52.0000 1972 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:30:52.0000 1972 RasAcd - ok
19:30:52.0015 1972 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:30:52.0015 1972 RasAuto - ok
19:30:52.0046 1972 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:30:52.0046 1972 Rasl2tp - ok
19:30:52.0078 1972 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:30:52.0078 1972 RasMan - ok
19:30:52.0093 1972 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:30:52.0093 1972 RasPppoe - ok
19:30:52.0109 1972 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:30:52.0109 1972 Raspti - ok
19:30:52.0125 1972 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:30:52.0125 1972 Rdbss - ok
19:30:52.0140 1972 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:30:52.0140 1972 RDPCDD - ok
19:30:52.0156 1972 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:30:52.0156 1972 rdpdr - ok
19:30:52.0187 1972 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:30:52.0203 1972 RDPWD - ok
19:30:52.0265 1972 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:30:52.0265 1972 RDSessMgr - ok
19:30:52.0281 1972 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:30:52.0281 1972 redbook - ok
19:30:52.0312 1972 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:30:52.0312 1972 RemoteAccess - ok
19:30:52.0343 1972 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:30:52.0343 1972 RemoteRegistry - ok
19:30:52.0359 1972 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:30:52.0375 1972 RpcLocator - ok
19:30:52.0390 1972 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:30:52.0406 1972 RpcSs - ok
19:30:52.0421 1972 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:30:52.0421 1972 RSVP - ok
19:30:52.0468 1972 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:30:52.0468 1972 SamSs - ok
19:30:52.0484 1972 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:30:52.0500 1972 SCardSvr - ok
19:30:52.0515 1972 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:30:52.0515 1972 Schedule - ok
19:30:52.0546 1972 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:30:52.0562 1972 Secdrv - ok
19:30:52.0578 1972 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:30:52.0578 1972 seclogon - ok
19:30:52.0593 1972 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:30:52.0593 1972 SENS - ok
19:30:52.0609 1972 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:30:52.0609 1972 serenum - ok
19:30:52.0625 1972 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:30:52.0625 1972 Serial - ok
19:30:52.0656 1972 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:30:52.0656 1972 Sfloppy - ok
19:30:52.0671 1972 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:30:52.0687 1972 SharedAccess - ok
19:30:52.0703 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:30:52.0703 1972 ShellHWDetection - ok
19:30:52.0718 1972 Simbad - ok
19:30:52.0750 1972 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:30:52.0750 1972 SLIP - ok
19:30:52.0796 1972 [ 39F9595D2F6F7EB93F45A466789A6F49 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:30:52.0812 1972 smwdm - ok
19:30:52.0843 1972 [ 79555B34913CB5D1EA429D295C5A17AC ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
19:30:52.0859 1972 snapman - ok
19:30:52.0890 1972 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
19:30:52.0921 1972 SolidWorks Licensing Service - ok
19:30:52.0921 1972 Sparrow - ok
19:30:52.0953 1972 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:30:52.0953 1972 splitter - ok
19:30:52.0984 1972 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:30:52.0984 1972 Spooler - ok
19:30:53.0000 1972 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
19:30:53.0000 1972 spupdsvc - ok
19:30:53.0031 1972 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\System32\DRIVERS\sr.sys
19:30:53.0031 1972 sr - ok
19:30:53.0062 1972 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:30:53.0062 1972 srservice - ok
19:30:53.0109 1972 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:30:53.0109 1972 Srv - ok
19:30:53.0140 1972 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:30:53.0156 1972 SSDPSRV - ok
19:30:53.0171 1972 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
19:30:53.0171 1972 StillCam - ok
19:30:53.0203 1972 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:30:53.0203 1972 stisvc - ok
19:30:53.0234 1972 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:30:53.0234 1972 streamip - ok
19:30:53.0250 1972 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:30:53.0250 1972 swenum - ok
19:30:53.0281 1972 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:30:53.0281 1972 swmidi - ok
19:30:53.0296 1972 SwPrv - ok
19:30:53.0312 1972 symc810 - ok
19:30:53.0312 1972 symc8xx - ok
19:30:53.0328 1972 sym_hi - ok
19:30:53.0328 1972 sym_u3 - ok
19:30:53.0359 1972 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:30:53.0359 1972 sysaudio - ok
19:30:53.0375 1972 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:30:53.0390 1972 SysmonLog - ok
19:30:53.0406 1972 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:30:53.0421 1972 TapiSrv - ok
19:30:53.0453 1972 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:30:53.0468 1972 Tcpip - ok
19:30:53.0484 1972 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:30:53.0500 1972 TDPIPE - ok
19:30:53.0500 1972 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:30:53.0515 1972 TDTCP - ok
19:30:53.0531 1972 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:30:53.0531 1972 TermDD - ok
19:30:53.0546 1972 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:30:53.0562 1972 TermService - ok
19:30:53.0578 1972 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:30:53.0593 1972 Themes - ok
19:30:53.0625 1972 [ 18F20C81F84599BF457ED640891AAD99 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:30:53.0625 1972 tifsfilter - ok
19:30:53.0656 1972 [ 7C31F485C2F8CE976280C86F3CB13D6C ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
19:30:53.0656 1972 timounter - ok
19:30:53.0687 1972 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
19:30:53.0687 1972 TlntSvr - ok
19:30:53.0703 1972 TosIde - ok
19:30:53.0718 1972 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:30:53.0718 1972 TrkWks - ok
19:30:53.0734 1972 [ 14826DBDE814E4C4EBD2A0E826596F54 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys
19:30:53.0765 1972 UDFReadr - ok
19:30:53.0781 1972 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:30:53.0781 1972 Udfs - ok
19:30:53.0796 1972 ultra - ok
19:30:53.0859 1972 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:30:53.0859 1972 UMVPFSrv - ok
19:30:53.0906 1972 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:30:53.0921 1972 Update - ok
19:30:53.0937 1972 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:30:53.0937 1972 upnphost - ok
19:30:53.0968 1972 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:30:53.0968 1972 UPS - ok
19:30:53.0968 1972 USBAAPL - ok
19:30:54.0015 1972 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:30:54.0015 1972 usbaudio - ok
19:30:54.0031 1972 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:30:54.0031 1972 usbccgp - ok
19:30:54.0046 1972 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:30:54.0046 1972 usbehci - ok
19:30:54.0062 1972 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:30:54.0078 1972 usbhub - ok
19:30:54.0093 1972 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:30:54.0093 1972 usbprint - ok
19:30:54.0125 1972 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:30:54.0125 1972 usbscan - ok
19:30:54.0140 1972 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:30:54.0140 1972 usbstor - ok
19:30:54.0156 1972 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:30:54.0156 1972 usbuhci - ok
19:30:54.0171 1972 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:30:54.0171 1972 usbvideo - ok
19:30:54.0187 1972 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:30:54.0187 1972 VgaSave - ok
19:30:54.0234 1972 [ 4A2C339B9E848E5099411577BE01E0FF ] vhidmini C:\WINDOWS\system32\DRIVERS\walvhid.sys
19:30:54.0234 1972 vhidmini - ok
19:30:54.0234 1972 ViaIde - ok
19:30:54.0265 1972 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:30:54.0265 1972 VolSnap - ok
19:30:54.0296 1972 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:30:54.0296 1972 VSS - ok
19:30:54.0328 1972 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:30:54.0328 1972 W32Time - ok
19:30:54.0343 1972 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:30:54.0343 1972 Wanarp - ok
19:30:54.0375 1972 [ 4A954A20A4C73D6DB13C0FE25F3F1B0C ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:30:54.0375 1972 wceusbsh - ok
19:30:54.0390 1972 WDICA - ok
19:30:54.0421 1972 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:30:54.0421 1972 wdmaud - ok
19:30:54.0437 1972 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:30:54.0437 1972 WebClient - ok
19:30:54.0500 1972 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:30:54.0500 1972 winmgmt - ok
19:30:54.0546 1972 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:30:54.0546 1972 WmdmPmSN - ok
19:30:54.0593 1972 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:30:54.0593 1972 Wmi - ok
19:30:54.0625 1972 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:30:54.0640 1972 WmiApSrv - ok
19:30:54.0703 1972 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:30:54.0734 1972 WMPNetworkSvc - ok
19:30:54.0765 1972 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:30:54.0765 1972 WS2IFSL - ok
19:30:54.0812 1972 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:30:54.0812 1972 wscsvc - ok
19:30:54.0828 1972 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:30:54.0828 1972 WSTCODEC - ok
19:30:54.0828 1972 WTService - ok
19:30:54.0875 1972 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:30:54.0875 1972 wuauserv - ok
19:30:54.0906 1972 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:30:54.0921 1972 WudfPf - ok
19:30:54.0937 1972 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:30:54.0937 1972 WudfRd - ok
19:30:54.0953 1972 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:30:54.0953 1972 WudfSvc - ok
19:30:55.0000 1972 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:30:55.0000 1972 WZCSVC - ok
19:30:55.0015 1972 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:30:55.0031 1972 xmlprov - ok
19:30:55.0046 1972 ================ Scan global ===============================
19:30:55.0078 1972 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:30:55.0109 1972 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:30:55.0125 1972 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:30:55.0140 1972 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:30:55.0140 1972 [Global] - ok
19:30:55.0140 1972 ================ Scan MBR ==================================
19:30:55.0156 1972 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:30:55.0406 1972 \Device\Harddisk0\DR0 - ok
19:30:55.0406 1972 ================ Scan VBR ==================================
19:30:55.0406 1972 [ 6B6AA5A6DCF667F60892F55759ECF70A ] \Device\Harddisk0\DR0\Partition1
19:30:55.0406 1972 \Device\Harddisk0\DR0\Partition1 - ok
19:30:55.0437 1972 [ B7ABD5E8A9B01C0346F35A6EA95773CC ] \Device\Harddisk0\DR0\Partition2
19:30:55.0453 1972 \Device\Harddisk0\DR0\Partition2 - ok
19:30:55.0453 1972 ============================================================
19:30:55.0453 1972 Scan finished
19:30:55.0453 1972 ============================================================
19:30:55.0468 0488 Detected object count: 0
19:30:55.0468 0488 Actual detected object count: 0

#7 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 23 September 2012 - 09:26 PM

Avast Scan Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 20:02:40
-----------------------------
20:02:40.468 OS Version: Windows 5.1.2600 Service Pack 3
20:02:40.468 Number of processors: 1 586 0x209
20:02:40.468 ComputerName: STERLING UserName: DH
20:02:41.031 Initialize success
20:04:46.156 AVAST engine defs: 12092301
20:05:31.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
20:05:31.609 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
20:05:31.625 Disk 0 MBR read successfully
20:05:31.625 Disk 0 MBR scan
20:05:31.656 Disk 0 Windows XP default MBR code
20:05:31.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114431 MB offset 63
20:05:31.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 362505 MB offset 234356220
20:05:31.671 Disk 0 scanning sectors +976768065
20:05:31.750 Disk 0 scanning C:\WINDOWS\system32\drivers
20:05:45.859 Service scanning
20:06:06.421 Modules scanning
20:06:10.296 Disk 0 trace - called modules:
20:06:10.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:06:10.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8bab8]
20:06:10.843 3 CLASSPNP.SYS[f760ffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x86f6ad98]
20:06:11.125 AVAST engine scan C:\
20:10:25.875 File: C:\Documents and Settings\DH\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\305726b8-69df92d8 **INFECTED** Win32:Downloader-QPN [Trj]
21:01:56.421 Scan finished successfully
22:27:57.421 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:27:57.421 The log file has been saved successfully to "C:\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 23 September 2012 - 10:08 PM

ESET log?

#9 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 24 September 2012 - 06:52 AM

ESET Results:

C:\Documents and Settings\DH\Application Data\AVG\Rescue\PC Tuneup 2011\120702203156343.rsc multiple threats deleted - quarantined
C:\Documents and Settings\DH\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53\35c6dc75-35e66644 multiple threats deleted - quarantined

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 24 September 2012 - 06:55 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan finishes,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#11 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 24 September 2012 - 09:03 AM

MalwareBytes Log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DH :: STERLING [administrator]

Protection: Disabled

9/24/2012 8:11:41 AM
mbam-log-2012-09-24 (08-11-41).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396118
Time elapsed: 45 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 24 September 2012 - 09:51 AM

Here is the MiniToolbox output, but two things to note first - 1) Hosts file was just recently downloaded from http://winhelp2002.mvps.org/hosts.htm; 2) The Application errors listed are all for a network printer that seemed to be set to a fixed IP port on my computer for some reason, when the printer was actually using DHCP => I've fixed this

---

MiniToolBox by Farbar Version: 23-07-2012
Ran by DH (administrator) on 24-09-2012 at 10:25:59
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


::1 localhost

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net 127.0.0.1 csh.actiondesk.com

There are 12888 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : sterling

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-07-E9-52-51-FE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

68.237.161.12

Lease Obtained. . . . . . . . . . : Monday, September 24, 2012 7:25:19 AM

Lease Expires . . . . . . . . . . : Tuesday, September 25, 2012 7:25:19 AM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.7, 173.194.43.3, 173.194.43.2, 173.194.43.14
173.194.43.9, 173.194.43.5, 173.194.43.6, 173.194.43.0, 173.194.43.8
173.194.43.4, 173.194.43.1



Pinging google.com [74.125.226.195] with 32 bytes of data:



Reply from 74.125.226.195: bytes=32 time=7ms TTL=252

Reply from 74.125.226.195: bytes=32 time=7ms TTL=252



Ping statistics for 74.125.226.195:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 7ms, Average = 7ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=1235ms TTL=250

Reply from 72.30.38.140: bytes=32 time=1357ms TTL=250



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1235ms, Maximum = 1357ms, Average = 1296ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 52 51 fe ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/23/2012 08:22:54 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:22:54.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:21:45 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:21:45.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:20:36 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:20:36.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:19:27 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:19:27.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:18:18 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:18:18.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:17:09 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:17:09.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:16:00 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:16:00.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:14:51 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:14:51.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:13:42 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:13:42.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]

Error: (09/23/2012 08:12:33 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/09/23 08:12:33.609]: [00000756]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.10]


System errors:
=============
Error: (09/24/2012 08:55:48 AM) (Source: Print) (User: STERLING)
Description: The document Microsoft Word - 2010-05-helpful tips for submitting your expense report.docx owned by DH failed to print on printer Brother MFC-7360N Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1187144. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\STERLING. Win32 error code returned by the print processor: Microsoft Word - 2010-05-helpful tips for submitting your expense report.docx0. Microsoft Word - 2010-05-helpful tips for submitting your expense report.docx1

Error: (09/23/2012 08:17:28 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:15:26 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:13:38 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:11:41 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:09:46 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:07:50 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 08:05:43 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (09/23/2012 07:40:53 PM) (Source: Service Control Manager) (User: )
Description: The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).

Error: (09/23/2012 07:40:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi


Microsoft Office Sessions:
=========================
Error: (07/31/2012 02:53:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6851 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (04/13/2010 00:35:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/08/2010 06:54:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2983 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (03/21/2010 05:14:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15690 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (03/13/2010 10:46:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36720 seconds with 420 seconds of active time. This session ended with a crash.

Error: (03/01/2010 03:12:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 490 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/17/2010 05:17:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13076 seconds with 6120 seconds of active time. This session ended with a crash.

Error: (12/30/2009 02:46:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/30/2009 02:45:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 297 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/04/2009 02:17:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 163142765 seconds with 840 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

7-Zip 9.12 beta
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Acrobat.com (Version: 1.7.186)
AcronisáTrueáImage
Adobe Acrobat 9 Pro - English, Franšais, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 1.5.2.8900)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.23)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Amazon Kindle
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
AVG PC Tuneup (Version: 10.0.0.27)
BCM V.92 56K Modem
Bonjour (Version: 1.0.106)
Brother MFL-Pro Suite MFC-7360N (Version: 1.0.7.0)
CameraHelperMsi (Version: 13.31.1038.0)
Centra Client
CodeBlocks (Version: 8.02)
Connect (Version: 1.0.0.1)
DiMAGE Image Viewer Utility
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
FileZilla Client 3.3.0.1 (Version: 3.3.0.1)
Free Notes & Office Ink (Version: )
Google SketchUp 7 (Version: 2.1.6087)
Home & Business Lawyer (Version: 2.1.0.0)
Intel® PRO Network Connections Drivers
iTunes (Version: 9.0.2.25)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
kuler (Version: 2.0)
Lexmark 7600 Series
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Tools for Office (Version: 1.24.0.0)
Logitech Webcam Software (Version: 2.31)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MATLAB 6.5
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Project Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Outlook Web Access S/MIME (Version: 6.5.7651.60)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC Redist 2008 (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (Version: 9.0.21228)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Windows SDK .NET Framework Tools (Version: 6.1)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (Version: 6.0.6001.18000)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367) (Version: 6.1.367.18000)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367) (Version: 6.1.367.18000)
Mindjet MindManager Pro 6 (Version: 6.0.643)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
PDF-XChange 3.0
PDF Settings CS4 (Version: 9.0)
Pen Pad Driver with Macro Key Manager
Photoshop Camera Raw (Version: 5.0)
Power Presenter RE (Version: )
Project Timer Lite v1.0.1
QuickBooks (Version: 20.0.4005.807)
QuickBooks Pro 2010 (Version: 20.0.4005.807)
QuickTime (Version: 7.65.17.80)
Roxio Easy Media Creator 7 (Version: 7.0.353.0)
SolidWorks eDrawings 2010 (Version: 10.3.143)
Sonic CinePlayer DVD Pack (Version: 2.3.1)
Suite Shared Configuration CS4 (Version: 1.0)
System Requirements Lab (Version: 4.5.1.0)
Tina 8 - Industrial (Version: 8.00.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows SDK Intellidocs (Version: 9.0.21022)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 25.0.2012.5)
Xilisoft DVD to 3GP Converter (Version: 4.0.97.0115)
Xilisoft Video Converter 3 (Version: 3.1.49.1207b)

========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 1023 MB
Available physical RAM: 277.96 MB
Total Pagefile: 2463.75 MB
Available Pagefile: 1663.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.75 GB) (Free:63.79 GB) NTFS
2 Drive d: (2ndVolume) (Fixed) (Total:354.01 GB) (Free:281.41 GB) NTFS

========================= Users: ========================================

User accounts for \\STERLING

Administrator DH Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

24-09-2012 12:08:58 System Checkpoint

**** End of log ****

#13 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 24 September 2012 - 09:53 AM

FSS Log:

Farbar Service Scanner Version: 19-09-2012
Ran by DH (administrator) on 24-09-2012 at 10:55:53
Running from "D:\personal_documents_post7_2012\IT\NewVirus9_12_cleanup\bleepingcomputer_recommendation"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#14 dchrysostom

dchrysostom
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 24 September 2012 - 10:20 AM

Adware removal tool log:

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 10:57:45
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DH - STERLING
# Boot Mode : Normal
# Running from : D:\personal_documents_post7_2012\IT\NewVirus9_12_cleanup\bleepingcomputer_recommendation\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\DH\Application Data\Mozilla\Firefox\Profiles\dhdqcxox.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1188 octets] - [24/09/2012 10:57:45]

########## EOF - C:\AdwCleaner[S1].txt - [1248 octets] ##########

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 24 September 2012 - 10:47 AM

Junkware log?


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users