Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

seekportal browser redirect (IE)


  • Please log in to reply
16 replies to this topic

#1 Shrimpette

Shrimpette

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 22 September 2012 - 06:21 AM

Hi

Am trying to fix husband's netbook, which was infected by Live Platinum (not sure how, as there were no downloads). Please note - I cannot boot the netbook into Safe Mode / Safe Mode with networking, as Mup.sys is corrupt? It keeps just booting into normal Windows, but I was able to run Malwarebytes from normal mode (log 1 below). I then discovered the redirect malware when attempting to visit bleepingcomputer from his netbook (to download DDS, etc). Every time I type into the address bar, it uses seekportal.com to redirect me to random websites (tbh, I only tried once then gave up.)

I am now on my laptop, with network access to his netbook, so I can collect and post log data. I have backed up vital data to my laptop, so if I need to wipe his netbook, I will do so! I have saved the required files to his netbook and am currently running DDS & GMER and will post those log results under this post.

I ran Malwarebytes again (log 2 below) and also FSS, FixExec and SecurityCheck (all logs below). I hope the logs help to identify the issue - apologies that I have not followed the correct order of posting them.

Thank you in advance for any pointers / help you can provide.



Log 1 (Malwarebytes removal of Trojans)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Barrie Kebbell :: NOTEBOOK [limited]

21/09/2012 09:51:25
mbam-log-2012-09-21 (09-51-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313630
Time elapsed: 1 hour(s), 39 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\Barrie Kebbell\Application Data\lndir.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lndir (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Documents and Settings\Barrie Kebbell\Application Data\lndir.dll",UlStripWhitespaceW -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$0064407d9414bbd57dcb313c9ab1997b\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-1729697498-1434109735-2322020850-1006\$0064407d9414bbd57dcb313c9ab1997b\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Documents and Settings\Barrie Kebbell\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Documents and Settings\Barrie Kebbell\Local Settings\Temp\~!#1C3.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barrie Kebbell\Local Settings\Temp\tmp8eec1b23\bleep.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$0064407d9414bbd57dcb313c9ab1997b\n (Trojan.0Access) -> Delete on reboot.
C:\RECYCLER\S-1-5-18\$0064407d9414bbd57dcb313c9ab1997b\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$0064407d9414bbd57dcb313c9ab1997b\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$0064407d9414bbd57dcb313c9ab1997b\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1729697498-1434109735-2322020850-1006\$0064407d9414bbd57dcb313c9ab1997b\n (Trojan.0Access) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\29\3c9c411d-6f37e1f0 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\e3s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barrie Kebbell\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barrie Kebbell\Application Data\lndir.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

(end)


Log 2 (Malwarebytes run after trojan removal)

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Barrie Kebbell :: NOTEBOOK [limited]

21/09/2012 14:14:03
mbam-log-2012-09-21 (14-14-03).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327904
Time elapsed: 1 hour(s), 52 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

FixExec log

FixExec by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about FixExec can be found at this link:
http://www.bleepingcomputer.com/download/windows/utilities/fixexec

Program started at: 09/21/2012 09:49:45 AM in x86 mode.
Windows Version: Windows XP

Checking for processes to terminate before fixing executable associations.
* No processes found to kill.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


Program finished at: 09/21/2012 09:49:49 AM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)


Security Check log

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

FSS log

Farbar Service Scanner Version: 19-09-2012
Ran by Barrie Kebbell (administrator) on 21-09-2012 at 18:54:52
Running from "C:\Documents and Settings\Barrie Kebbell\Desktop\Security"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

Edited by Shrimpette, 22 September 2012 - 06:30 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 22 September 2012 - 07:48 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 22 September 2012 - 11:20 AM

Hi Narenxp

Thanks for replying. These are the scan results - however I could not run ESET online scanner. I keep getting an error message saying "Can not get update. Is proxy configured?". It took a long time to run the scans too - I ended up stopping the GMER scan so that I could run the alternatives you suggested. The default action for a file (sptd) after the TDSSkiller scan was "skip", so I did this? Should I run FixMBR on the aswMBR program? It is still open...

Thank you in advance for taking a look.



TDSS LOG

15:34:23.0109 2736 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:34:23.0187 2736 ============================================================
15:34:23.0187 2736 Current date / time: 2012/09/22 15:34:23.0187
15:34:23.0187 2736 SystemInfo:
15:34:23.0187 2736
15:34:23.0187 2736 OS Version: 5.1.2600 ServicePack: 3.0
15:34:23.0187 2736 Product type: Workstation
15:34:23.0187 2736 ComputerName: NOTEBOOK
15:34:23.0187 2736 UserName: Barrie Kebbell
15:34:23.0187 2736 Windows directory: C:\WINDOWS
15:34:23.0187 2736 System windows directory: C:\WINDOWS
15:34:23.0187 2736 Processor architecture: Intel x86
15:34:23.0187 2736 Number of processors: 2
15:34:23.0187 2736 Page size: 0x1000
15:34:23.0187 2736 Boot type: Normal boot
15:34:23.0187 2736 ============================================================
15:34:24.0093 2736 BG loaded
15:34:24.0781 2736 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:34:24.0843 2736 ============================================================
15:34:24.0859 2736 \Device\Harddisk0\DR0:
15:34:24.0859 2736 MBR partitions:
15:34:24.0859 2736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC03000, BlocksNum 0x11E16000
15:34:24.0859 2736 ============================================================
15:34:24.0953 2736 C: <-> \Device\Harddisk0\DR0\Partition1
15:34:25.0031 2736 ============================================================
15:34:25.0031 2736 Initialize success
15:34:25.0031 2736 ============================================================
15:35:28.0718 3992 ============================================================
15:35:28.0718 3992 Scan started
15:35:28.0718 3992 Mode: Manual; TDLFS;
15:35:28.0718 3992 ============================================================
15:35:29.0781 3992 ================ Scan system memory ========================
15:35:31.0906 3992 System memory - ok
15:35:31.0906 3992 ================ Scan services =============================
15:35:32.0078 3992 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:35:32.0078 3992 !SASCORE - ok
15:35:32.0359 3992 Abiosdsk - ok
15:35:32.0437 3992 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:35:32.0453 3992 abp480n5 - ok
15:35:32.0484 3992 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:35:32.0500 3992 ACPI - ok
15:35:32.0515 3992 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:35:32.0515 3992 ACPIEC - ok
15:35:32.0609 3992 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:35:32.0609 3992 adpu160m - ok
15:35:32.0656 3992 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:35:32.0656 3992 aec - ok
15:35:32.0796 3992 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:35:32.0812 3992 AFD - ok
15:35:32.0843 3992 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:35:32.0843 3992 agp440 - ok
15:35:32.0875 3992 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:35:32.0984 3992 agpCPQ - ok
15:35:33.0015 3992 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:35:33.0015 3992 Aha154x - ok
15:35:33.0031 3992 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:35:33.0046 3992 aic78u2 - ok
15:35:33.0046 3992 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:35:33.0046 3992 aic78xx - ok
15:35:33.0156 3992 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:35:33.0250 3992 Alerter - ok
15:35:33.0375 3992 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:35:33.0375 3992 ALG - ok
15:35:33.0562 3992 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:35:33.0562 3992 AliIde - ok
15:35:33.0578 3992 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:35:33.0578 3992 alim1541 - ok
15:35:33.0593 3992 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:35:33.0609 3992 amdagp - ok
15:35:33.0640 3992 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:35:33.0656 3992 amsint - ok
15:35:33.0656 3992 AppMgmt - ok
15:35:33.0984 3992 [ 2774B0607ACDAD6E76F577AC85FA077D ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
15:35:34.0031 3992 AR5416 - ok
15:35:34.0078 3992 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:35:34.0078 3992 asc - ok
15:35:34.0218 3992 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:35:34.0218 3992 asc3350p - ok
15:35:34.0250 3992 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:35:34.0250 3992 asc3550 - ok
15:35:34.0718 3992 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:35:34.0875 3992 aspnet_state - ok
15:35:34.0953 3992 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:35:34.0953 3992 AsyncMac - ok
15:35:35.0062 3992 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:35:35.0062 3992 atapi - ok
15:35:35.0078 3992 Atdisk - ok
15:35:35.0187 3992 [ ADF203D69791B3FC0C839BD970EB4B8E ] Atenlpt C:\WINDOWS\system32\drivers\Atenlpt.sys
15:35:35.0187 3992 Atenlpt - ok
15:35:35.0250 3992 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:35:35.0250 3992 Atmarpc - ok
15:35:35.0359 3992 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:35:35.0359 3992 AudioSrv - ok
15:35:35.0453 3992 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:35:35.0453 3992 audstub - ok
15:35:35.0578 3992 [ 164A0AC9EF86EF4B9C5BC6081F9ACBEB ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:35:35.0625 3992 BCM43XX - ok
15:35:35.0640 3992 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:35:35.0640 3992 Beep - ok
15:35:35.0812 3992 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:35:35.0828 3992 Bonjour Service - ok
15:35:35.0890 3992 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:35:35.0906 3992 Browser - ok
15:35:35.0937 3992 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:35:35.0937 3992 cbidf - ok
15:35:35.0953 3992 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:35:35.0953 3992 cbidf2k - ok
15:35:36.0046 3992 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:35:36.0046 3992 CCDECODE - ok
15:35:36.0125 3992 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:35:36.0125 3992 cd20xrnt - ok
15:35:36.0140 3992 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:35:36.0140 3992 Cdaudio - ok
15:35:36.0218 3992 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:35:36.0218 3992 Cdfs - ok
15:35:36.0265 3992 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:35:36.0281 3992 Cdrom - ok
15:35:36.0281 3992 Changer - ok
15:35:36.0359 3992 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:35:36.0375 3992 CiSvc - ok
15:35:36.0421 3992 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:35:36.0437 3992 ClipSrv - ok
15:35:36.0484 3992 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:36.0609 3992 clr_optimization_v2.0.50727_32 - ok
15:35:36.0656 3992 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:35:36.0765 3992 CmBatt - ok
15:35:36.0875 3992 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:35:36.0875 3992 CmdIde - ok
15:35:36.0906 3992 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:35:36.0906 3992 Compbatt - ok
15:35:36.0921 3992 COMSysApp - ok
15:35:36.0968 3992 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:35:36.0968 3992 Cpqarray - ok
15:35:36.0984 3992 cpudrv - ok
15:35:37.0031 3992 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:35:37.0046 3992 CryptSvc - ok
15:35:37.0046 3992 cyevsbth - ok
15:35:37.0093 3992 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:35:37.0093 3992 dac2w2k - ok
15:35:37.0109 3992 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:35:37.0109 3992 dac960nt - ok
15:35:37.0203 3992 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:35:37.0312 3992 DcomLaunch - ok
15:35:37.0359 3992 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
15:35:37.0359 3992 dgderdrv - ok
15:35:37.0406 3992 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:35:37.0406 3992 dg_ssudbus - ok
15:35:37.0484 3992 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:35:37.0484 3992 Dhcp - ok
15:35:37.0578 3992 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:35:37.0593 3992 Disk - ok
15:35:37.0671 3992 [ 46BCA4C89DFCF4E5EBAF62CAD68E6083 ] dk3drv C:\WINDOWS\SYSTEM32\Drivers\dk3drv.sys
15:35:37.0750 3992 dk3drv - ok
15:35:37.0843 3992 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
15:35:37.0859 3992 DKbFltr - ok
15:35:37.0875 3992 dmadmin - ok
15:35:37.0984 3992 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:35:38.0015 3992 dmboot - ok
15:35:38.0062 3992 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:35:38.0062 3992 dmio - ok
15:35:38.0078 3992 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:35:38.0078 3992 dmload - ok
15:35:38.0109 3992 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:35:38.0109 3992 dmserver - ok
15:35:38.0156 3992 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:35:38.0156 3992 DMusic - ok
15:35:38.0250 3992 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:35:38.0250 3992 Dnscache - ok
15:35:38.0312 3992 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:35:38.0312 3992 Dot3svc - ok
15:35:38.0406 3992 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:35:38.0406 3992 dpti2o - ok
15:35:38.0562 3992 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:35:38.0562 3992 DritekPortIO - ok
15:35:38.0640 3992 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:35:38.0656 3992 drmkaud - ok
15:35:38.0703 3992 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:35:38.0718 3992 EapHost - ok
15:35:38.0750 3992 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:35:38.0765 3992 ERSvc - ok
15:35:38.0843 3992 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:35:38.0843 3992 Eventlog - ok
15:35:38.0875 3992 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:35:38.0890 3992 EventSystem - ok
15:35:39.0078 3992 [ 288495430AB4168BD1C6BA39B6A475F0 ] ExpressAccountsService C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe
15:35:39.0093 3992 ExpressAccountsService - ok
15:35:39.0250 3992 [ A3C9454FE4C5D23A981E352193AE5E96 ] ExpressInvoiceService C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
15:35:39.0343 3992 ExpressInvoiceService - ok
15:35:39.0421 3992 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:35:39.0437 3992 Fastfat - ok
15:35:39.0515 3992 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:35:39.0531 3992 FastUserSwitchingCompatibility - ok
15:35:39.0546 3992 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:35:39.0546 3992 Fdc - ok
15:35:39.0562 3992 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:35:39.0578 3992 Fips - ok
15:35:39.0578 3992 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:35:39.0578 3992 Flpydisk - ok
15:35:39.0625 3992 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:35:39.0625 3992 FltMgr - ok
15:35:39.0812 3992 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:35:39.0828 3992 FontCache3.0.0.0 - ok
15:35:39.0859 3992 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:35:39.0875 3992 Fs_Rec - ok
15:35:39.0968 3992 [ 7C17235845D5AE3FB33EAD47B5881521 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
15:35:39.0968 3992 FTDIBUS - ok
15:35:40.0031 3992 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:35:40.0046 3992 Ftdisk - ok
15:35:40.0093 3992 [ 23220A4709CC5785F9633BA71416145C ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
15:35:40.0093 3992 FTSER2K - ok
15:35:40.0187 3992 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:35:40.0187 3992 GEARAspiWDM - ok
15:35:40.0343 3992 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:35:40.0359 3992 GoogleDesktopManager-080708-050100 - ok
15:35:40.0375 3992 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:35:40.0375 3992 Gpc - ok
15:35:40.0468 3992 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:35:40.0484 3992 HDAudBus - ok
15:35:40.0656 3992 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:35:40.0656 3992 helpsvc - ok
15:35:40.0656 3992 HidServ - ok
15:35:40.0765 3992 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:35:40.0765 3992 HidUsb - ok
15:35:40.0828 3992 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:35:40.0828 3992 hkmsvc - ok
15:35:40.0875 3992 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:35:40.0875 3992 hpn - ok
15:35:40.0968 3992 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:35:40.0968 3992 HTTP - ok
15:35:41.0062 3992 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:35:41.0062 3992 HTTPFilter - ok
15:35:41.0078 3992 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:35:41.0093 3992 i2omgmt - ok
15:35:41.0140 3992 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:35:41.0140 3992 i2omp - ok
15:35:41.0203 3992 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:35:41.0203 3992 i8042prt - ok
15:35:41.0359 3992 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:35:41.0359 3992 IAANTMON - ok
15:35:41.0609 3992 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:35:41.0796 3992 ialm - ok
15:35:41.0906 3992 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
15:35:41.0906 3992 iaStor - ok
15:35:42.0078 3992 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:35:42.0078 3992 IDriverT - ok
15:35:42.0187 3992 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:35:42.0218 3992 idsvc - ok
15:35:42.0281 3992 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:35:42.0281 3992 Imapi - ok
15:35:42.0375 3992 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:35:42.0375 3992 ImapiService - ok
15:35:42.0468 3992 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:35:42.0468 3992 ini910u - ok
15:35:42.0484 3992 int15.sys - ok
15:35:42.0718 3992 [ 662B65EEB8D070BD1162A7B63859AFCF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:35:42.0937 3992 IntcAzAudAddService - ok
15:35:43.0031 3992 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:35:43.0031 3992 IntelIde - ok
15:35:43.0062 3992 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:35:43.0062 3992 intelppm - ok
15:35:43.0156 3992 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:35:43.0156 3992 Ip6Fw - ok
15:35:43.0156 3992 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:35:43.0171 3992 IpFilterDriver - ok
15:35:43.0171 3992 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:35:43.0171 3992 IpInIp - ok
15:35:43.0218 3992 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:35:43.0234 3992 IpNat - ok
15:35:43.0328 3992 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:35:43.0359 3992 iPod Service - ok
15:35:43.0375 3992 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:35:43.0375 3992 IPSec - ok
15:35:43.0390 3992 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:35:43.0390 3992 IRENUM - ok
15:35:43.0421 3992 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:35:43.0421 3992 isapnp - ok
15:35:43.0625 3992 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:35:43.0625 3992 JavaQuickStarterService - ok
15:35:43.0671 3992 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:35:43.0687 3992 Kbdclass - ok
15:35:43.0750 3992 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:35:43.0750 3992 kmixer - ok
15:35:43.0875 3992 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
15:35:43.0875 3992 Kodak AiO Network Discovery Service - ok
15:35:43.0984 3992 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
15:35:44.0000 3992 Kodak AiO Status Monitor Service - ok
15:35:44.0093 3992 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:35:44.0093 3992 KSecDD - ok
15:35:44.0187 3992 [ 080CF8720A306A64F7A09D1226491791 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
15:35:44.0187 3992 L1e - ok
15:35:44.0234 3992 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:35:44.0250 3992 LanmanServer - ok
15:35:44.0312 3992 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:35:44.0343 3992 lanmanworkstation - ok
15:35:44.0359 3992 lbrtfdc - ok
15:35:44.0437 3992 [ 1E249F3E56B9C13F42C6D12D9447354F ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
15:35:44.0453 3992 LexBceS - ok
15:35:44.0546 3992 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:35:44.0546 3992 LmHosts - ok
15:35:44.0562 3992 lxba_device - ok
15:35:44.0656 3992 [ B47DA7EB985A6676623F378642E417B6 ] M3000Srv C:\WINDOWS\system32\Drivers\M3000KNT.sys
15:35:44.0765 3992 M3000Srv - ok
15:35:44.0828 3992 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:35:44.0828 3992 MBAMSwissArmy - ok
15:35:44.0875 3992 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:35:44.0875 3992 Messenger - ok
15:35:44.0937 3992 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:35:44.0937 3992 mnmdd - ok
15:35:44.0984 3992 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:35:44.0984 3992 mnmsrvc - ok
15:35:45.0093 3992 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:35:45.0093 3992 Modem - ok
15:35:45.0187 3992 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:35:45.0187 3992 Mouclass - ok
15:35:45.0218 3992 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:35:45.0234 3992 MountMgr - ok
15:35:45.0296 3992 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:35:45.0296 3992 MpFilter - ok
15:35:45.0453 3992 MpKslcba0192d - ok
15:35:45.0500 3992 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:35:45.0500 3992 mraid35x - ok
15:35:45.0546 3992 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:35:45.0562 3992 MRxDAV - ok
15:35:45.0625 3992 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:35:45.0625 3992 MRxSmb - ok
15:35:45.0703 3992 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:35:45.0703 3992 MSDTC - ok
15:35:45.0718 3992 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:35:45.0718 3992 Msfs - ok
15:35:45.0734 3992 MSIServer - ok
15:35:45.0781 3992 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:35:45.0796 3992 MSKSSRV - ok
15:35:45.0890 3992 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:35:45.0890 3992 MSPCLOCK - ok
15:35:45.0906 3992 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:35:45.0906 3992 MSPQM - ok
15:35:45.0937 3992 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:35:45.0937 3992 mssmbios - ok
15:35:46.0000 3992 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:35:46.0000 3992 MSTEE - ok
15:35:46.0031 3992 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:35:46.0046 3992 Mup - ok
15:35:46.0093 3992 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:35:46.0093 3992 NABTSFEC - ok
15:35:46.0187 3992 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:35:46.0187 3992 napagent - ok
15:35:46.0203 3992 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:35:46.0218 3992 NDIS - ok
15:35:46.0250 3992 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:35:46.0250 3992 NdisIP - ok
15:35:46.0328 3992 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:35:46.0328 3992 NdisTapi - ok
15:35:46.0359 3992 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:35:46.0359 3992 Ndisuio - ok
15:35:46.0375 3992 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:35:46.0390 3992 NdisWan - ok
15:35:46.0421 3992 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:35:46.0437 3992 NDProxy - ok
15:35:46.0437 3992 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:35:46.0437 3992 NetBIOS - ok
15:35:46.0500 3992 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:35:46.0500 3992 NetBT - ok
15:35:46.0609 3992 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:35:46.0609 3992 NetDDE - ok
15:35:46.0625 3992 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:35:46.0625 3992 NetDDEdsdm - ok
15:35:46.0734 3992 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:35:46.0734 3992 Netlogon - ok
15:35:46.0812 3992 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:35:46.0828 3992 Netman - ok
15:35:46.0875 3992 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:46.0890 3992 NetTcpPortSharing - ok
15:35:46.0953 3992 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:35:46.0968 3992 Nla - ok
15:35:47.0046 3992 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:35:47.0046 3992 Npfs - ok
15:35:47.0140 3992 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:35:47.0156 3992 Ntfs - ok
15:35:47.0171 3992 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:35:47.0171 3992 NtLmSsp - ok
15:35:47.0265 3992 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:35:47.0281 3992 NtmsSvc - ok
15:35:47.0328 3992 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:35:47.0328 3992 Null - ok
15:35:47.0390 3992 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:35:47.0390 3992 NwlnkFlt - ok
15:35:47.0421 3992 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:35:47.0421 3992 NwlnkFwd - ok
15:35:47.0640 3992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:35:47.0656 3992 odserv - ok
15:35:47.0703 3992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:35:47.0703 3992 ose - ok
15:35:47.0781 3992 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:35:47.0781 3992 Parport - ok
15:35:47.0875 3992 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:35:47.0968 3992 PartMgr - ok
15:35:48.0015 3992 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:35:48.0015 3992 ParVdm - ok
15:35:48.0093 3992 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:35:48.0093 3992 PCI - ok
15:35:48.0109 3992 PCIDump - ok
15:35:48.0125 3992 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:35:48.0125 3992 PCIIde - ok
15:35:48.0187 3992 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:35:48.0187 3992 Pcmcia - ok
15:35:48.0203 3992 PDCOMP - ok
15:35:48.0218 3992 PDFRAME - ok
15:35:48.0234 3992 PDRELI - ok
15:35:48.0281 3992 PDRFRAME - ok
15:35:48.0328 3992 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:35:48.0343 3992 perc2 - ok
15:35:48.0359 3992 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:35:48.0359 3992 perc2hib - ok
15:35:48.0437 3992 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:35:48.0437 3992 PlugPlay - ok
15:35:48.0437 3992 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:35:48.0453 3992 PolicyAgent - ok
15:35:48.0484 3992 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:35:48.0484 3992 PptpMiniport - ok
15:35:48.0531 3992 Profos - ok
15:35:48.0578 3992 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:35:48.0578 3992 ProtectedStorage - ok
15:35:48.0593 3992 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:35:48.0593 3992 PSched - ok
15:35:48.0625 3992 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:35:48.0625 3992 Ptilink - ok
15:35:48.0765 3992 [ 7DD6AF2985AC6C153404C34C52F314DC ] QDLService2kAD C:\Program Files\QUALCOMM\QDLService2k\QDLService2kAD.exe
15:35:48.0781 3992 QDLService2kAD - ok
15:35:48.0843 3992 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:35:48.0843 3992 ql1080 - ok
15:35:48.0937 3992 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:35:48.0937 3992 Ql10wnt - ok
15:35:48.0968 3992 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:35:48.0968 3992 ql12160 - ok
15:35:49.0000 3992 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:35:49.0000 3992 ql1240 - ok
15:35:49.0015 3992 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:35:49.0015 3992 ql1280 - ok
15:35:49.0078 3992 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:35:49.0078 3992 RasAcd - ok
15:35:49.0125 3992 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:35:49.0140 3992 RasAuto - ok
15:35:49.0187 3992 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:35:49.0187 3992 Rasl2tp - ok
15:35:49.0234 3992 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:35:49.0234 3992 RasMan - ok
15:35:49.0265 3992 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:35:49.0265 3992 RasPppoe - ok
15:35:49.0281 3992 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:35:49.0281 3992 Raspti - ok
15:35:49.0328 3992 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:35:49.0328 3992 Rdbss - ok
15:35:49.0359 3992 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:35:49.0359 3992 RDPCDD - ok
15:35:49.0421 3992 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:35:49.0421 3992 rdpdr - ok
15:35:49.0484 3992 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:35:49.0484 3992 RDPWD - ok
15:35:49.0562 3992 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:35:49.0578 3992 RDSessMgr - ok
15:35:49.0687 3992 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:35:49.0796 3992 redbook - ok
15:35:49.0875 3992 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:35:49.0875 3992 RemoteAccess - ok
15:35:49.0921 3992 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
15:35:49.0921 3992 RimUsb - ok
15:35:49.0953 3992 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:35:49.0968 3992 RimVSerPort - ok
15:35:50.0062 3992 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:35:50.0062 3992 ROOTMODEM - ok
15:35:50.0156 3992 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:35:50.0156 3992 RpcLocator - ok
15:35:50.0187 3992 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:35:50.0203 3992 RpcSs - ok
15:35:50.0203 3992 RSUSBSTOR - ok
15:35:50.0312 3992 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:35:50.0328 3992 RSVP - ok
15:35:50.0437 3992 [ 38494041F19F6CD005B711F5E08FAE08 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
15:35:50.0453 3992 RS_Service - ok
15:35:50.0453 3992 Rts516xIR - ok
15:35:50.0484 3992 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:35:50.0484 3992 SamSs - ok
15:35:50.0578 3992 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:35:50.0578 3992 SASDIFSV - ok
15:35:50.0609 3992 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:35:50.0609 3992 SASKUTIL - ok
15:35:50.0625 3992 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:35:50.0625 3992 SCardSvr - ok
15:35:50.0640 3992 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:35:50.0656 3992 Schedule - ok
15:35:50.0718 3992 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:35:50.0734 3992 Secdrv - ok
15:35:50.0734 3992 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:35:50.0750 3992 seclogon - ok
15:35:50.0750 3992 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:35:50.0750 3992 SENS - ok
15:35:50.0890 3992 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:35:50.0890 3992 Ser2pl - ok
15:35:50.0937 3992 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:35:50.0937 3992 Serenum - ok
15:35:50.0937 3992 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:35:50.0953 3992 Serial - ok
15:35:51.0015 3992 [ 1F16931C722C69E4A7866244796C66A0 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
15:35:51.0031 3992 sermouse - ok
15:35:51.0109 3992 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:35:51.0109 3992 Sfloppy - ok
15:35:51.0140 3992 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:35:51.0156 3992 ShellHWDetection - ok
15:35:51.0156 3992 Simbad - ok
15:35:51.0218 3992 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:35:51.0218 3992 sisagp - ok
15:35:51.0296 3992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:35:51.0296 3992 SkypeUpdate - ok
15:35:51.0328 3992 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:35:51.0328 3992 SLIP - ok
15:35:51.0406 3992 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:35:51.0406 3992 Sparrow - ok
15:35:51.0468 3992 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:35:51.0468 3992 splitter - ok
15:35:51.0562 3992 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:35:51.0578 3992 Spooler - ok
15:35:51.0671 3992 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
15:35:51.0671 3992 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
15:35:51.0687 3992 sptd ( LockedFile.Multi.Generic ) - warning
15:35:51.0687 3992 sptd - detected LockedFile.Multi.Generic (1)
15:35:51.0703 3992 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:35:51.0703 3992 sr - ok
15:35:51.0781 3992 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:35:51.0781 3992 srservice - ok
15:35:51.0843 3992 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:35:51.0843 3992 Srv - ok
15:35:51.0859 3992 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:35:51.0859 3992 SSDPSRV - ok
15:35:51.0906 3992 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:35:51.0921 3992 ssudmdm - ok
15:35:51.0921 3992 StarOpen - ok
15:35:52.0031 3992 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:35:52.0031 3992 StillCam - ok
15:35:52.0078 3992 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:35:52.0093 3992 stisvc - ok
15:35:52.0140 3992 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:35:52.0140 3992 streamip - ok
15:35:52.0234 3992 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:35:52.0234 3992 swenum - ok
15:35:52.0328 3992 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:35:52.0328 3992 swmidi - ok
15:35:52.0343 3992 SwPrv - ok
15:35:52.0406 3992 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:35:52.0406 3992 symc810 - ok
15:35:52.0437 3992 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:35:52.0437 3992 symc8xx - ok
15:35:52.0437 3992 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:35:52.0453 3992 sym_hi - ok
15:35:52.0468 3992 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:35:52.0468 3992 sym_u3 - ok
15:35:52.0546 3992 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:35:52.0546 3992 SynTP - ok
15:35:52.0562 3992 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:35:52.0578 3992 sysaudio - ok
15:35:52.0671 3992 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:35:52.0687 3992 SysmonLog - ok
15:35:52.0781 3992 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:35:52.0781 3992 TapiSrv - ok
15:35:52.0875 3992 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:35:53.0031 3992 Tcpip - ok
15:35:53.0093 3992 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:35:53.0093 3992 TDPIPE - ok
15:35:53.0140 3992 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:35:53.0140 3992 TDTCP - ok
15:35:53.0203 3992 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:35:53.0203 3992 TermDD - ok
15:35:53.0250 3992 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:35:53.0250 3992 TermService - ok
15:35:53.0281 3992 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:35:53.0281 3992 Themes - ok
15:35:53.0328 3992 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:35:53.0328 3992 TosIde - ok
15:35:53.0343 3992 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:35:53.0343 3992 TrkWks - ok
15:35:53.0359 3992 Trufos - ok
15:35:53.0390 3992 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:35:53.0390 3992 Udfs - ok
15:35:53.0421 3992 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:35:53.0421 3992 ultra - ok
15:35:53.0500 3992 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:35:53.0500 3992 Update - ok
15:35:53.0562 3992 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:35:53.0562 3992 upnphost - ok
15:35:53.0625 3992 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:35:53.0625 3992 UPS - ok
15:35:53.0734 3992 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:35:53.0734 3992 usbaudio - ok
15:35:53.0781 3992 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:35:53.0796 3992 usbccgp - ok
15:35:53.0796 3992 USBCCID - ok
15:35:53.0875 3992 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:35:53.0875 3992 usbehci - ok
15:35:53.0906 3992 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:35:53.0906 3992 usbhub - ok
15:35:53.0906 3992 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:35:53.0921 3992 usbprint - ok
15:35:53.0921 3992 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:35:53.0921 3992 usbscan - ok
15:35:54.0031 3992 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:35:54.0031 3992 USBSTOR - ok
15:35:54.0078 3992 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:35:54.0078 3992 usbuhci - ok
15:35:54.0140 3992 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:35:54.0140 3992 usbvideo - ok
15:35:54.0203 3992 [ BFA4AE30B3AC10E9223830BF103F5A3F ] vcdrom C:\WINDOWS\system32\drivers\VCdRom.sys
15:35:54.0203 3992 vcdrom - ok
15:35:54.0234 3992 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:35:54.0234 3992 VgaSave - ok
15:35:54.0312 3992 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:35:54.0328 3992 viaagp - ok
15:35:54.0359 3992 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:35:54.0359 3992 ViaIde - ok
15:35:54.0375 3992 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:35:54.0375 3992 VolSnap - ok
15:35:54.0437 3992 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:35:54.0437 3992 VSS - ok
15:35:54.0500 3992 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:35:54.0500 3992 W32Time - ok
15:35:54.0531 3992 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:35:54.0531 3992 Wanarp - ok
15:35:54.0640 3992 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
15:35:54.0656 3992 Wdf01000 - ok
15:35:54.0656 3992 WDICA - ok
15:35:54.0687 3992 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:35:54.0687 3992 wdmaud - ok
15:35:54.0750 3992 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:35:54.0750 3992 WebClient - ok
15:35:54.0937 3992 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:35:54.0937 3992 winmgmt - ok
15:35:55.0031 3992 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:35:55.0031 3992 WmdmPmSN - ok
15:35:55.0093 3992 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:35:55.0093 3992 WmiAcpi - ok
15:35:55.0203 3992 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:35:55.0203 3992 WmiApSrv - ok
15:35:55.0406 3992 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:35:55.0421 3992 WMPNetworkSvc - ok
15:35:55.0453 3992 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:35:55.0468 3992 WpdUsb - ok
15:35:55.0500 3992 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:35:55.0515 3992 WSTCODEC - ok
15:35:55.0609 3992 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:35:55.0609 3992 WudfPf - ok
15:35:55.0656 3992 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:35:55.0656 3992 WudfRd - ok
15:35:55.0734 3992 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:35:55.0781 3992 WudfSvc - ok
15:35:55.0875 3992 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:35:55.0875 3992 WZCSVC - ok
15:35:55.0937 3992 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:35:55.0953 3992 xmlprov - ok
15:35:55.0968 3992 ================ Scan global ===============================
15:35:56.0031 3992 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:35:56.0125 3992 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:35:56.0156 3992 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:35:56.0187 3992 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:35:56.0187 3992 [Global] - ok
15:35:56.0187 3992 ================ Scan MBR ==================================
15:35:56.0250 3992 [ 7C733682F68536C7604CC415181AD466 ] \Device\Harddisk0\DR0
15:36:04.0796 3992 \Device\Harddisk0\DR0 - ok
15:36:04.0796 3992 ================ Scan VBR ==================================
15:36:04.0796 3992 [ 8161A365980F386C4E1850DE0D86A38B ] \Device\Harddisk0\DR0\Partition1
15:36:04.0812 3992 \Device\Harddisk0\DR0\Partition1 - ok
15:36:04.0812 3992 ============================================================
15:36:04.0812 3992 Scan finished
15:36:04.0812 3992 ============================================================
15:36:04.0828 3984 Detected object count: 1
15:36:04.0828 3984 Actual detected object count: 1
15:37:12.0000 3984 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:37:12.0000 3984 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:37:13.0843 2704 Deinitialize success


aswMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 15:48:03
-----------------------------
15:48:03.593 OS Version: Windows 5.1.2600 Service Pack 3
15:48:03.593 Number of processors: 2 586 0x1C02
15:48:03.593 ComputerName: NOTEBOOK UserName:
15:48:04.875 Initialize success
15:50:49.156 AVAST engine defs: 12092200
15:52:21.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:52:21.500 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
15:52:21.562 Disk 0 MBR read successfully
15:52:21.562 Disk 0 MBR scan
15:52:21.640 Disk 0 unknown MBR code
15:52:21.640 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
15:52:21.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146476 MB offset 12595200
15:52:21.671 Disk 0 scanning sectors +312578048
15:52:21.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:52:42.812 Service scanning
15:53:12.015 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:53:19.125 Modules scanning
15:53:43.421 Disk 0 trace - called modules:
15:53:43.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spla.sys >>UNKNOWN [0x86f89938]<<
15:53:43.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86efb030]
15:53:43.515 3 CLASSPNP.SYS[f77bdfd7] -> nt!IofCallDriver -> \Device\00000072[0x86e9c910]
15:53:43.515 5 ACPI.sys[f7629620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86efc030]
15:53:44.234 AVAST engine scan C:\WINDOWS
15:54:01.484 AVAST engine scan C:\WINDOWS\system32
15:54:11.062 File: C:\WINDOWS\system32\calcperf.dll **INFECTED** Win32:Dropper-gen [Drp]
15:58:56.875 AVAST engine scan C:\WINDOWS\system32\drivers
15:59:24.593 AVAST engine scan C:\Documents and Settings\Barrie Kebbell
15:59:28.281 File: C:\Documents and Settings\Barrie Kebbell\Application Data\Avinon\ynav.exe **INFECTED** Win32:Ransom-RO [Trj]
16:03:30.437 File: C:\Documents and Settings\Barrie Kebbell\Local Settings\Temp\~!#1C1.tmp **INFECTED** Win32:LockScreen-IY [Trj]
16:07:09.000 AVAST engine scan C:\Documents and Settings\All Users
16:09:37.437 Scan finished successfully
17:08:38.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Barrie Kebbell\Desktop\Security\MBR.dat"
17:08:38.546 The log file has been saved successfully to "C:\Documents and Settings\Barrie Kebbell\Desktop\Security\aswMBR.txt"

Edited by Shrimpette, 22 September 2012 - 11:29 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 22 September 2012 - 11:22 AM

Please run ESET online scanner in safemode with networking

Update MBAM and run a scan and post the new log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

adware cleaner

Launch it click on Delete

post the generated log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#5 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 22 September 2012 - 01:18 PM

Hi Narenxp

I can't run safe mode with networking (something to do with Mup.sys). I will try it again later just in case it is now working, but in the meantime will run the other scans you have proposed.

MiniToolbox results

MiniToolBox by Farbar Version: 23-07-2012
Ran by Barrie Kebbell (administrator) on 22-09-2012 at 19:13:46
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : notebook

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Kebbell



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

Physical Address. . . . . . . . . : 00-23-5A-65-90-7B



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : Kebbell

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-24-2C-03-5B-D3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.9

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : 22 September 2012 17:22:02

Lease Expires . . . . . . . . . . : 19 January 2038 04:14:07

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 173.194.41.131, 173.194.41.135, 173.194.41.133, 173.194.41.132
173.194.41.130, 173.194.41.128, 173.194.41.136, 173.194.41.134, 173.194.41.137
173.194.41.129, 173.194.41.142



Pinging google.com [74.125.230.103] with 32 bytes of data:



Reply from 74.125.230.103: bytes=32 time=25ms TTL=53

Reply from 74.125.230.103: bytes=32 time=21ms TTL=53



Ping statistics for 74.125.230.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 25ms, Average = 23ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=163ms TTL=46

Reply from 98.138.253.109: bytes=32 time=226ms TTL=46



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 163ms, Maximum = 226ms, Average = 194ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 5a 65 90 7b ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 24 2c 03 5b d3 ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.9 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.9 192.168.2.9 25
192.168.2.9 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.9 192.168.2.9 25
224.0.0.0 240.0.0.0 192.168.2.9 192.168.2.9 25
255.255.255.255 255.255.255.255 192.168.2.9 192.168.2.9 1
255.255.255.255 255.255.255.255 192.168.2.9 2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/21/2012 02:05:01 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/08/2012 10:29:58 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/10/2012 09:44:07 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.1.0.112, faulting module skype.exe, version 5.1.0.112, fault address 0x005ff078.
Processing media-specific event for [skype.exe!ws!]

Error: (07/04/2012 01:11:30 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80244022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/04/2012 01:11:22 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80244022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (05/23/2012 10:15:30 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [iexplore.exe!ws!]

Error: (05/23/2012 00:56:03 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/22/2012 00:25:43 PM) (Source: NTBackup) (User: )
Description: End Operation: Warnings or errors were encountered.

Consult the backup report for more details.

Error: (04/22/2012 00:25:43 PM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: Off

Mode: Append

Type: Normal


Consult the backup report for more details.

Error: (04/19/2012 01:39:41 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (09/22/2012 05:23:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2012 03:48:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2012 03:34:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2012 03:33:16 PM) (Source: 0) (User: )
Description: 0xC000024348351261.sysHarddiskVolume2

Error: (09/22/2012 01:21:01 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/22/2012 01:20:47 PM) (Source: Service Control Manager) (User: )
Description: The Kodak AiO Status Monitor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/22/2012 01:20:41 PM) (Source: Service Control Manager) (User: )
Description: The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/22/2012 01:20:20 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/22/2012 01:19:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/21/2012 06:26:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (12/06/2010 10:33:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 256 seconds with 180 seconds of active time. This session ended with a crash.

Error: (07/12/2010 07:17:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 267 seconds with 180 seconds of active time. This session ended with a crash.

Error: (05/31/2010 01:52:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/31/2010 01:51:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

0557_2011_ATEN_MSUninst
Acer eRecovery Management (Version: 4.00.3002)
Acer Product Registration (Version: 3.0.0.10)
Acer ScreenSaver (Version: 1.01.0110)
Acer VCM (Version: 4.00.3004)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
aioscnnr (Version: 7.3.4.0)
Apple Software Update (Version: 2.1.2.120)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
Bonjour (Version: 2.0.2.0)
Broadcom Driver v4.170.75.0_Foxconn Installation Program (Version: 4.170.75.0)
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 3.17)
center (Version: 6.2.5.0)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dimension (Version: 1.00.0000)
DK3 Drivers v2.4.0.6
Email Updater (Version: 1.0.4)
eSobi v2 (Version: 2.0.3.000223)
essentials (Version: 6.0.14.0)
Express Accounts
Express Invoice
Express Scribe
File Fort
Fire 6.21B (Version: 1.00.0000)
FireCell Configuration Utility Version 1.18 Build 40 (Version: 1.01.28.0)
Fusion Programmer 1.1
GFEConnector v5.0.1
Google Desktop (Version: 5.7.0808.07150)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.0.0.68)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8050.1202)
Kodak AIO Printer (Version: 7.5.0.0)
KODAK AiO Software (Version: 7.5.9.60)
Launch Manager (Version: 2.0.06)
Load4000
Loop Explorer Version 6
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
ocr (Version: 6.2.3.50)
OpenOffice.org 3.3 (Version: 3.3.9567)
PC-Linq
Pixillion Image Converter
PL-2303 USB-to-Serial
PreReq (Version: 6.2.4.0)
Qualcomm Gobi 2000 Package for AD (Version: 1.1.130)
QuickTime (Version: 7.67.75.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5767)
RPS CRT (Version: 8.0.28)
RPS CRT (Version: 9.0.34)
Samsung Kies (Version: 2.1.1.11124_17)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.10 (Version: 5.10.116)
Spell Checker For OE 2.1
STK017_V2.01
SUPERAntiSpyware (Version: 5.0.1150)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
SyncBack
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Vector Multiloop: Version 4.1
Webcam (Version: 1.00.000)
WebFldrs XP (Version: 9.50.7523)
Windows Backfire (Version: 2.0.1.1)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (Version: 02/17/2009 2.04.16)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Format 11 runtime
Windows Media Player 11
XFP Programming Tools 4.7 (Version: 4.7.0)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 1013.88 MB
Available physical RAM: 591.7 MB
Total Pagefile: 2442.02 MB
Available Pagefile: 593.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.34 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:143.04 GB) (Free:115.43 GB) NTFS

========================= Users: ========================================

User accounts for \\NOTEBOOK

Administrator Barrie Kebbell Christina Kebbell
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

#6 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 22 September 2012 - 02:31 PM

Here are the MBAM, adware, FSS, Rkill and Autoruns logs.

Thank you again for your advice!



Malwarebyte log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Barrie Kebbell :: NOTEBOOK [administrator]

22/09/2012 19:20:03
mbam-log-2012-09-22 (19-56-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241211
Time elapsed: 29 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\calcperf.dll (Backdoor.Papras) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Erwacup (Backdoor.Agent) -> Data: "C:\Documents and Settings\Barrie Kebbell\Application Data\Avinon\ynav.exe" -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\calcperf.dll (Backdoor.Papras) -> No action taken.
C:\Documents and Settings\Barrie Kebbell\Application Data\Avinon\ynav.exe (Backdoor.Agent) -> No action taken.

(end)


Adware cleaner

# AdwCleaner v2.002 - Logfile created 09/22/2012 at 20:01:24
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Barrie Kebbell - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Barrie Kebbell\Desktop\Security\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1931 octets] - [22/09/2012 20:01:24]

########## EOF - C:\AdwCleaner[S1].txt - [1991 octets] ##########

FSS log

Farbar Service Scanner Version: 19-09-2012
Ran by Barrie Kebbell (administrator) on 22-09-2012 at 20:17:48
Running from "C:\Documents and Settings\Barrie Kebbell\Desktop\Security"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

RKill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2012 08:19:04 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/22/2012 08:20:34 PM
Execution time: 0 hours(s), 1 minute(s), and 29 seconds(s)

Autoruns log

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "EKStatusMonitor" "Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)" "Eastman Kodak Company" "c:\program files\kodak\aio\statusmonitor\ekstatusmonitor.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "ortmiz" "Uninstall Utility" "Alps Electric Co., Ltd." "c:\documents and settings\barrie kebbell\application data\ortmiz.dll"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Erwacup" "" "" "File not found: C:\Documents and Settings\Barrie Kebbell\Application Data\Avinon\ynav.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "skype-ie-addon-data" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Skype Plug-In" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "expressinvoiceSevenDaysInit.job" "Express Invoice" "NCH Software" "c:\program files\nch software\expressinvoice\expressinvoice.exe"
+ "expressinvoiceShakeIcon.job" "Express Invoice" "NCH Software" "c:\program files\nch software\expressinvoice\expressinvoice.exe"
+ "pixillionShakeIcon.job" "Pixillion Image Converter" "NCH Software" "c:\program files\nch software\pixillion\pixillion.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "Kodak AiO Network Discovery Service" "Kodak mDNS Network Discovery Service" "Eastman Kodak Company" "c:\program files\kodak\aio\center\ekaiohostservice.exe"
+ "Kodak AiO Status Monitor Service" "Kodak Status Monitor SDK Service" "Eastman Kodak Company" "c:\program files\kodak\aio\statusmonitor\ekprintersdk.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "QDLService2kAD" "QDLService2k" "QUALCOMM, Inc." "c:\program files\qualcomm\qdlservice2k\qdlservice2kad.exe"
+ "RS_Service" "Acer VCM Raw Socket Service" "Acer Incorporated" "c:\program files\acer\acer vcm\rs_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AR5416" "Driver for Atheros AR5008 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athw.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "cpudrv" "" "" "File not found: C:\Program Files\SystemRequirementsLab\cpudrv.sys"
+ "cyevsbth" "" "" "File not found: C:\WINDOWS\system32\drivers\cyevsbth.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "dgderdrv" "Device Error Recovery SDK(x86)" "Devguru Co., Ltd" "c:\windows\system32\drivers\dgderdrv.sys"
+ "dk3drv" "DK3DRV" "Data Encryption Systems Limited" "c:\windows\system32\drivers\dk3drv.sys"
+ "DKbFltr" "Dritek PS2 Keyboard Filter Driver" "Dritek System Inc." "c:\windows\system32\drivers\dkbfltr.sys"
+ "DritekPortIO" "General Port I/O" "Dritek System Inc." "c:\program files\launch manager\dportio.sys"
+ "FTDIBUS" "FTDIBUS USB Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftdibus.sys"
+ "FTSER2K" "FTDIBUS Serial Device Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftser2k.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "int15.sys" "" "" "File not found: c:\acernb\int15.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "L1e" "Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1e51x86.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "M3000Srv" "Universal Serial Bus Camera Driver" "" "c:\windows\system32\drivers\m3000knt.sys"
+ "MpKslcba0192d" "" "" "File not found: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98BABDC2-C96D-4B91-9F57-1DAAE7026B96}\MpKslcba0192d.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Profos" "" "" "File not found: C:\Program Files\Virgin Media\Security\BitDefender\profos.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RTS5121.sys"
+ "Rts516xIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Ser2pl" "USB-to-Serial Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\ser2pl.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "StarOpen" "" "" "File not found: C:\WINDOWS\System32\Drivers\StarOpen.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "Trufos" "" "" "File not found: C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\Rts5161ccid.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "SENTINEL" "Sentinel Driver Setup DLL" "Rainbow Technologies, Inc." "c:\windows\system32\snti386.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Acer Siren Decoding Filter" "Acer Siren Audio Decoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acersirendec.dll"
+ "Acer SirenEncoding Filter" "Acer Siren Audio Encoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acersirenenc.dll"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "EXP WMV9 Encoding Filter" "Acer WMV9 Encoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acerwmv9enc.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MACSReaderMP3 Filter" "MACSReaderMP3 Filter" "" "c:\program files\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "MainConcept AAC Decoder" "AAC audio decoder filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_aac_ds.ax"
+ "MainConcept AMR Decoder" "AMR Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_amr_ds.ax"
+ "MainConcept Audio Converter" "Audio Converter DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_audio_converter_ds.ax"
+ "MainConcept Audio Resampler" "Audio Resampler Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_audio_samplerate_ds.ax"
+ "MainConcept AVC/H.264 Video Decoder" "AVC/H.264 Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_avc_ds.ax"
+ "MainConcept Color Space Converter" "Color Space Converter DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_colorspace_ds.ax"
+ "MainConcept Frame Rate Converter" "Frame Rate Converter DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_framerate_ds.ax"
+ "MainConcept ImageScaler" "ImageScaler DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_imagescaler_ds.ax"
+ "MainConcept Layer II Audio Decoder" "Layer II Audio Decoder" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mpa_ds.ax"
+ "MainConcept MP4 Demultiplexer" "MP4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp4_ds.ax"
+ "MainConcept MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax"
+ "MainConcept MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mp2v_ds.ax"
+ "MainConcept MPEG-4 Video Decoder" "MPEG-4 Video Decoder Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mp4v_ds.ax"
+ "MainConcept Sink Filter" "Sink DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_render_fileindex_ds.ax"
+ "MainConcept Stream Parser" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MusicCity MPEG Splitter" "PCube MPEG Splitter Filter" "© MusicCity" "c:\windows\system32\muzmpgsp.ax"
+ "MusicCity OGG Splitter" "OGG Splitter" "© PeeringPortal" "c:\windows\system32\muzoggsp.ax"
+ "NEDFilter4Samsung Filter" "MACSReaderMP3 Filter" "L544™ Technology" "c:\program files\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "P3Audio" "PCube Audio Decoder Filter" "© MusicCity" "c:\windows\system32\muzdecode.ax"
+ "P3AudioEffect" "P3AudioEffect Filter" "© MUSICCITY" "c:\windows\system32\muzeffect.ax"
+ "P3MP4Splitter" "P3MP4Splitter Filter" "© MusicCity" "c:\windows\system32\muzmp4sp.ax"
+ "P3Sourcer" "AOD Sourcer Filter" "Musiccity Co.Ltd." "c:\windows\system32\muzaf1.dll"
+ "P3WMTSplitter" "P3WMTSplitter Filter" " © MusicCity" "c:\windows\system32\muzwmts.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SelfMusicVideo Dump Filter" "SelfMusicVideo Dump Filter (DShow)" "ENJsoft Corporation" "c:\program files\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SpatialStereo Filter" "" "" "c:\windows\system32\3daudio.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "KODAK All-in-One Printer" "Language Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build)" "Eastman Kodak Company" "c:\windows\system32\ekaio2mon.dll"
+ "Lexmark Network Port" "LEXLMPM DLL" "Lexmark International, Inc." "c:\windows\system32\lexlmpm.dll"
+ "X5100 Series Port" "Printer Communication System" " " "c:\windows\system32\lxbalmpm.dll"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 22 September 2012 - 02:37 PM

Please run malwarebytes again and post the clean log

Do you mean that you're not able to boot into safemode?

#8 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 23 September 2012 - 04:59 AM

Hi

No I can't boot into safe mode - it hangs at Mup.sys? It is running Xp home edition (SP3) and has done this for a long time (since the first time I ever tried to boot it into safe mode). Have run another MBAM scan - results below. Thank you so much for replying.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Barrie Kebbell :: NOTEBOOK [administrator]

23/09/2012 10:20:13
mbam-log-2012-09-23 (10-20-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241322
Time elapsed: 31 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 23 September 2012 - 06:31 AM

Were you able to run ESET scanner?

Please run ASWMBR again and post the new log

Download

Safeboot repair

Run it,after it gets finished,try to boot into safemode

Edited by narenxp, 23 September 2012 - 06:32 AM.


#10 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 23 September 2012 - 10:04 AM

Hi

Yes, I was able to run ESET - it found 6 threats and deteled them, but I am not sure where the log is kept?

Results of the aswMBR are posted below. Shall I click on FixMBR now it has finished?

I will now download safeboot repair and see if I can boot into safeboot - if I can, should I run another scan in safeboot mode?

Thanks ever so much for you help this weekend!


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 15:16:10
-----------------------------
15:16:10.421 OS Version: Windows 5.1.2600 Service Pack 3
15:16:10.421 Number of processors: 2 586 0x1C02
15:16:10.421 ComputerName: NOTEBOOK UserName:
15:16:13.062 Initialize success
15:16:42.750 AVAST engine defs: 12092200
15:25:56.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:25:56.500 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
15:25:56.562 Disk 0 MBR read successfully
15:25:56.562 Disk 0 MBR scan
15:25:56.640 Disk 0 unknown MBR code
15:25:56.640 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
15:25:56.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146476 MB offset 12595200
15:25:56.671 Disk 0 scanning sectors +312578048
15:25:56.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:26:18.843 Service scanning
15:26:45.812 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:26:52.546 Modules scanning
15:27:03.265 Disk 0 trace - called modules:
15:27:03.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys sphz.sys >>UNKNOWN [0x86f89938]<<
15:27:03.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f34030]
15:27:03.312 3 CLASSPNP.SYS[f77bdfd7] -> nt!IofCallDriver -> \Device\00000071[0x86f37910]
15:27:03.328 5 ACPI.sys[f7629620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8694f030]
15:27:04.156 AVAST engine scan C:\WINDOWS
15:27:20.015 AVAST engine scan C:\WINDOWS\system32
15:32:10.437 AVAST engine scan C:\WINDOWS\system32\drivers
15:32:35.718 AVAST engine scan C:\Documents and Settings\Barrie Kebbell
15:40:03.484 AVAST engine scan C:\Documents and Settings\All Users
15:42:08.406 Scan finished successfully
16:03:06.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Barrie Kebbell\Desktop\Security\MBR.dat"
16:03:06.062 The log file has been saved successfully to "C:\Documents and Settings\Barrie Kebbell\Desktop\Security\aswMBR2.txt"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 23 September 2012 - 10:05 AM

Do not click on FIXMBR

Let me know if you're able to boot into safemode

#12 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 23 September 2012 - 10:40 AM

Woohoo! It has booted into safemode with networking!

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 23 September 2012 - 10:56 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 Shrimpette

Shrimpette
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 23 September 2012 - 12:34 PM

Thank you so much for all your help this weekend! It is very much appreciated although I am sure you must hear that from everyone.

The Web is a better place with you watching over it ;)

xx

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:19 AM

Posted 23 September 2012 - 12:35 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users