Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search not working


  • This topic is locked This topic is locked
21 replies to this topic

#1 cid19

cid19

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 October 2012 - 01:54 AM

Heloo!
This problem started some time ago. I did not pay any attention to it cause it did not bothered me. At first google would not open in my internet explorer browser, but it worked in firefox, now it fails in firefox too -- i get the message "conection time out". Other search engines work fine(yahoo search, bing) .I ran a scan and clean with nod32 online , 4 threats found:
C:\Documents and Settings\doctor\Local Settings\Temp\DAT36.tmp.exe a variant of Win32/Kryptik.AFLE trojan cleaned by deleting (after the next restart)
C:\Program Files\Quantum Resonance Magnetic Analyzer\Electret.ace a variant of Win32/Packed.NoobyProtect.J application deleted - quarantined
D:\cristi\DOCTORAT\ChiSquare.exe\cnet_ChiSquare_exe_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\cristi\downloads\Setup_FreeAVCHDConverter.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
Operating memory multiple threats

After this google worked ONCE, then the problem started again, not always. So i think it got reinfected instantly.
and today a scan with malawarebytes:
Files Detected: 1
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

PS: i also have a problem with my unicode system not working on this computer*(registry mechanic has done it) but for a long time, way before google problem.

Thank you!

BC AdBot (Login to Remove)

 


#2 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 October 2012 - 02:10 AM

i forgot. Yestrday, before the nod scan ,when i tried to create an account at bleeping computer forum i could not get the reCaptcha image or something like that, the antispam thing at the bottom at the page so i could not create an account. I do not know if had smth to do with the infection,but today it worked so it got me thinking. Also today when i tried to validate i got messages of it not working,evan with validation key .But i could log in ,so i think it activated some way...

Edited by cid19, 17 October 2012 - 02:11 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 17 October 2012 - 08:40 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 October 2012 - 01:50 PM

Greetings and thank you for your answer!

step 1: deffoger done.

At scaning the "securitycheck" downloaded file i found problems:

[ClamAV] PUA.Win32.Packer.WinrarSfx

[CPsecure]
2012-10-17 Troj.Downloader.W32.Aphex.020

I installed it ,regardless that scan. Any problems?

step 2:
checkup.txt:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
v
i
r
a
ECHO is off.
D
e
s
k
t
o
p
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware versiunea 1.65.0.1400
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
All Users Application Data Mobile Partner OnlineUpdate\ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

step 3:
at scaning the dds file from location 1, this problem:
[ClamAV] 2012-10-17 PUA.Win32.Packer.Upx-53

ran it logs:

dds.txt:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by doctor at 21:37:16 on 2012-10-16
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.894.303 [GMT 3:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Orange\InternetEverywhere\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\InternetEverywhere\systray\systrayapp.exe
C:\Program Files\Orange\InternetEverywhere\connectivity\connectivitymanager.exe
C:\Program Files\Orange\InternetEverywhere\PhoneTools\TextMessaging.exe
C:\Program Files\Orange\InternetEverywhere\Deskboard\deskboard.exe
C:\Program Files\Orange\InternetEverywhere\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ro/
uSearch Bar = hxxp://www.google.ro
uSearch Page = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [CardDetectorZTEMF636] c:\program files\carddetector\ztemf636\CardDetector.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport în Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340865440265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340865420937
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{BC6C1DD5-E8E4-42A4-A74E-7A0C10C1BA32} : NameServer = 93.122.135.199 62.217.213.71
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doctor\application data\mozilla\firefox\profiles\73c07owe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-09-05 08:17; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-08-15 19:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-14 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-14 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-14 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-2-14 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-14 83392]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-6-6 73984]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2011-1-10 103936]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-20 136176]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-6-6 655712]
S2 shuwedcqvuvsr;shuwedcqvuvsr;"c:\docume~1\doctor\locals~1\temp\dat36.tmp.exe" --service --> c:\docume~1\doctor\locals~1\temp\DAT36.tmp.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-26 250808]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-6-6 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-6-6 11136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-20 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-6-6 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2012-6-6 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-6-6 26624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 113120]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-2-22 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-2-22 5248]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2012-10-15 14:15:04 -------- d-----w- c:\program files\SpywareBlaster
2012-10-11 20:48:13 -------- d-----w- C:\carti stoma
.
==================== Find3M ====================
.
2012-10-15 12:01:37 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-15 12:01:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 14:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-05-24 10:59:30 162304 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 21:38:20,04 ===============


attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22.02.2008 08:41:23
System Uptime: 16.10.2012 21:19:55 (0 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: Mobile AMD Sempron™ Processor 3500+ | Socket M2/S1G1 | 1579/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 20 GiB total, 4,867 GiB free.
D: is FIXED (NTFS) - 55 GiB total, 3,159 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0002
Service: d347bus
.
==== System Restore Points ===================
.
RP333: 18.07.2012 09:17:21 - System Checkpoint
RP334: 25.07.2012 16:34:11 - System Checkpoint
RP335: 29.07.2012 22:02:02 - System Checkpoint
RP336: 31.07.2012 21:41:27 - System Checkpoint
RP337: 04.08.2012 21:26:46 - System Checkpoint
RP338: 12.08.2012 12:48:37 - System Checkpoint
RP339: 26.08.2012 10:27:17 - System Checkpoint
RP340: 05.09.2012 19:11:50 - System Checkpoint
RP341: 08.09.2012 08:51:00 - System Checkpoint
RP342: 09.09.2012 19:41:40 - System Checkpoint
RP343: 30.09.2012 21:22:27 - System Checkpoint
RP344: 04.10.2012 14:56:33 - System Checkpoint
RP345: 10.10.2012 15:39:57 - System Checkpoint
RP346: 11.10.2012 19:31:55 - System Checkpoint
RP347: 12.10.2012 22:35:48 - System Checkpoint
RP348: 14.10.2012 13:06:55 - System Checkpoint
RP349: 15.10.2012 14:36:47 - System Checkpoint
.
==== Installed Programs ======================
.
1.0.1.16
1ClickDownloader
3GP Player 2007
4U M2TS Converter (version 1.6.9)
ACDSee 7.0 PowerPack
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD Processor Driver
Apple Application Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
µTorrent
Avira Free Antivirus
BitComet 1.14
Broadcom 440x 10/100 Integrated Controller
BSPlayer
Calculator Prompter 2.7
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Card Detector for ZTE MF636
Character (Letter) Frequency Count Software
CHINESE MERIDIAN HEALTH ANALYSIS SYSTEM 2010.1.18
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
CutMaster 2D Professional 1.3.3.1
DAEMON Tools Lite
Declaratii fiscale 2010
Declaratii fiscale 2011
Dell Resource CD
Dell Wireless WLAN Card
Dezinstalare Internet Everywhere
Docs
doPDF 7.2 printer
Emicsoft M2TS Converter
eMusic - 100 Free MP3 offer
Epi Info
Evaluarea Starii de Sanatate a Populatiei - iulie 2007
Excel Convert Files From English To Romanian and Romanian To English Software
Extended Language Support Fonts Package
Extract Data & Text From Multiple Text Files Software
Extract or Remove Text Between Any Two Fields (Tags) Software
Free HD Converter V 2.0
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 8.8.0 (Full)
Malwarebytes Anti-Malware versiunea 1.65.0.1400
Marsu-Fix
Mendeley Desktop 1.5.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft XML Parser and SDK
Mobile Partner
Modem Helper
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
Notepad++
Quantum Bio-Electric Body Analyzer 1.9.9
Quantum Resonance Magnetic Analyzer 2.6.8
QuickSet
QuickTime
Railroad Tycoon II - Platinum
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Registry Mechanic 8.0
Revo Uninstaller 1.85
ScanSoft PaperPort 10
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype Click to Call
Skype™ 5.5
SopCast 3.2.4
SopCast Tv Plugin 5.4 Setup
SPSS Statistics 17.0
SpywareBlaster 4.6
Startup Manager 2.4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
VLC media player 1.1.11
WebFldrs XP
WinAce Archiver
Winamp
Winamp Detector Plug-in
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
Xerox WorkCentre 3119 Series Driver Uninstall
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
16.10.2012 11:11:40, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
15.10.2012 18:05:03, error: ati2mtag [43029] - Display is not active
15.10.2012 14:59:47, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
15.10.2012 14:59:47, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
13.10.2012 19:38:04, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
12.10.2012 00:44:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the shuwedcqvuvsr service to connect.
12.10.2012 00:44:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Mobile Partner. OUC service to connect.
12.10.2012 00:44:52, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
12.10.2012 00:44:52, error: Service Control Manager [7000] - The Mobile Partner. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12.10.2012 00:44:52, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
10.10.2012 16:07:39, error: ati2mtag [43015] - I2c return failed
10.10.2012 15:33:04, error: ati2mtag [43016] - Not an EDID device
09.10.2012 12:58:39, error: W32Time [34] - The time service has detected that the system time needs to be changed by +86479 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|5.13.214.144:123->65.55.21.21:123) is working properly.
09.10.2012 12:57:14, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

last thing i got at a google search:
about this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests,
and not a robot. Why did this happen? This page appears when Google automatically detects requests coming from your computer network
which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime,
solving the above CAPTCHA will let you continue to use our services. This traffic may have been sent by malicious software, a browser plug-in,
or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer
using the same IP address may be responsible. Learn more Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that
robots are known to use, or sending requests very quickly.

Does this have anything to do with my problem?

Thank you!
Dan

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 17 October 2012 - 02:43 PM

Hello Dan



These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 18 October 2012 - 03:22 PM

Hello Gringo


step 1:

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware versiunea 1.65.0.1400
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
All Users Application Data Mobile Partner OnlineUpdate\ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

step 2 :
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 22:24:49
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : doctor - PRIVAT-91W0E6G9
# Boot Mode : Normal
# Running from : D:\cristi\downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\doctor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\doctor\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\doctor\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\Software\OpenCandy
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default [Profil par défaut]
File : C:\Documents and Settings\doctor\Application Data\Mozilla\Firefox\Profiles\73c07owe.default\prefs.js

C:\Documents and Settings\doctor\Application Data\Mozilla\Firefox\Profiles\73c07owe.default\user.js ... Deleted !

Deleted : user_pref("extensions.asktb.cbid", "PV");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1263401556341");
Deleted : user_pref("extensions.asktb.locale", "en_EU");
Deleted : user_pref("extensions.asktb.o", "15000");
Deleted : user_pref("extensions.asktb.options-lang", "en");
Deleted : user_pref("extensions.asktb.options-locale", "UK");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "6");

Profile name : User0 [Profil par défaut]
File : C:\Documents and Settings\doctor\Application Data\Mozilla\Firefox\Profiles\73c07owe.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\doctor\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5786 octets] - [17/10/2012 22:24:49]

########## EOF - C:\AdwCleaner[S1].txt - [5846 octets] ##########

step 3:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : doctor [Admin rights]
Mode : Scan -- Date : 10/17/2012 22:38:31

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xF7C9228C)
SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xF7C92246)
SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xF7C92296)
SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xF7C9223C)
SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xF7C9224B)
SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xF7C92255)
SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xF7C92287)
SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xF7C9225A)
SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xF7C92228)
SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xF7C9222D)
SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xF7C922AF)
SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xF7C92264)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xF7C922A0)
SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xF7C9225F)
SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xF7C9229B)
SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xF7C922A5)
SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xF7C92250)
SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xF7C922AA)
SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xF7C92237)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C922BE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C922C3)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF73AD852)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX +++++
--- User ---
[MBR] f02c376f9c327fc02ed64e6670bc1573
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 56305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : doctor [Admin rights]
Mode : Remove -- Date : 10/17/2012 22:39:46

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xF7C9228C)
SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xF7C92246)
SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xF7C92296)
SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xF7C9223C)
SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xF7C9224B)
SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xF7C92255)
SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xF7C92287)
SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xF7C9225A)
SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xF7C92228)
SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xF7C9222D)
SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xF7C922AF)
SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xF7C92264)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xF7C922A0)
SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xF7C9225F)
SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xF7C9229B)
SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xF7C922A5)
SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xF7C92250)
SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xF7C922AA)
SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xF7C92237)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C922BE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C922C3)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF73AD852)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX +++++
--- User ---
[MBR] f02c376f9c327fc02ed64e6670bc1573
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 56305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

adwcleaner
I would appreciate an answer regarding the scans of the indicated files/programs for download, as being infected :

[ClamAV] 2012-10-18 PUA.Win32.Packer.Upx-53
[Sophos] 2012-10-18 Mal/Generic-L
[VirusBlokAda VBA32] 2012-10-18 Trojan-Downloader.Autoit.gen

I would appreciate an answer about why the scans i performed for security check and adwcleaner look like having some threats? Are they real or fake alarms
from those antivirus ?

I will be out of town for the next 2 days and i am not sure about my internet conection there, so i may be answering a little late.
I am not sure ,but i just wanted to let you know if that will be the case.

Thank you!
Dan

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 October 2012 - 06:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 20 October 2012 - 11:47 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 22 October 2012 - 01:57 PM

Hello,
Sorry about the delay .I metioned about it in my last post.
Done.

ComboFix 12-10-22.02 - doctor 21.10.2012 21:28:11.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.894.381 [GMT 3:00]
Running from: d:\cristi\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\videosoft
c:\program files\videosoft\Shared Files\ViewRep7.dll
c:\program files\videosoft\Shared Files\Vsflex7.ocx
c:\program files\videosoft\Shared Files\VSPRINT7.ocx
c:\program files\videosoft\Shared Files\VSStr7.ocx
c:\windows\daemon.dll
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\system\msvbvm60.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\Uninstall-TvPlugin-5.4
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-15 14:15 . 2012-10-15 14:16 -------- d-----w- c:\program files\SpywareBlaster
2012-10-11 20:48 . 2012-10-11 21:18 -------- d-----w- C:\carti stoma
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 12:01 . 2012-05-26 07:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 12:01 . 2011-08-17 06:33 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 14:04 . 2010-01-16 15:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-05-24 10:59 . 2011-12-07 07:16 162304 ----a-w- c:\program files\UNWISE.EXE
2012-08-16 20:52 . 2012-03-19 07:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-16 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"CardDetectorZTEMF636"="c:\program files\CardDetector\ZTEMF636\CardDetector.exe" [2009-07-01 274432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-05 348664]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-05 296096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orange\\InternetEverywhere\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\downloads\\Heroes of Might and Magic III Complete\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23342:TCP"= 23342:TCP:BitComet 23342 TCP
"23342:UDP"= 23342:UDP:BitComet 23342 UDP
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.02.2012 18:42 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.02.2012 18:42 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [14.02.2012 18:42 465360]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [06.06.2012 12:17 73984]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2011 21:51 136176]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.03.2011 18:27 271712]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [06.06.2012 12:16 655712]
S2 shuwedcqvuvsr;shuwedcqvuvsr;"c:\docume~1\doctor\LOCALS~1\Temp\DAT36.tmp.exe" --SERVICE --> c:\docume~1\doctor\LOCALS~1\Temp\DAT36.tmp.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26.05.2012 10:35 250808]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [06.06.2012 12:17 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [06.06.2012 12:17 11136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2011 21:51 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [06.06.2012 12:17 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [06.06.2012 12:17 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [06.06.2012 12:17 26624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10.05.2012 21:19 113120]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [10.01.2011 20:18 103936]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22.02.2008 10:59 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22.02.2008 10:59 5248]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 12:01]
.
2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:51]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:51]
.
2012-10-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-842925246-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 11:27]
.
2012-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-842925246-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 11:27]
.
2012-10-21 c:\windows\Tasks\User_Feed_Synchronization-{63C7281A-E80F-42F8-90EA-CE7F6F61CB4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.ro
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport în Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\doctor\Application Data\Mozilla\Firefox\Profiles\73c07owe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - ExtSQL: 2012-09-05 08:17; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-08-15 19:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0673bfca-32d4-4044-bf4c-c8f619e07321}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011c
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6b,89,e9,09,6f,ad,8c,9d,09,37,98,5a,e8,33,e3,c4,e5,b8,ee,aa,f5,bc,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,4f,bd,ce,38,3b,c9,c1,46,88,0b,14,89,80,b1,7d,18,d6,5c,d5,5b,
93,d0,c6,db,30,9f,09,84,86,81,af,7e,4a,07,01,82,c1,7d,79,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2012-10-21 21:44:16
ComboFix-quarantined-files.txt 2012-10-21 18:44
.
Pre-Run: 5.058.916.352 bytes free
Post-Run: 5.197.869.056 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 200CAF86B413C53B3263543FEDE4ECB9


No problems during scan.

Still problems with google search. i got the message with unusual traffic and a request to enter a code in order to proceed.
Or error 404(not found)on chrome and internet explorer. and in firefox it does nothing : i try searching but page remains the same with "done"
message on the left bottom of the page.

Thank you,
Dan

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 22 October 2012 - 04:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 23 October 2012 - 11:06 AM

Hello,
Here are the logs:

step1:

18:29:05.0734 1476 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:29:05.0984 1476 ============================================================
18:29:05.0984 1476 Current date / time: 2012/10/22 18:29:05.0984
18:29:05.0984 1476 SystemInfo:
18:29:05.0984 1476
18:29:05.0984 1476 OS Version: 5.1.2600 ServicePack: 3.0
18:29:05.0984 1476 Product type: Workstation
18:29:05.0984 1476 ComputerName: PRIVAT-91W0E6G9
18:29:05.0984 1476 UserName: doctor
18:29:05.0984 1476 Windows directory: C:\WINDOWS
18:29:05.0984 1476 System windows directory: C:\WINDOWS
18:29:05.0984 1476 Processor architecture: Intel x86
18:29:05.0984 1476 Number of processors: 1
18:29:05.0984 1476 Page size: 0x1000
18:29:05.0984 1476 Boot type: Normal boot
18:29:05.0984 1476 ============================================================
18:29:08.0062 1476 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:29:08.0062 1476 ============================================================
18:29:08.0062 1476 \Device\Harddisk0\DR0:
18:29:08.0062 1476 MBR partitions:
18:29:08.0062 1476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
18:29:08.0078 1476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x6DF8F4B
18:29:08.0078 1476 ============================================================
18:29:08.0109 1476 C: <-> \Device\Harddisk0\DR0\Partition1
18:29:08.0171 1476 D: <-> \Device\Harddisk0\DR0\Partition2
18:29:08.0187 1476 ============================================================
18:29:08.0187 1476 Initialize success
18:29:08.0187 1476 ============================================================
18:29:10.0593 1044 ============================================================
18:29:10.0593 1044 Scan started
18:29:10.0593 1044 Mode: Manual;
18:29:10.0593 1044 ============================================================
18:29:11.0593 1044 ================ Scan system memory ========================
18:29:11.0609 1044 System memory - ok
18:29:11.0609 1044 ================ Scan services =============================
18:29:11.0750 1044 Abiosdsk - ok
18:29:11.0781 1044 abp480n5 - ok
18:29:11.0828 1044 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:29:11.0859 1044 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
18:29:11.0859 1044 ACPI ( Virus.Win32.Rloader.a ) - infected
18:29:11.0859 1044 ACPI - detected Virus.Win32.Rloader.a (0)
18:29:11.0906 1044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:29:11.0937 1044 ACPIEC - ok
18:29:12.0046 1044 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:12.0093 1044 AdobeFlashPlayerUpdateSvc - ok
18:29:12.0109 1044 adpu160m - ok
18:29:12.0171 1044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:29:12.0281 1044 aec - ok
18:29:12.0453 1044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:29:12.0468 1044 AFD - ok
18:29:12.0468 1044 Aha154x - ok
18:29:12.0484 1044 aic78u2 - ok
18:29:12.0484 1044 aic78xx - ok
18:29:12.0531 1044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:29:12.0546 1044 Alerter - ok
18:29:12.0562 1044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:29:12.0578 1044 ALG - ok
18:29:12.0578 1044 AliIde - ok
18:29:12.0609 1044 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:29:12.0609 1044 AmdK8 - ok
18:29:12.0625 1044 amsint - ok
18:29:12.0718 1044 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:29:12.0734 1044 AntiVirSchedulerService - ok
18:29:12.0781 1044 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:29:12.0796 1044 AntiVirService - ok
18:29:12.0843 1044 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:29:12.0875 1044 AntiVirWebService - ok
18:29:12.0921 1044 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:29:12.0921 1044 APPDRV - ok
18:29:12.0968 1044 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:29:13.0000 1044 AppMgmt - ok
18:29:13.0000 1044 asc - ok
18:29:13.0015 1044 asc3350p - ok
18:29:13.0015 1044 asc3550 - ok
18:29:13.0093 1044 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:29:13.0109 1044 aspnet_state - ok
18:29:13.0140 1044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:29:13.0156 1044 AsyncMac - ok
18:29:13.0171 1044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:29:13.0171 1044 atapi - ok
18:29:13.0171 1044 Atdisk - ok
18:29:13.0218 1044 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
18:29:13.0250 1044 Ati HotKey Poller - ok
18:29:13.0343 1044 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:29:13.0375 1044 ati2mtag - ok
18:29:13.0406 1044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:29:13.0421 1044 Atmarpc - ok
18:29:13.0468 1044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:29:13.0468 1044 AudioSrv - ok
18:29:13.0500 1044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:29:13.0500 1044 audstub - ok
18:29:13.0546 1044 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:29:13.0546 1044 avgntflt - ok
18:29:13.0578 1044 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:29:13.0593 1044 avipbb - ok
18:29:13.0609 1044 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:29:13.0609 1044 avkmgr - ok
18:29:13.0671 1044 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:29:13.0687 1044 BCM43XX - ok
18:29:13.0703 1044 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:29:13.0703 1044 bcm4sbxp - ok
18:29:13.0750 1044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:29:13.0750 1044 Beep - ok
18:29:13.0812 1044 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:29:13.0875 1044 BITS - ok
18:29:13.0921 1044 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:29:13.0937 1044 Browser - ok
18:29:14.0000 1044 catchme - ok
18:29:14.0062 1044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:29:14.0062 1044 cbidf2k - ok
18:29:14.0093 1044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:29:14.0109 1044 CCDECODE - ok
18:29:14.0109 1044 cd20xrnt - ok
18:29:14.0156 1044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:29:14.0156 1044 Cdaudio - ok
18:29:14.0187 1044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:29:14.0203 1044 Cdfs - ok
18:29:14.0218 1044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:29:14.0234 1044 Cdrom - ok
18:29:14.0250 1044 Changer - ok
18:29:14.0281 1044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
18:29:14.0281 1044 cisvc - ok
18:29:14.0296 1044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:29:14.0312 1044 ClipSrv - ok
18:29:14.0343 1044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:14.0375 1044 clr_optimization_v2.0.50727_32 - ok
18:29:14.0390 1044 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:29:14.0390 1044 CmBatt - ok
18:29:14.0406 1044 CmdIde - ok
18:29:14.0421 1044 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:29:14.0421 1044 Compbatt - ok
18:29:14.0437 1044 COMSysApp - ok
18:29:14.0453 1044 Cpqarray - ok
18:29:14.0468 1044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:29:14.0484 1044 CryptSvc - ok
18:29:14.0515 1044 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\System32\DRIVERS\d347bus.sys
18:29:14.0531 1044 d347bus - ok
18:29:14.0546 1044 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\System32\Drivers\d347prt.sys
18:29:14.0546 1044 d347prt - ok
18:29:14.0562 1044 dac2w2k - ok
18:29:14.0562 1044 dac960nt - ok
18:29:14.0609 1044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:29:14.0625 1044 DcomLaunch - ok
18:29:14.0656 1044 [ 1EC27A51A2F9DF052BC2B4C8376C8FEA ] DgiVecp C:\WINDOWS\System32\Drivers\DgiVecp.sys
18:29:14.0656 1044 DgiVecp - ok
18:29:14.0687 1044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:29:14.0703 1044 Dhcp - ok
18:29:14.0734 1044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:29:14.0734 1044 Disk - ok
18:29:14.0750 1044 dmadmin - ok
18:29:14.0812 1044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:29:14.0828 1044 dmboot - ok
18:29:14.0859 1044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:29:14.0875 1044 dmio - ok
18:29:14.0906 1044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:29:14.0921 1044 dmload - ok
18:29:14.0953 1044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:29:14.0968 1044 dmserver - ok
18:29:15.0031 1044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:29:15.0046 1044 DMusic - ok
18:29:15.0078 1044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:29:15.0093 1044 Dnscache - ok
18:29:15.0140 1044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:29:15.0156 1044 Dot3svc - ok
18:29:15.0156 1044 dpti2o - ok
18:29:15.0187 1044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:29:15.0187 1044 drmkaud - ok
18:29:15.0203 1044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:29:15.0218 1044 EapHost - ok
18:29:15.0234 1044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:29:15.0250 1044 ERSvc - ok
18:29:15.0281 1044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:29:15.0296 1044 Eventlog - ok
18:29:15.0328 1044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:29:15.0359 1044 EventSystem - ok
18:29:15.0406 1044 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
18:29:15.0421 1044 ew_hwusbdev - ok
18:29:15.0437 1044 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
18:29:15.0437 1044 ew_usbenumfilter - ok
18:29:15.0484 1044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:29:15.0500 1044 Fastfat - ok
18:29:15.0562 1044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:29:15.0578 1044 FastUserSwitchingCompatibility - ok
18:29:15.0593 1044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:29:15.0593 1044 Fdc - ok
18:29:15.0609 1044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:29:15.0625 1044 Fips - ok
18:29:15.0640 1044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:29:15.0640 1044 Flpydisk - ok
18:29:15.0687 1044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:29:15.0687 1044 FltMgr - ok
18:29:15.0765 1044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:15.0765 1044 FontCache3.0.0.0 - ok
18:29:15.0796 1044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:29:15.0796 1044 Fs_Rec - ok
18:29:15.0828 1044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:29:15.0843 1044 Ftdisk - ok
18:29:15.0890 1044 [ 597988627ADB4AD1372EACF75EA30650 ] FTRTSVC C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
18:29:15.0906 1044 FTRTSVC - ok
18:29:15.0937 1044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:29:15.0953 1044 Gpc - ok
18:29:16.0015 1044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:16.0031 1044 gupdate - ok
18:29:16.0062 1044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:16.0062 1044 gupdatem - ok
18:29:16.0109 1044 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:29:16.0109 1044 HDAudBus - ok
18:29:16.0171 1044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:29:16.0171 1044 helpsvc - ok
18:29:16.0187 1044 HidServ - ok
18:29:16.0234 1044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:29:16.0234 1044 HidUsb - ok
18:29:16.0265 1044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:29:16.0281 1044 hkmsvc - ok
18:29:16.0296 1044 hpn - ok
18:29:16.0296 1044 hpt3xx - ok
18:29:16.0375 1044 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:29:16.0406 1044 HSF_DPV - ok
18:29:16.0453 1044 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:29:16.0468 1044 HSXHWAZL - ok
18:29:16.0515 1044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:29:16.0515 1044 HTTP - ok
18:29:16.0562 1044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:29:16.0578 1044 HTTPFilter - ok
18:29:16.0640 1044 [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
18:29:16.0640 1044 huawei_cdcacm - ok
18:29:16.0671 1044 [ 77F6E1CF7A4B1460214E6343B0EAD4C7 ] huawei_cdcecm C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
18:29:16.0687 1044 huawei_cdcecm - ok
18:29:16.0718 1044 [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
18:29:16.0734 1044 huawei_enumerator - ok
18:29:16.0750 1044 [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
18:29:16.0765 1044 huawei_ext_ctrl - ok
18:29:16.0906 1044 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
18:29:16.0984 1044 HWDeviceService.exe - ok
18:29:17.0000 1044 i2omgmt - ok
18:29:17.0015 1044 i2omp - ok
18:29:17.0046 1044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:29:17.0046 1044 i8042prt - ok
18:29:17.0187 1044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:17.0250 1044 idsvc - ok
18:29:17.0296 1044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:29:17.0296 1044 Imapi - ok
18:29:17.0343 1044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:29:17.0359 1044 ImapiService - ok
18:29:17.0359 1044 ini910u - ok
18:29:17.0375 1044 IntelIde - ok
18:29:17.0406 1044 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:29:17.0421 1044 ip6fw - ok
18:29:17.0453 1044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:29:17.0453 1044 IpFilterDriver - ok
18:29:17.0468 1044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:29:17.0484 1044 IpInIp - ok
18:29:17.0500 1044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:29:17.0500 1044 IpNat - ok
18:29:17.0515 1044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:29:17.0531 1044 IPSec - ok
18:29:17.0578 1044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:29:17.0578 1044 IRENUM - ok
18:29:17.0609 1044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:29:17.0656 1044 isapnp - ok
18:29:17.0671 1044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:29:17.0718 1044 Kbdclass - ok
18:29:17.0734 1044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:29:17.0734 1044 kmixer - ok
18:29:17.0796 1044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:29:17.0828 1044 KSecDD - ok
18:29:17.0859 1044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:29:17.0875 1044 lanmanserver - ok
18:29:17.0921 1044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:29:17.0937 1044 lanmanworkstation - ok
18:29:17.0937 1044 Lavasoft Kernexplorer - ok
18:29:17.0953 1044 lbrtfdc - ok
18:29:18.0000 1044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:29:18.0015 1044 LmHosts - ok
18:29:18.0062 1044 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:29:18.0062 1044 mdmxsdk - ok
18:29:18.0078 1044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:29:18.0093 1044 Messenger - ok
18:29:18.0125 1044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:29:18.0125 1044 mnmdd - ok
18:29:18.0156 1044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:29:18.0171 1044 mnmsrvc - ok
18:29:18.0265 1044 [ 625C98D60AD5AB1FCCBD0E2C0AC0D905 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
18:29:18.0296 1044 Mobile Partner. RunOuc - ok
18:29:18.0328 1044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:29:18.0328 1044 Modem - ok
18:29:18.0343 1044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:29:18.0359 1044 Mouclass - ok
18:29:18.0375 1044 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:29:18.0390 1044 mouhid - ok
18:29:18.0406 1044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:29:18.0406 1044 MountMgr - ok
18:29:18.0453 1044 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:18.0468 1044 MozillaMaintenance - ok
18:29:18.0484 1044 mraid35x - ok
18:29:18.0515 1044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:29:18.0531 1044 MRxDAV - ok
18:29:18.0593 1044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:29:18.0625 1044 MRxSmb - ok
18:29:18.0656 1044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:29:18.0671 1044 MSDTC - ok
18:29:18.0703 1044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:29:18.0718 1044 Msfs - ok
18:29:18.0718 1044 MSIServer - ok
18:29:18.0765 1044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:29:18.0765 1044 MSKSSRV - ok
18:29:18.0781 1044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:29:18.0781 1044 MSPCLOCK - ok
18:29:18.0812 1044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:29:18.0812 1044 MSPQM - ok
18:29:18.0859 1044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:29:18.0859 1044 mssmbios - ok
18:29:18.0890 1044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:29:18.0890 1044 MSTEE - ok
18:29:18.0937 1044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:29:18.0953 1044 Mup - ok
18:29:18.0984 1044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:29:19.0000 1044 NABTSFEC - ok
18:29:19.0046 1044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:29:19.0078 1044 napagent - ok
18:29:19.0109 1044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:29:19.0125 1044 NDIS - ok
18:29:19.0140 1044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:29:19.0140 1044 NdisIP - ok
18:29:19.0171 1044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:29:19.0187 1044 NdisTapi - ok
18:29:19.0218 1044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:29:19.0234 1044 Ndisuio - ok
18:29:19.0250 1044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:29:19.0265 1044 NdisWan - ok
18:29:19.0281 1044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:29:19.0281 1044 NDProxy - ok
18:29:19.0312 1044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:29:19.0312 1044 NetBIOS - ok
18:29:19.0343 1044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:29:19.0359 1044 NetBT - ok
18:29:19.0390 1044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:29:19.0406 1044 NetDDE - ok
18:29:19.0406 1044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:29:19.0421 1044 NetDDEdsdm - ok
18:29:19.0453 1044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:29:19.0453 1044 Netlogon - ok
18:29:19.0484 1044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:29:19.0500 1044 Netman - ok
18:29:19.0546 1044 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:19.0562 1044 NetTcpPortSharing - ok
18:29:19.0578 1044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:29:19.0593 1044 Nla - ok
18:29:19.0640 1044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:29:19.0640 1044 Npfs - ok
18:29:19.0687 1044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:29:19.0718 1044 Ntfs - ok
18:29:19.0718 1044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:29:19.0718 1044 NtLmSsp - ok
18:29:19.0781 1044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:29:19.0812 1044 NtmsSvc - ok
18:29:19.0843 1044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:29:19.0843 1044 Null - ok
18:29:19.0875 1044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:29:19.0875 1044 NwlnkFlt - ok
18:29:19.0890 1044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:29:19.0906 1044 NwlnkFwd - ok
18:29:19.0937 1044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:29:19.0937 1044 Parport - ok
18:29:19.0984 1044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:29:19.0984 1044 PartMgr - ok
18:29:20.0031 1044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:29:20.0046 1044 ParVdm - ok
18:29:20.0078 1044 [ B670C5D89F0726B7A2A7DFB4E968CDF8 ] PCAMPR5 C:\WINDOWS\system32\PCAMPR5.SYS
18:29:20.0093 1044 PCAMPR5 - ok
18:29:20.0109 1044 [ ECD2F9D67B06606064DAF6961A6D5EFE ] PCANDIS5 C:\WINDOWS\system32\PCANDIS5.SYS
18:29:20.0125 1044 PCANDIS5 - ok
18:29:20.0140 1044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:29:20.0156 1044 PCI - ok
18:29:20.0156 1044 PCIDump - ok
18:29:20.0187 1044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:29:20.0187 1044 PCIIde - ok
18:29:20.0218 1044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:29:20.0234 1044 Pcmcia - ok
18:29:20.0234 1044 PDCOMP - ok
18:29:20.0250 1044 PDFRAME - ok
18:29:20.0265 1044 PDRELI - ok
18:29:20.0265 1044 PDRFRAME - ok
18:29:20.0281 1044 perc2 - ok
18:29:20.0296 1044 perc2hib - ok
18:29:20.0328 1044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:29:20.0328 1044 PlugPlay - ok
18:29:20.0359 1044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:29:20.0359 1044 PolicyAgent - ok
18:29:20.0406 1044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:29:20.0406 1044 PptpMiniport - ok
18:29:20.0421 1044 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:29:20.0437 1044 Processor - ok
18:29:20.0453 1044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:29:20.0453 1044 ProtectedStorage - ok
18:29:20.0468 1044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:29:20.0468 1044 PSched - ok
18:29:20.0500 1044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:29:20.0515 1044 Ptilink - ok
18:29:20.0546 1044 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:29:20.0562 1044 PxHelp20 - ok
18:29:20.0562 1044 ql1080 - ok
18:29:20.0578 1044 Ql10wnt - ok
18:29:20.0578 1044 ql12160 - ok
18:29:20.0593 1044 ql1240 - ok
18:29:20.0609 1044 ql1280 - ok
18:29:20.0609 1044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:29:20.0625 1044 RasAcd - ok
18:29:20.0671 1044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:29:20.0687 1044 RasAuto - ok
18:29:20.0718 1044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:29:20.0734 1044 Rasl2tp - ok
18:29:20.0781 1044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:29:20.0796 1044 RasMan - ok
18:29:20.0812 1044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:29:20.0812 1044 RasPppoe - ok
18:29:20.0828 1044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:29:20.0828 1044 Raspti - ok
18:29:20.0859 1044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:29:20.0890 1044 Rdbss - ok
18:29:20.0890 1044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:29:20.0890 1044 RDPCDD - ok
18:29:20.0921 1044 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:29:20.0953 1044 rdpdr - ok
18:29:21.0015 1044 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:29:21.0031 1044 RDPWD - ok
18:29:21.0062 1044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:29:21.0078 1044 RDSessMgr - ok
18:29:21.0109 1044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:29:21.0125 1044 redbook - ok
18:29:21.0171 1044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:29:21.0187 1044 RemoteAccess - ok
18:29:21.0218 1044 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:29:21.0234 1044 RemoteRegistry - ok
18:29:21.0234 1044 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:29:21.0250 1044 rimmptsk - ok
18:29:21.0281 1044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:29:21.0296 1044 RpcLocator - ok
18:29:21.0328 1044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:29:21.0343 1044 RpcSs - ok
18:29:21.0375 1044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:29:21.0406 1044 RSVP - ok
18:29:21.0421 1044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:29:21.0421 1044 SamSs - ok
18:29:21.0453 1044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:29:21.0468 1044 SCardSvr - ok
18:29:21.0500 1044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:29:21.0531 1044 Schedule - ok
18:29:21.0546 1044 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:29:21.0562 1044 sdbus - ok
18:29:21.0609 1044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:29:21.0609 1044 Secdrv - ok
18:29:21.0625 1044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:29:21.0640 1044 seclogon - ok
18:29:21.0656 1044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:29:21.0656 1044 SENS - ok
18:29:21.0671 1044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:29:21.0687 1044 Serial - ok
18:29:21.0703 1044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:29:21.0703 1044 Sfloppy - ok
18:29:21.0750 1044 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:29:21.0781 1044 SharedAccess - ok
18:29:21.0843 1044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:29:21.0843 1044 ShellHWDetection - ok
18:29:21.0843 1044 shuwedcqvuvsr - ok
18:29:21.0859 1044 Simbad - ok
18:29:21.0906 1044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:29:21.0937 1044 SLIP - ok
18:29:21.0937 1044 Sparrow - ok
18:29:22.0000 1044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:29:22.0000 1044 splitter - ok
18:29:22.0046 1044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:29:22.0062 1044 Spooler - ok
18:29:22.0062 1044 sptd - ok
18:29:22.0078 1044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:29:22.0093 1044 sr - ok
18:29:22.0140 1044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:29:22.0156 1044 srservice - ok
18:29:22.0203 1044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:29:22.0234 1044 Srv - ok
18:29:22.0250 1044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:29:22.0265 1044 SSDPSRV - ok
18:29:22.0281 1044 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:29:22.0281 1044 ssmdrv - ok
18:29:22.0296 1044 SSPORT - ok
18:29:22.0375 1044 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:29:22.0437 1044 STHDA - ok
18:29:22.0468 1044 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
18:29:22.0468 1044 StillCam - ok
18:29:22.0515 1044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:29:22.0531 1044 stisvc - ok
18:29:22.0546 1044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:29:22.0562 1044 streamip - ok
18:29:22.0578 1044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:29:22.0593 1044 swenum - ok
18:29:22.0625 1044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:29:22.0640 1044 swmidi - ok
18:29:22.0640 1044 SwPrv - ok
18:29:22.0656 1044 symc810 - ok
18:29:22.0671 1044 symc8xx - ok
18:29:22.0671 1044 sym_hi - ok
18:29:22.0687 1044 sym_u3 - ok
18:29:22.0703 1044 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:29:22.0718 1044 SynTP - ok
18:29:22.0734 1044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:29:22.0750 1044 sysaudio - ok
18:29:22.0781 1044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:29:22.0796 1044 SysmonLog - ok
18:29:22.0828 1044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:29:22.0843 1044 TapiSrv - ok
18:29:22.0906 1044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:29:22.0921 1044 Tcpip - ok
18:29:23.0203 1044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:29:23.0218 1044 TDPIPE - ok
18:29:23.0234 1044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:29:23.0234 1044 TDTCP - ok
18:29:23.0265 1044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:29:23.0265 1044 TermDD - ok
18:29:23.0312 1044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:29:23.0328 1044 TermService - ok
18:29:23.0359 1044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:29:23.0359 1044 Themes - ok
18:29:23.0390 1044 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:29:23.0421 1044 TlntSvr - ok
18:29:23.0453 1044 TosIde - ok
18:29:23.0500 1044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:29:23.0515 1044 TrkWks - ok
18:29:23.0562 1044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:29:23.0593 1044 Udfs - ok
18:29:23.0609 1044 UIUSys - ok
18:29:23.0625 1044 ultra - ok
18:29:23.0656 1044 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:29:23.0671 1044 UMWdf - ok
18:29:23.0734 1044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:29:23.0765 1044 Update - ok
18:29:23.0796 1044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:29:23.0812 1044 upnphost - ok
18:29:23.0828 1044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:29:23.0843 1044 UPS - ok
18:29:23.0875 1044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:29:23.0890 1044 usbaudio - ok
18:29:23.0921 1044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:29:23.0921 1044 usbccgp - ok
18:29:23.0937 1044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:29:23.0953 1044 usbehci - ok
18:29:23.0984 1044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:29:24.0000 1044 usbhub - ok
18:29:24.0015 1044 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:29:24.0015 1044 usbohci - ok
18:29:24.0031 1044 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:29:24.0062 1044 usbprint - ok
18:29:24.0093 1044 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:29:24.0109 1044 usbscan - ok
18:29:24.0125 1044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:29:24.0140 1044 USBSTOR - ok
18:29:24.0171 1044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:29:24.0187 1044 usbvideo - ok
18:29:24.0218 1044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:29:24.0218 1044 VgaSave - ok
18:29:24.0234 1044 ViaIde - ok
18:29:24.0250 1044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:29:24.0265 1044 VolSnap - ok
18:29:24.0296 1044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:29:24.0328 1044 VSS - ok
18:29:24.0359 1044 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:29:24.0421 1044 W32Time - ok
18:29:24.0453 1044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:29:24.0468 1044 Wanarp - ok
18:29:24.0531 1044 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:29:24.0562 1044 Wdf01000 - ok
18:29:24.0578 1044 WDICA - ok
18:29:24.0625 1044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:29:24.0656 1044 wdmaud - ok
18:29:24.0671 1044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:29:24.0718 1044 WebClient - ok
18:29:24.0781 1044 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:29:24.0828 1044 winachsf - ok
18:29:24.0921 1044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:29:24.0953 1044 winmgmt - ok
18:29:24.0968 1044 wltrysvc - ok
18:29:25.0015 1044 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:29:25.0031 1044 WmdmPmSN - ok
18:29:25.0078 1044 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:29:25.0109 1044 Wmi - ok
18:29:25.0125 1044 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:29:25.0125 1044 WmiAcpi - ok
18:29:25.0140 1044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:29:25.0156 1044 WmiApSrv - ok
18:29:25.0187 1044 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:29:25.0187 1044 WS2IFSL - ok
18:29:25.0218 1044 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:29:25.0234 1044 wscsvc - ok
18:29:25.0265 1044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:29:25.0265 1044 WSTCODEC - ok
18:29:25.0281 1044 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:29:25.0296 1044 wuauserv - ok
18:29:25.0343 1044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:29:25.0375 1044 WZCSVC - ok
18:29:25.0390 1044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:29:25.0406 1044 xmlprov - ok
18:29:25.0500 1044 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:29:25.0500 1044 YahooAUService - ok
18:29:25.0546 1044 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
18:29:25.0562 1044 ZTEusbmdm6k - ok
18:29:25.0578 1044 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
18:29:25.0593 1044 ZTEusbnmea - ok
18:29:25.0609 1044 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbnmeaext C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys
18:29:25.0640 1044 ZTEusbnmeaext - ok
18:29:25.0703 1044 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
18:29:25.0734 1044 ZTEusbser6k - ok
18:29:25.0765 1044 ================ Scan global ===============================
18:29:25.0812 1044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:29:25.0859 1044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:29:25.0921 1044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:29:25.0953 1044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:29:25.0953 1044 [Global] - ok
18:29:25.0968 1044 ================ Scan MBR ==================================
18:29:25.0984 1044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:29:26.0171 1044 \Device\Harddisk0\DR0 - ok
18:29:26.0171 1044 ================ Scan VBR ==================================
18:29:26.0171 1044 [ C85A1C14F4C55E18E719AB6E6A17E9AE ] \Device\Harddisk0\DR0\Partition1
18:29:26.0171 1044 \Device\Harddisk0\DR0\Partition1 - ok
18:29:26.0203 1044 [ A5BDBF09E44CC6FBB1DF73DEDA087322 ] \Device\Harddisk0\DR0\Partition2
18:29:26.0203 1044 \Device\Harddisk0\DR0\Partition2 - ok
18:29:26.0203 1044 ============================================================
18:29:26.0203 1044 Scan finished
18:29:26.0203 1044 ============================================================
18:29:26.0218 0508 Detected object count: 1
18:29:26.0218 0508 Actual detected object count: 1
18:29:39.0437 0508 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
18:29:41.0515 0508 Backup copy found, using it..
18:29:41.0578 0508 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
18:29:41.0578 0508 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
18:30:03.0187 3000 Deinitialize success


second scan on reboot :

18:31:39.0671 0604 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:31:39.0812 0604 ============================================================
18:31:39.0812 0604 Current date / time: 2012/10/22 18:31:39.0812
18:31:39.0812 0604 SystemInfo:
18:31:39.0812 0604
18:31:39.0812 0604 OS Version: 5.1.2600 ServicePack: 3.0
18:31:39.0812 0604 Product type: Workstation
18:31:39.0812 0604 ComputerName: PRIVAT-91W0E6G9
18:31:39.0812 0604 UserName: doctor
18:31:39.0812 0604 Windows directory: C:\WINDOWS
18:31:39.0812 0604 System windows directory: C:\WINDOWS
18:31:39.0812 0604 Processor architecture: Intel x86
18:31:39.0812 0604 Number of processors: 1
18:31:39.0812 0604 Page size: 0x1000
18:31:39.0812 0604 Boot type: Normal boot
18:31:39.0812 0604 ============================================================
18:31:41.0437 0604 BG loaded
18:31:42.0046 0604 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:31:42.0109 0604 ============================================================
18:31:42.0109 0604 \Device\Harddisk0\DR0:
18:31:42.0125 0604 MBR partitions:
18:31:42.0125 0604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
18:31:42.0140 0604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x6DF8F4B
18:31:42.0140 0604 ============================================================
18:31:42.0187 0604 C: <-> \Device\Harddisk0\DR0\Partition1
18:31:42.0359 0604 D: <-> \Device\Harddisk0\DR0\Partition2
18:31:42.0781 0604 ============================================================
18:31:42.0781 0604 Initialize success
18:31:42.0781 0604 ============================================================
18:31:46.0328 1544 ============================================================
18:31:46.0328 1544 Scan started
18:31:46.0328 1544 Mode: Manual;
18:31:46.0328 1544 ============================================================
18:31:48.0796 1544 ================ Scan system memory ========================
18:31:48.0796 1544 System memory - ok
18:31:48.0796 1544 ================ Scan services =============================
18:31:50.0015 1544 Abiosdsk - ok
18:31:50.0015 1544 abp480n5 - ok
18:31:50.0156 1544 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:50.0203 1544 ACPI - ok
18:31:50.0250 1544 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:31:50.0281 1544 ACPIEC - ok
18:31:50.0546 1544 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:31:50.0656 1544 AdobeFlashPlayerUpdateSvc - ok
18:31:50.0656 1544 adpu160m - ok
18:31:50.0718 1544 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:31:50.0718 1544 aec - ok
18:31:50.0859 1544 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:31:50.0859 1544 AFD - ok
18:31:50.0875 1544 Aha154x - ok
18:31:50.0875 1544 aic78u2 - ok
18:31:50.0906 1544 aic78xx - ok
18:31:50.0968 1544 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:31:51.0000 1544 Alerter - ok
18:31:51.0031 1544 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:31:51.0031 1544 ALG - ok
18:31:51.0046 1544 AliIde - ok
18:31:51.0187 1544 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:31:51.0187 1544 AmdK8 - ok
18:31:51.0203 1544 amsint - ok
18:31:51.0500 1544 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:31:51.0515 1544 AntiVirSchedulerService - ok
18:31:51.0656 1544 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:31:51.0734 1544 AntiVirService - ok
18:31:51.0906 1544 [ E38BA9FAB3981A2115C53260B930FD3C ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:31:52.0171 1544 AntiVirWebService - ok
18:31:52.0250 1544 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:31:52.0250 1544 APPDRV - ok
18:31:52.0312 1544 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:31:52.0359 1544 AppMgmt - ok
18:31:52.0359 1544 asc - ok
18:31:52.0375 1544 asc3350p - ok
18:31:52.0375 1544 asc3550 - ok
18:31:52.0687 1544 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:31:52.0687 1544 aspnet_state - ok
18:31:52.0750 1544 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:52.0765 1544 AsyncMac - ok
18:31:52.0796 1544 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:52.0796 1544 atapi - ok
18:31:52.0796 1544 Atdisk - ok
18:31:52.0906 1544 [ 8BB6A2488A93259FDDC18D040008C1A4 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
18:31:52.0906 1544 Ati HotKey Poller - ok
18:31:53.0390 1544 [ E78B73EB84C257D0D940E041742D2699 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:31:53.0406 1544 ati2mtag - ok
18:31:53.0625 1544 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:53.0640 1544 Atmarpc - ok
18:31:53.0703 1544 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:31:53.0718 1544 AudioSrv - ok
18:31:53.0765 1544 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:53.0765 1544 audstub - ok
18:31:53.0812 1544 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:31:53.0828 1544 avgntflt - ok
18:31:53.0859 1544 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:31:53.0875 1544 avipbb - ok
18:31:53.0875 1544 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:31:53.0875 1544 avkmgr - ok
18:31:54.0125 1544 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:31:54.0125 1544 BCM43XX - ok
18:31:54.0171 1544 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:31:54.0187 1544 bcm4sbxp - ok
18:31:54.0218 1544 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:31:54.0218 1544 Beep - ok
18:31:54.0328 1544 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:31:54.0625 1544 BITS - ok
18:31:54.0687 1544 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:31:54.0703 1544 Browser - ok
18:31:54.0859 1544 catchme - ok
18:31:54.0937 1544 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:54.0953 1544 cbidf2k - ok
18:31:55.0000 1544 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:31:55.0046 1544 CCDECODE - ok
18:31:55.0046 1544 cd20xrnt - ok
18:31:55.0093 1544 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:55.0093 1544 Cdaudio - ok
18:31:55.0140 1544 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:55.0140 1544 Cdfs - ok
18:31:55.0187 1544 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:55.0187 1544 Cdrom - ok
18:31:55.0187 1544 Changer - ok
18:31:55.0250 1544 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
18:31:55.0265 1544 cisvc - ok
18:31:55.0296 1544 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:31:55.0312 1544 ClipSrv - ok
18:31:55.0406 1544 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:55.0406 1544 clr_optimization_v2.0.50727_32 - ok
18:31:55.0421 1544 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:31:55.0421 1544 CmBatt - ok
18:31:55.0437 1544 CmdIde - ok
18:31:55.0484 1544 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:31:55.0531 1544 Compbatt - ok
18:31:55.0546 1544 COMSysApp - ok
18:31:55.0562 1544 Cpqarray - ok
18:31:55.0593 1544 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:31:55.0609 1544 CryptSvc - ok
18:31:55.0687 1544 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\System32\DRIVERS\d347bus.sys
18:31:55.0703 1544 d347bus - ok
18:31:55.0718 1544 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\System32\Drivers\d347prt.sys
18:31:55.0718 1544 d347prt - ok
18:31:55.0734 1544 dac2w2k - ok
18:31:55.0734 1544 dac960nt - ok
18:31:55.0906 1544 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:31:55.0937 1544 DcomLaunch - ok
18:31:55.0984 1544 [ 1EC27A51A2F9DF052BC2B4C8376C8FEA ] DgiVecp C:\WINDOWS\System32\Drivers\DgiVecp.sys
18:31:56.0000 1544 DgiVecp - ok
18:31:56.0078 1544 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:31:56.0078 1544 Dhcp - ok
18:31:56.0109 1544 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:56.0125 1544 Disk - ok
18:31:56.0140 1544 dmadmin - ok
18:31:56.0312 1544 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:31:56.0328 1544 dmboot - ok
18:31:56.0390 1544 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:31:56.0406 1544 dmio - ok
18:31:56.0562 1544 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:31:56.0562 1544 dmload - ok
18:31:56.0625 1544 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:31:56.0640 1544 dmserver - ok
18:31:56.0687 1544 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:31:56.0687 1544 DMusic - ok
18:31:56.0734 1544 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:31:56.0734 1544 Dnscache - ok
18:31:56.0812 1544 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:31:56.0859 1544 Dot3svc - ok
18:31:56.0859 1544 dpti2o - ok
18:31:56.0875 1544 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:56.0875 1544 drmkaud - ok
18:31:57.0000 1544 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:31:57.0015 1544 EapHost - ok
18:31:57.0109 1544 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:31:57.0109 1544 ERSvc - ok
18:31:57.0187 1544 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:31:57.0187 1544 Eventlog - ok
18:31:57.0265 1544 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
18:31:57.0281 1544 EventSystem - ok
18:31:57.0359 1544 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
18:31:57.0375 1544 ew_hwusbdev - ok
18:31:57.0406 1544 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
18:31:57.0453 1544 ew_usbenumfilter - ok
18:31:57.0578 1544 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:57.0625 1544 Fastfat - ok
18:31:57.0703 1544 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:31:57.0703 1544 FastUserSwitchingCompatibility - ok
18:31:57.0718 1544 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:31:57.0718 1544 Fdc - ok
18:31:57.0750 1544 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:31:57.0750 1544 Fips - ok
18:31:57.0812 1544 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:31:57.0812 1544 Flpydisk - ok
18:31:57.0890 1544 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:57.0921 1544 FltMgr - ok
18:31:58.0078 1544 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:31:58.0093 1544 FontCache3.0.0.0 - ok
18:31:58.0125 1544 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:58.0125 1544 Fs_Rec - ok
18:31:58.0140 1544 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:58.0171 1544 Ftdisk - ok
18:31:58.0375 1544 [ 597988627ADB4AD1372EACF75EA30650 ] FTRTSVC C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
18:31:58.0390 1544 FTRTSVC - ok
18:31:58.0437 1544 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:58.0437 1544 Gpc - ok
18:32:00.0078 1544 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:32:00.0078 1544 gupdate - ok
18:32:00.0625 1544 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:32:00.0625 1544 gupdatem - ok
18:32:00.0687 1544 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:32:00.0687 1544 HDAudBus - ok
18:32:00.0796 1544 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:32:00.0812 1544 helpsvc - ok
18:32:00.0828 1544 HidServ - ok
18:32:00.0859 1544 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:32:00.0875 1544 HidUsb - ok
18:32:00.0921 1544 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:32:00.0937 1544 hkmsvc - ok
18:32:00.0937 1544 hpn - ok
18:32:00.0953 1544 hpt3xx - ok
18:32:01.0062 1544 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
18:32:01.0062 1544 HSF_DPV - ok
18:32:01.0140 1544 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
18:32:01.0140 1544 HSXHWAZL - ok
18:32:01.0203 1544 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:32:01.0218 1544 HTTP - ok
18:32:01.0250 1544 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:32:01.0281 1544 HTTPFilter - ok
18:32:01.0359 1544 [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
18:32:01.0375 1544 huawei_cdcacm - ok
18:32:01.0421 1544 [ 77F6E1CF7A4B1460214E6343B0EAD4C7 ] huawei_cdcecm C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
18:32:01.0437 1544 huawei_cdcecm - ok
18:32:01.0453 1544 [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
18:32:01.0453 1544 huawei_enumerator - ok
18:32:01.0484 1544 [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
18:32:01.0500 1544 huawei_ext_ctrl - ok
18:32:01.0593 1544 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
18:32:01.0593 1544 HWDeviceService.exe - ok
18:32:01.0609 1544 i2omgmt - ok
18:32:01.0625 1544 i2omp - ok
18:32:01.0656 1544 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:32:01.0656 1544 i8042prt - ok
18:32:01.0828 1544 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:32:01.0890 1544 idsvc - ok
18:32:01.0937 1544 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:32:01.0937 1544 Imapi - ok
18:32:02.0031 1544 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:32:02.0046 1544 ImapiService - ok
18:32:02.0046 1544 ini910u - ok
18:32:02.0062 1544 IntelIde - ok
18:32:02.0109 1544 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:32:02.0140 1544 ip6fw - ok
18:32:02.0187 1544 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:32:02.0218 1544 IpFilterDriver - ok
18:32:02.0265 1544 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:32:02.0281 1544 IpInIp - ok
18:32:02.0328 1544 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:32:02.0328 1544 IpNat - ok
18:32:02.0359 1544 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:32:02.0359 1544 IPSec - ok
18:32:02.0406 1544 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:32:02.0406 1544 IRENUM - ok
18:32:02.0437 1544 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:32:02.0437 1544 isapnp - ok
18:32:02.0453 1544 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:32:02.0453 1544 Kbdclass - ok
18:32:02.0500 1544 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:32:02.0500 1544 kmixer - ok
18:32:02.0531 1544 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:32:02.0531 1544 KSecDD - ok
18:32:02.0578 1544 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:32:02.0593 1544 lanmanserver - ok
18:32:02.0656 1544 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:32:02.0656 1544 lanmanworkstation - ok
18:32:02.0671 1544 Lavasoft Kernexplorer - ok
18:32:02.0671 1544 lbrtfdc - ok
18:32:02.0734 1544 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:32:02.0734 1544 LmHosts - ok
18:32:02.0781 1544 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:32:02.0796 1544 mdmxsdk - ok
18:32:02.0828 1544 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:32:02.0843 1544 Messenger - ok
18:32:02.0890 1544 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:32:02.0890 1544 mnmdd - ok
18:32:02.0953 1544 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:32:02.0968 1544 mnmsrvc - ok
18:32:03.0171 1544 [ 625C98D60AD5AB1FCCBD0E2C0AC0D905 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
18:32:03.0203 1544 Mobile Partner. RunOuc - ok
18:32:03.0250 1544 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:32:03.0250 1544 Modem - ok
18:32:03.0296 1544 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:32:03.0296 1544 Mouclass - ok
18:32:03.0312 1544 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:32:03.0312 1544 mouhid - ok
18:32:03.0343 1544 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:32:03.0359 1544 MountMgr - ok
18:32:03.0437 1544 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:32:03.0437 1544 MozillaMaintenance - ok
18:32:03.0437 1544 mraid35x - ok
18:32:03.0484 1544 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:32:03.0484 1544 MRxDAV - ok
18:32:03.0656 1544 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:32:03.0656 1544 MRxSmb - ok
18:32:03.0703 1544 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:32:03.0718 1544 MSDTC - ok
18:32:03.0781 1544 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:32:03.0781 1544 Msfs - ok
18:32:03.0781 1544 MSIServer - ok
18:32:03.0828 1544 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:32:03.0843 1544 MSKSSRV - ok
18:32:03.0875 1544 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:32:03.0875 1544 MSPCLOCK - ok
18:32:03.0906 1544 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:32:03.0906 1544 MSPQM - ok
18:32:03.0937 1544 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:32:03.0937 1544 mssmbios - ok
18:32:03.0968 1544 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:32:03.0984 1544 MSTEE - ok
18:32:04.0015 1544 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:32:04.0031 1544 Mup - ok
18:32:04.0078 1544 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:32:04.0078 1544 NABTSFEC - ok
18:32:04.0140 1544 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:32:04.0156 1544 napagent - ok
18:32:04.0187 1544 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:32:04.0203 1544 NDIS - ok
18:32:04.0203 1544 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:32:04.0203 1544 NdisIP - ok
18:32:04.0281 1544 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:32:04.0281 1544 NdisTapi - ok
18:32:04.0312 1544 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:32:04.0312 1544 Ndisuio - ok
18:32:04.0343 1544 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:04.0343 1544 NdisWan - ok
18:32:04.0359 1544 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:32:04.0359 1544 NDProxy - ok
18:32:04.0406 1544 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:32:04.0406 1544 NetBIOS - ok
18:32:04.0421 1544 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:32:04.0437 1544 NetBT - ok
18:32:04.0468 1544 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:32:04.0484 1544 NetDDE - ok
18:32:04.0484 1544 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:32:04.0500 1544 NetDDEdsdm - ok
18:32:04.0546 1544 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:32:04.0546 1544 Netlogon - ok
18:32:04.0562 1544 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:32:04.0562 1544 Netman - ok
18:32:04.0609 1544 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:32:04.0609 1544 NetTcpPortSharing - ok
18:32:04.0640 1544 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:32:04.0640 1544 Nla - ok
18:32:04.0687 1544 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:32:04.0687 1544 Npfs - ok
18:32:04.0734 1544 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:32:04.0765 1544 Ntfs - ok
18:32:04.0765 1544 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
18:32:04.0781 1544 NtLmSsp - ok
18:32:04.0828 1544 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:32:04.0843 1544 NtmsSvc - ok
18:32:04.0859 1544 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:32:04.0859 1544 Null - ok
18:32:04.0890 1544 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:32:04.0890 1544 NwlnkFlt - ok
18:32:04.0906 1544 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:32:04.0906 1544 NwlnkFwd - ok
18:32:04.0937 1544 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:32:04.0937 1544 Parport - ok
18:32:04.0968 1544 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:32:04.0968 1544 PartMgr - ok
18:32:04.0984 1544 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:32:04.0984 1544 ParVdm - ok
18:32:05.0046 1544 [ B670C5D89F0726B7A2A7DFB4E968CDF8 ] PCAMPR5 C:\WINDOWS\system32\PCAMPR5.SYS
18:32:05.0046 1544 PCAMPR5 - ok
18:32:05.0078 1544 [ ECD2F9D67B06606064DAF6961A6D5EFE ] PCANDIS5 C:\WINDOWS\system32\PCANDIS5.SYS
18:32:05.0078 1544 PCANDIS5 - ok
18:32:05.0093 1544 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:32:05.0125 1544 PCI - ok
18:32:05.0125 1544 PCIDump - ok
18:32:05.0140 1544 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:32:05.0140 1544 PCIIde - ok
18:32:05.0171 1544 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:32:05.0171 1544 Pcmcia - ok
18:32:05.0187 1544 PDCOMP - ok
18:32:05.0187 1544 PDFRAME - ok
18:32:05.0203 1544 PDRELI - ok
18:32:05.0203 1544 PDRFRAME - ok
18:32:05.0218 1544 perc2 - ok
18:32:05.0218 1544 perc2hib - ok
18:32:05.0265 1544 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:32:05.0265 1544 PlugPlay - ok
18:32:05.0281 1544 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:32:05.0281 1544 PolicyAgent - ok
18:32:05.0312 1544 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:32:05.0312 1544 PptpMiniport - ok
18:32:05.0312 1544 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:32:05.0312 1544 Processor - ok
18:32:05.0328 1544 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:32:05.0328 1544 ProtectedStorage - ok
18:32:05.0343 1544 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:32:05.0343 1544 PSched - ok
18:32:05.0375 1544 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:32:05.0375 1544 Ptilink - ok
18:32:05.0390 1544 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:32:05.0406 1544 PxHelp20 - ok
18:32:05.0406 1544 ql1080 - ok
18:32:05.0421 1544 Ql10wnt - ok
18:32:05.0421 1544 ql12160 - ok
18:32:05.0437 1544 ql1240 - ok
18:32:05.0437 1544 ql1280 - ok
18:32:05.0453 1544 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:32:05.0453 1544 RasAcd - ok
18:32:05.0500 1544 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:32:05.0500 1544 RasAuto - ok
18:32:05.0531 1544 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:32:05.0531 1544 Rasl2tp - ok
18:32:05.0578 1544 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:32:05.0578 1544 RasMan - ok
18:32:05.0593 1544 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:32:05.0593 1544 RasPppoe - ok
18:32:05.0593 1544 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:32:05.0593 1544 Raspti - ok
18:32:05.0625 1544 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:32:05.0625 1544 Rdbss - ok
18:32:05.0640 1544 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:32:05.0640 1544 RDPCDD - ok
18:32:05.0656 1544 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:32:05.0656 1544 rdpdr - ok
18:32:05.0703 1544 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:32:05.0703 1544 RDPWD - ok
18:32:05.0734 1544 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:32:05.0734 1544 RDSessMgr - ok
18:32:05.0765 1544 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:32:05.0765 1544 redbook - ok
18:32:05.0812 1544 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:32:05.0812 1544 RemoteAccess - ok
18:32:05.0859 1544 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:32:05.0859 1544 RemoteRegistry - ok
18:32:05.0890 1544 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
18:32:05.0890 1544 rimmptsk - ok
18:32:05.0937 1544 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
18:32:05.0937 1544 RpcLocator - ok
18:32:05.0984 1544 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:32:05.0984 1544 RpcSs - ok
18:32:06.0031 1544 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
18:32:06.0031 1544 RSVP - ok
18:32:06.0046 1544 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:32:06.0046 1544 SamSs - ok
18:32:06.0078 1544 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:32:06.0078 1544 SCardSvr - ok
18:32:06.0125 1544 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:32:06.0125 1544 Schedule - ok
18:32:06.0156 1544 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:32:06.0156 1544 sdbus - ok
18:32:06.0203 1544 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:32:06.0203 1544 Secdrv - ok
18:32:06.0234 1544 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:32:06.0234 1544 seclogon - ok
18:32:06.0250 1544 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:32:06.0265 1544 SENS - ok
18:32:06.0281 1544 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:32:06.0281 1544 Serial - ok
18:32:06.0328 1544 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:32:06.0328 1544 Sfloppy - ok
18:32:06.0375 1544 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:32:06.0390 1544 SharedAccess - ok
18:32:06.0437 1544 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:32:06.0437 1544 ShellHWDetection - ok
18:32:06.0437 1544 shuwedcqvuvsr - ok
18:32:06.0453 1544 Simbad - ok
18:32:06.0484 1544 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:32:06.0500 1544 SLIP - ok
18:32:06.0500 1544 Sparrow - ok
18:32:06.0531 1544 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:32:06.0531 1544 splitter - ok
18:32:06.0578 1544 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:32:06.0578 1544 Spooler - ok
18:32:06.0593 1544 sptd - ok
18:32:06.0609 1544 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:32:06.0609 1544 sr - ok
18:32:06.0656 1544 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:32:06.0656 1544 srservice - ok
18:32:06.0734 1544 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:32:06.0734 1544 Srv - ok
18:32:06.0765 1544 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:32:06.0781 1544 SSDPSRV - ok
18:32:06.0828 1544 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:32:06.0828 1544 ssmdrv - ok
18:32:06.0828 1544 SSPORT - ok
18:32:06.0968 1544 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:32:06.0984 1544 STHDA - ok
18:32:07.0031 1544 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
18:32:07.0031 1544 StillCam - ok
18:32:07.0078 1544 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:32:07.0093 1544 stisvc - ok
18:32:07.0171 1544 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:32:07.0187 1544 streamip - ok
18:32:07.0203 1544 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:32:07.0203 1544 swenum - ok
18:32:07.0250 1544 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:32:07.0250 1544 swmidi - ok
18:32:07.0250 1544 SwPrv - ok
18:32:07.0265 1544 symc810 - ok
18:32:07.0281 1544 symc8xx - ok
18:32:07.0281 1544 sym_hi - ok
18:32:07.0296 1544 sym_u3 - ok
18:32:07.0359 1544 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:32:07.0359 1544 SynTP - ok
18:32:07.0390 1544 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:32:07.0390 1544 sysaudio - ok
18:32:07.0421 1544 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:32:07.0421 1544 SysmonLog - ok
18:32:07.0453 1544 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:32:07.0468 1544 TapiSrv - ok
18:32:07.0531 1544 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:32:07.0531 1544 Tcpip - ok
18:32:07.0562 1544 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:32:07.0562 1544 TDPIPE - ok
18:32:07.0593 1544 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:32:07.0593 1544 TDTCP - ok
18:32:07.0609 1544 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:32:07.0609 1544 TermDD - ok
18:32:07.0687 1544 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:32:07.0718 1544 TermService - ok
18:32:07.0750 1544 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:32:07.0750 1544 Themes - ok
18:32:07.0781 1544 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:32:07.0781 1544 TlntSvr - ok
18:32:07.0796 1544 TosIde - ok
18:32:07.0812 1544 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:32:07.0828 1544 TrkWks - ok
18:32:07.0843 1544 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:32:07.0843 1544 Udfs - ok
18:32:07.0859 1544 UIUSys - ok
18:32:07.0859 1544 ultra - ok
18:32:07.0921 1544 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:32:07.0921 1544 UMWdf - ok
18:32:08.0015 1544 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:32:08.0031 1544 Update - ok
18:32:08.0093 1544 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:32:08.0093 1544 upnphost - ok
18:32:08.0125 1544 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:32:08.0125 1544 UPS - ok
18:32:08.0187 1544 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:32:08.0187 1544 usbaudio - ok
18:32:08.0218 1544 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:32:08.0218 1544 usbccgp - ok
18:32:08.0265 1544 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:32:08.0265 1544 usbehci - ok
18:32:08.0296 1544 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:32:08.0296 1544 usbhub - ok
18:32:08.0296 1544 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:32:08.0312 1544 usbohci - ok
18:32:08.0328 1544 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:32:08.0328 1544 usbprint - ok
18:32:08.0375 1544 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:32:08.0375 1544 usbscan - ok
18:32:08.0390 1544 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:32:08.0390 1544 USBSTOR - ok
18:32:08.0453 1544 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:32:08.0468 1544 usbvideo - ok
18:32:08.0500 1544 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:32:08.0500 1544 VgaSave - ok
18:32:08.0515 1544 ViaIde - ok
18:32:08.0531 1544 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:32:08.0531 1544 VolSnap - ok
18:32:08.0609 1544 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:32:08.0625 1544 VSS - ok
18:32:08.0656 1544 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:32:08.0656 1544 W32Time - ok
18:32:08.0687 1544 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:32:08.0687 1544 Wanarp - ok
18:32:08.0781 1544 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:32:08.0781 1544 Wdf01000 - ok
18:32:08.0796 1544 WDICA - ok
18:32:08.0859 1544 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:32:08.0859 1544 wdmaud - ok
18:32:08.0906 1544 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:32:08.0906 1544 WebClient - ok
18:32:09.0046 1544 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
18:32:09.0046 1544 winachsf - ok
18:32:09.0171 1544 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:32:09.0171 1544 winmgmt - ok
18:32:09.0203 1544 wltrysvc - ok
18:32:09.0218 1544 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:32:09.0234 1544 WmdmPmSN - ok
18:32:09.0359 1544 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:32:09.0375 1544 Wmi - ok
18:32:09.0390 1544 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:32:09.0390 1544 WmiAcpi - ok
18:32:09.0453 1544 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:32:09.0484 1544 WmiApSrv - ok
18:32:09.0531 1544 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:32:09.0531 1544 WS2IFSL - ok
18:32:09.0578 1544 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:32:09.0609 1544 wscsvc - ok
18:32:09.0640 1544 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:32:09.0640 1544 WSTCODEC - ok
18:32:09.0703 1544 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:32:09.0734 1544 wuauserv - ok
18:32:09.0781 1544 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:32:09.0781 1544 WZCSVC - ok
18:32:09.0812 1544 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:32:09.0812 1544 xmlprov - ok
18:32:09.0921 1544 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:32:09.0953 1544 YahooAUService - ok
18:32:10.0000 1544 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
18:32:10.0000 1544 ZTEusbmdm6k - ok
18:32:10.0015 1544 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
18:32:10.0031 1544 ZTEusbnmea - ok
18:32:10.0062 1544 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbnmeaext C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys
18:32:10.0062 1544 ZTEusbnmeaext - ok
18:32:10.0109 1544 [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
18:32:10.0156 1544 ZTEusbser6k - ok
18:32:10.0187 1544 ================ Scan global ===============================
18:32:10.0375 1544 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:32:10.0437 1544 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:32:10.0453 1544 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:32:10.0468 1544 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:32:10.0484 1544 [Global] - ok
18:32:10.0484 1544 ================ Scan MBR ==================================
18:32:10.0546 1544 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:32:11.0937 1544 \Device\Harddisk0\DR0 - ok
18:32:11.0937 1544 ================ Scan VBR ==================================
18:32:11.0953 1544 [ C85A1C14F4C55E18E719AB6E6A17E9AE ] \Device\Harddisk0\DR0\Partition1
18:32:11.0953 1544 \Device\Harddisk0\DR0\Partition1 - ok
18:32:11.0968 1544 [ A5BDBF09E44CC6FBB1DF73DEDA087322 ] \Device\Harddisk0\DR0\Partition2
18:32:12.0000 1544 \Device\Harddisk0\DR0\Partition2 - ok
18:32:12.0015 1544 ============================================================
18:32:12.0015 1544 Scan finished
18:32:12.0015 1544 ============================================================
18:32:12.0031 1516 Detected object count: 0
18:32:12.0031 1516 Actual detected object count: 0
18:32:18.0171 0572 Deinitialize success


step 2:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 18:43:47
-----------------------------
18:43:47.593 OS Version: Windows 5.1.2600 Service Pack 3
18:43:47.593 Number of processors: 1 586 0x4C02
18:43:47.593 ComputerName: PRIVAT-91W0E6G9 UserName: doctor
18:43:48.078 Initialize success
18:46:56.296 AVAST engine defs: 12102300
18:47:46.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:47:46.750 Disk 0 Vendor: TOSHIBA_MK8037GSX DL240D Size: 76319MB BusType: 3
18:47:46.765 Disk 0 MBR read successfully
18:47:46.765 Disk 0 MBR scan
18:47:46.921 Disk 0 Windows XP default MBR code
18:47:46.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
18:47:46.937 Disk 0 Partition - 00 0F Extended LBA 56305 MB offset 40965750
18:47:46.968 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56305 MB offset 40965813
18:47:46.984 Disk 0 scanning sectors +156280320
18:47:47.109 Disk 0 scanning C:\WINDOWS\system32\drivers
18:48:14.671 Service scanning
18:48:36.484 Modules scanning
18:48:45.046 Disk 0 trace - called modules:
18:48:45.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:48:45.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85163ab8]
18:48:45.390 3 CLASSPNP.SYS[f7584fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85167d98]
18:48:45.718 AVAST engine scan C:\WINDOWS
18:49:06.562 AVAST engine scan C:\WINDOWS\system32
18:53:38.328 AVAST engine scan C:\WINDOWS\system32\drivers
18:53:56.609 AVAST engine scan C:\Documents and Settings\doctor
18:58:04.234 AVAST engine scan C:\Documents and Settings\All Users
18:58:51.203 Scan finished successfully
18:59:59.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\doctor\Desktop\antimalaware 10 2012\4zi\MBR.dat"
18:59:59.531 The log file has been saved successfully to "C:\Documents and Settings\doctor\Desktop\antimalaware 10 2012\4zi\aswMBR.txt"

Thank you,
Dan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 23 October 2012 - 12:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 23 October 2012 - 01:03 PM

Hello,
ComboFix 12-10-22.02 - doctor 22.10.2012 20:29:06.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.894.487 [GMT 3:00]
Running from: d:\cristi\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\doctor\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 15:29 . 2012-10-22 15:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 14:15 . 2012-10-15 14:16 -------- d-----w- c:\program files\SpywareBlaster
2012-10-11 20:48 . 2012-10-11 21:18 -------- d-----w- C:\carti stoma
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 15:30 . 2001-08-23 10:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-10-15 12:01 . 2012-05-26 07:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 12:01 . 2011-08-17 06:33 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 14:04 . 2010-01-16 15:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-05-24 10:59 . 2011-12-07 07:16 162304 ----a-w- c:\program files\UNWISE.EXE
2012-08-16 20:52 . 2012-03-19 07:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-16 1392640]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"CardDetectorZTEMF636"="c:\program files\CardDetector\ZTEMF636\CardDetector.exe" [2009-07-01 274432]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-05 348664]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-05 296096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orange\\InternetEverywhere\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\downloads\\Heroes of Might and Magic III Complete\\Heroes of Might and Magic III Complete\\Heroes3.exe"=
"c:\\Program Files\\1ClickDownload\\1ClickDownloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23342:TCP"= 23342:TCP:BitComet 23342 TCP
"23342:UDP"= 23342:UDP:BitComet 23342 UDP
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.02.2012 18:42 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.02.2012 18:42 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [14.02.2012 18:42 465360]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [06.06.2012 12:17 73984]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2011 21:51 136176]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.03.2011 18:27 271712]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [06.06.2012 12:16 655712]
S2 shuwedcqvuvsr;shuwedcqvuvsr;"c:\docume~1\doctor\LOCALS~1\Temp\DAT36.tmp.exe" --SERVICE --> c:\docume~1\doctor\LOCALS~1\Temp\DAT36.tmp.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\System32\Drivers\SSPORT.sys --> c:\windows\System32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26.05.2012 10:35 250808]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [06.06.2012 12:17 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [06.06.2012 12:17 11136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2011 21:51 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [06.06.2012 12:17 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [06.06.2012 12:17 66688]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [06.06.2012 12:17 26624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10.05.2012 21:19 113120]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [10.01.2011 20:18 103936]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [22.02.2008 10:59 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [22.02.2008 10:59 5248]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 41287175
*NewlyCreated* - 76579231
*NewlyCreated* - ASWMBR
*Deregistered* - 41287175
*Deregistered* - 76579231
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 12:01]
.
2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:51]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 18:51]
.
2012-10-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-842925246-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 11:27]
.
2012-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-842925246-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 11:27]
.
2012-10-22 c:\windows\Tasks\User_Feed_Synchronization-{63C7281A-E80F-42F8-90EA-CE7F6F61CB4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.ro
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport în Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\doctor\Application Data\Mozilla\Firefox\Profiles\73c07owe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ro/
FF - ExtSQL: 2012-09-05 08:17; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2010-08-15 19:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-76579231.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0673bfca-32d4-4044-bf4c-c8f619e07321}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011c
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6b,89,e9,09,6f,ad,8c,9d,09,37,98,5a,e8,33,e3,c4,e5,b8,ee,aa,f5,bc,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):47,4f,bd,ce,38,3b,c9,c1,46,88,0b,14,89,80,b1,7d,18,d6,5c,d5,5b,
93,d0,c6,db,30,9f,09,84,86,81,af,7e,4a,07,01,82,c1,7d,79,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-10-22 20:40:04
ComboFix-quarantined-files.txt 2012-10-22 17:40
ComboFix2.txt 2012-10-21 18:44
.
Pre-Run: 4.996.902.912 bytes free
Post-Run: 5.142.626.304 bytes free
.
- - End Of File - - C56A7D87869FEC43523EC741076AD63D

Google works now on all 3 browsers.

Dan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 23 October 2012 - 05:47 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
µTorrent
BitComet 1.14
eMusic - 100 Free MP3 offer
J2SE Runtime Environment 5.0 Update 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cid19

cid19
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 24 October 2012 - 12:44 PM

Hello,

Unistalled:
BitComet 1.14
eMusic - 100 Free MP3 offer
J2SE Runtime Environment 5.0 Update 6

Ask toolbar is not found by revo,
and utorent i would like to keep it still,
about this i would like to know what would be the safest settings mentioned in the post (i use it only during downloads, i delete the files usually):
" Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. "

Problems:

"When it gives you the option to install Yahoo toolbar uncheck the box next to it."
I missed this option ,tried to uninstall-reinstall option no longer available.


MBAM

No malicious software found ---- so noting to remove ,not evan "C:\System Volume Information folder "

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
doctor :: PRIVAT-91W0E6G9 [administrator]

23.10.2012 20:27:24
mbam-log-2012-10-23 (20-27-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210691
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:38:48, on 23.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Documents and Settings\All Users\Application Data\Mobile Partner\OnlineUpdate\ouc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\doctor\Desktop\antimalaware 10 2012\kiyy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340865440265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340865420937
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC6C1DD5-E8E4-42A4-A74E-7A0C10C1BA32}: NameServer = 213.154.124.1 193.231.252.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: shuwedcqvuvsr - Unknown owner - C:\DOCUME~1\doctor\LOCALS~1\Temp\DAT36.tmp.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11074 bytes


The Pc looks fine. If i try to get a hyperlink from an word file,(i noticed this now) to download the different programs,
it opens internet explorer and does nothing.

Dan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users