Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect not detected by TDSS, MWB, SAS, etc


  • Please log in to reply
13 replies to this topic

#1 Mosca

Mosca

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 05 November 2012 - 12:11 PM

Hello, and thank you in advance for help.

XP Pro 5.1.2600 SP3.

On October 31st, my regular nightly scan of AVG gave the following:

"";"C:\WINDOWS\system32\rundll32.exe (1504)";"Trojan horse BHO.WQW";"Moved to Virus Vault"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Reboot is required to finish the action"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Reboot is required to finish the action"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Reboot is required to finish the action"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Reboot is required to finish the action"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Reboot is required to finish the action"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Moved to Virus Vault"
"";"C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Trojan horse BHO.WQW";"Moved to Virus Vault"


I completed the actions next morning, rebooting, and in the "details" section of the history is:

"";"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SupportSoft";"Found registry key with reference to infected file C:\Documents and Settings\John Baloga\Local Settings\Application Data\V CAST Media Manager\SupportSoft\lnygu.dll";"Object is inaccessible."

EDIT: I got redirects, so I used System Restore to go to an earlier point, and still got redirects. End EDIT.


And now I get occasional redirects. Google gives normal results, but clicking on the results takes me to intermediate sites, and clicking the back button just gives different intermediate sites. I ran Malwarebytes, Superantispyware, and TDSSKiller, all in both normal mode and in safe mode, and all say the system is clean.


A GMER scan, however, comes up with:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-05 11:35:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD080HJ/P rev.ZH100-34
Running: qzqmuhic.exe; Driver: C:\DOCUME~1\JOHNBA~1\LOCALS~1\Temp\kxlyapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDB1F371E115D11D96C000CF4F23CB3\Usage@IAP 1097072639

---- EOF - GMER 1.0.15 ----



And this is the same HKU that AVG could not access, S-1-5-18.



If I were an idiot, I would delete that registry entry and see what happens. But I know that I should ask someone who knows what she or he is doing, so, here I am. Other than the scans, I haven't done anything to try to heal this.


Thanks,

Tom

Edited by Mosca, 05 November 2012 - 01:50 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 05 November 2012 - 02:18 PM

Hello, please run these next..

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Run TDSS like this if you have not....

Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

Edited by boopme, 05 November 2012 - 02:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 05 November 2012 - 03:17 PM

Thank you, boopme.

MiniToolBox by Farbar Version: 23-07-2012
Ran by John Baloga (administrator) on 05-11-2012 at 14:53:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=206.93.80.103 mask=255.255.255.224
set address name="Local Area Connection" gateway=206.93.80.125 gwmetric=0
set dns name="Local Area Connection" source=static addr=204.186.0.201 register=PRIMARY
add dns name="Local Area Connection" addr=204.186.0.203 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D82V2V91

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-76-00-58-5F

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 206.93.80.103

Subnet Mask . . . . . . . . . . . : 255.255.255.224

Default Gateway . . . . . . . . . : 206.93.80.125

DNS Servers . . . . . . . . . . . : 204.186.0.201

204.186.0.203

Server: dns1.ptd.net
Address: 204.186.0.201

Name: google.com
Addresses: 74.125.228.0, 74.125.228.1, 74.125.228.2, 74.125.228.3
74.125.228.4, 74.125.228.5, 74.125.228.6, 74.125.228.7, 74.125.228.8
74.125.228.9, 74.125.228.14



Pinging google.com [74.125.228.14] with 32 bytes of data:



Reply from 74.125.228.14: bytes=32 time=25ms TTL=58

Reply from 74.125.228.14: bytes=32 time=24ms TTL=58



Ping statistics for 74.125.228.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server: dns1.ptd.net
Address: 204.186.0.201

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=94ms TTL=55

Reply from 72.30.38.140: bytes=32 time=100ms TTL=55



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 100ms, Average = 97ms

Server: dns1.ptd.net
Address: 204.186.0.201

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 00 58 5f ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 206.93.80.125 206.93.80.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 206.93.80.103 206.93.80.103 20
206.93.80.96 255.255.255.224 206.93.80.103 206.93.80.103 20
206.93.80.103 255.255.255.255 127.0.0.1 127.0.0.1 20
206.93.80.255 255.255.255.255 206.93.80.103 206.93.80.103 20
224.0.0.0 240.0.0.0 206.93.80.103 206.93.80.103 20
255.255.255.255 255.255.255.255 206.93.80.103 206.93.80.103 1
Default Gateway: 206.93.80.125
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/05/2012 11:39:44 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 bd, P8 10e, P9 clr20r30, P10 clr20r31.

Error: (11/03/2012 04:02:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2012 01:52:59 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 bd, P8 10e, P9 clr20r30, P10 clr20r31.

Error: (11/03/2012 01:46:19 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 bd, P8 10e, P9 clr20r30, P10 clr20r31.

Error: (11/02/2012 07:01:22 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 bd, P8 10e, P9 clr20r30, P10 clr20r31.

Error: (10/31/2012 03:15:29 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 hplaserjetservice.exe, P2 1.1.0.0, P3 4a425ade, P4 hplaserjetservice, P5 1.1.0.0, P6 4a425ade, P7 bd, P8 10e, P9 clr20r30, P10 clr20r31.

Error: (10/31/2012 03:12:19 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/31/2012 03:12:19 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (10/31/2012 03:08:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/31/2012 03:08:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


System errors:
=============
Error: (11/05/2012 01:15:50 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverNATIONWI-9306E8NetBT_Tcpip_{17FCD56B-19F

Error: (11/05/2012 11:41:05 AM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/05/2012 11:39:34 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
79834012
setup_9.0.0.722_24.05.2011_22-14drv

Error: (11/05/2012 11:39:30 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
%%2

Error: (11/05/2012 11:39:30 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/05/2012 11:37:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/05/2012 11:37:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error: (11/05/2012 11:37:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error: (11/05/2012 11:37:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Error: (11/05/2012 11:37:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}


Microsoft Office Sessions:
=========================
Error: (11/05/2012 11:39:44 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3hplaserjetservice.exe1.1.0.04a425adehplaserjetservice1.1.0.04a425adebd10esystem.nullreferenceexceptionNIL

Error: (11/03/2012 04:02:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/03/2012 01:52:59 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3hplaserjetservice.exe1.1.0.04a425adehplaserjetservice1.1.0.04a425adebd10esystem.nullreferenceexceptionNIL

Error: (11/03/2012 01:46:19 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3hplaserjetservice.exe1.1.0.04a425adehplaserjetservice1.1.0.04a425adebd10esystem.nullreferenceexceptionNIL

Error: (11/02/2012 07:01:22 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3hplaserjetservice.exe1.1.0.04a425adehplaserjetservice1.1.0.04a425adebd10esystem.nullreferenceexceptionNIL

Error: (10/31/2012 03:15:29 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3hplaserjetservice.exe1.1.0.04a425adehplaserjetservice1.1.0.04a425adebd10esystem.nullreferenceexceptionNIL

Error: (10/31/2012 03:12:19 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (10/31/2012 03:12:19 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (10/31/2012 03:08:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (10/31/2012 03:08:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved


=========================== Installed Programs ============================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
Adobe Acrobat - Reader 6.0.2 Update (Version: 6.0.2)
Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 6.0.1 (Version: 006.000.001)
Adobe Reader 7.0.8 (Version: 7.0.8)
Adobe Reader 7.0.9 (Version: 7.0.9)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.7 (Version: 8.1.7)
Adobe Reader 8.2.1 (Version: 8.2.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
ADP Service Connect Web Chat (Version: 1.1.0)
ADP Software Install Agent (Version: 183)
ADPSecProfile (Version: 4.50.0003)
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ApproveIt Web Server - Client Software (Version: 2.3.5.0)
Atalasoft Components (Version: 1.0.5)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2171)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2193)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Bonjour (Version: 3.0.0.10)
Brother MFC-8480DN (Version: 1.00)
Canon PowerShot S100 Camera User Guide (Version: 1.0.0.1)
CCleaner (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Eye-One Diagnostics
Eye-One Match 3.6.1 (Version: 3.6.1)
Eye-One Share
FC_PR_Acct_Update_45 (Version: 4.5.038)
FC_PR_Service_Update_452 (Version: 1.0.0)
FC_PR_Service_Update_452 (Version: 4.5.037)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting/GoToWebinar 3.0.0.189
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0)
hppusgP1100P1560P1600Series (Version: 1.0.0.1)
HPSSupply (Version: 2.1.1.0000)
i1ColorPoint 1.0 (Version: 1.0.1)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
iTunes (Version: 10.7.0.21)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OMCI (Version: 7.01.0382)
Photodex Presenter
PR Accounting Update 45 (Version: 1.4.3001)
PR CarInk Update 45 (Version: 1.6.3)
PR Parts Update 45 (Version: 1.4.3001)
PR Parts Update 45 (Version: 4.5.038)
PR Sales Update 45 (Version: 1.5.2001)
PR Sales Update 45 (Version: 4.5.039)
PR Service Update 45 (Version: 1.5.7001)
PR Service Update 45 (Version: 4.5.033)
PR Truck Update 45 (Version: 4.5.023)
QuickTime (Version: 7.72.80.56)
Rhapsody
Rhapsody Player Engine (Version: 1.0.2.636)
Rhapsody Player Engine (Version: 1.0.604)
SUPERAntiSpyware (Version: 5.6.1012)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
w.e.b.Suite 4.5 Managed Assemblies (Version: 4.5.0.1)
w.e.b.Suite Launch Application (Version: 8.2.3712.17045)
w.e.b.Suite Terminal Emulator 3.6.676.0 (Version: 3.6.676.0)
w.e.b.Suite Terminal Emulator 4.1.3.967 (Version: 4.1.3.967)
w.e.b.Suite Terminal Emulator VBA 4.1.3.952 (Version: 4.1.3.952)
w.e.b.Suite Terminal Emulator VBA Support (Version: 4.1.2.902)
w.e.b.Suite View Client 1.43 (Version: 1.43)
w.e.b.Suite View Client 4.5.193.0 (Version: 4.5.193.0)
w.e.b.Suite View Client 4.5.222.0 (Version: 4.5.222.0)
w.e.b.Suite2007 Preview (Version: 1.01.0000)
WebFldrs XP (Version: 9.50.7523)
webSuite PC CONFIG CONTROL (Version: 1.2.0.13)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WModem Driver Installer (Version: 2.0.6.9)
Yahoo! Install Manager

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2038.08 MB
Available physical RAM: 1465.01 MB
Total Pagefile: 2640.93 MB
Available Pagefile: 2150.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.95 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:41.07 GB) NTFS

========================= Users: ========================================

User accounts for \\D82V2V91

Administrator Guest HelpAssistant
John Baloga SUPPORT_388945a0


**** End of log ****



Junkware Removal Tool (JRT) by Thisisu
Version: 2.7.1 (11.05.2012)
OS: Microsoft Windows XP x86
Ran by John Baloga on Mon 11/05/2012 at 15:03:39.57
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Mon 11/05/2012 at 15:09:43.53
End of Report




15:15:46.0062 3108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:15:46.0703 3108 ============================================================
15:15:46.0703 3108 Current date / time: 2012/11/05 15:15:46.0703
15:15:46.0703 3108 SystemInfo:
15:15:46.0703 3108
15:15:46.0703 3108 OS Version: 5.1.2600 ServicePack: 3.0
15:15:46.0703 3108 Product type: Workstation
15:15:46.0703 3108 ComputerName: D82V2V91
15:15:46.0703 3108 UserName: John Baloga
15:15:46.0703 3108 Windows directory: C:\WINDOWS
15:15:46.0703 3108 System windows directory: C:\WINDOWS
15:15:46.0703 3108 Processor architecture: Intel x86
15:15:46.0703 3108 Number of processors: 1
15:15:46.0703 3108 Page size: 0x1000
15:15:46.0703 3108 Boot type: Normal boot
15:15:46.0703 3108 ============================================================
15:15:48.0859 3108 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:15:48.0859 3108 ============================================================
15:15:48.0859 3108 \Device\Harddisk0\DR0:
15:15:48.0859 3108 MBR partitions:
15:15:48.0859 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EAFF8
15:15:48.0859 3108 ============================================================
15:15:48.0890 3108 C: <-> \Device\Harddisk0\DR0\Partition1
15:15:48.0890 3108 ============================================================
15:15:48.0890 3108 Initialize success
15:15:48.0890 3108 ============================================================
15:16:05.0140 0428 ============================================================
15:16:05.0140 0428 Scan started
15:16:05.0140 0428 Mode: Manual; TDLFS;
15:16:05.0140 0428 ============================================================
15:16:06.0265 0428 ================ Scan system memory ========================
15:16:06.0281 0428 System memory - ok
15:16:06.0281 0428 ================ Scan services =============================
15:16:06.0375 0428 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:16:06.0375 0428 !SASCORE - ok
15:16:06.0890 0428 79834012 - ok
15:16:06.0890 0428 Abiosdsk - ok
15:16:06.0921 0428 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:16:06.0921 0428 abp480n5 - ok
15:16:06.0984 0428 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:16:06.0984 0428 ACPI - ok
15:16:07.0000 0428 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:16:07.0000 0428 ACPIEC - ok
15:16:07.0125 0428 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:16:07.0125 0428 AdobeFlashPlayerUpdateSvc - ok
15:16:07.0156 0428 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:16:07.0156 0428 adpu160m - ok
15:16:07.0187 0428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:16:07.0187 0428 aec - ok
15:16:07.0234 0428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:16:07.0234 0428 AFD - ok
15:16:07.0296 0428 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:16:07.0296 0428 agp440 - ok
15:16:07.0312 0428 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:16:07.0312 0428 agpCPQ - ok
15:16:07.0328 0428 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:16:07.0328 0428 Aha154x - ok
15:16:07.0359 0428 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:16:07.0359 0428 aic78u2 - ok
15:16:07.0375 0428 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:16:07.0375 0428 aic78xx - ok
15:16:07.0421 0428 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:16:07.0421 0428 Alerter - ok
15:16:07.0453 0428 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:16:07.0453 0428 ALG - ok
15:16:07.0453 0428 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:16:07.0453 0428 AliIde - ok
15:16:07.0484 0428 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:16:07.0500 0428 alim1541 - ok
15:16:07.0500 0428 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:16:07.0500 0428 amdagp - ok
15:16:07.0515 0428 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:16:07.0515 0428 amsint - ok
15:16:07.0640 0428 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:16:07.0640 0428 Apple Mobile Device - ok
15:16:07.0703 0428 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:16:07.0703 0428 AppMgmt - ok
15:16:07.0734 0428 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:16:07.0734 0428 asc - ok
15:16:07.0750 0428 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:16:07.0750 0428 asc3350p - ok
15:16:07.0765 0428 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:16:07.0765 0428 asc3550 - ok
15:16:07.0906 0428 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:16:07.0921 0428 aspnet_state - ok
15:16:07.0968 0428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:16:07.0968 0428 AsyncMac - ok
15:16:07.0984 0428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:16:07.0984 0428 atapi - ok
15:16:08.0000 0428 Atdisk - ok
15:16:08.0031 0428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:16:08.0031 0428 Atmarpc - ok
15:16:08.0078 0428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:16:08.0093 0428 AudioSrv - ok
15:16:08.0093 0428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:16:08.0093 0428 audstub - ok
15:16:08.0375 0428 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:16:08.0453 0428 AVGIDSAgent - ok
15:16:08.0500 0428 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:16:08.0515 0428 AVGIDSDriver - ok
15:16:08.0531 0428 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:16:08.0531 0428 AVGIDSFilter - ok
15:16:08.0546 0428 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:16:08.0546 0428 AVGIDSHX - ok
15:16:08.0593 0428 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:16:08.0593 0428 AVGIDSShim - ok
15:16:08.0640 0428 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:16:08.0640 0428 Avgldx86 - ok
15:16:08.0656 0428 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:16:08.0656 0428 Avgmfx86 - ok
15:16:08.0671 0428 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:16:08.0671 0428 Avgrkx86 - ok
15:16:08.0703 0428 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:16:08.0703 0428 Avgtdix - ok
15:16:08.0750 0428 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:16:08.0765 0428 avgwd - ok
15:16:08.0796 0428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:16:08.0796 0428 Beep - ok
15:16:08.0843 0428 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:16:08.0875 0428 BITS - ok
15:16:08.0968 0428 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:16:08.0984 0428 Bonjour Service - ok
15:16:09.0031 0428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:16:09.0046 0428 Browser - ok
15:16:09.0078 0428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:16:09.0078 0428 cbidf - ok
15:16:09.0078 0428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:16:09.0078 0428 cbidf2k - ok
15:16:09.0093 0428 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:16:09.0093 0428 cd20xrnt - ok
15:16:09.0125 0428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:16:09.0125 0428 Cdaudio - ok
15:16:09.0187 0428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:16:09.0187 0428 Cdfs - ok
15:16:09.0203 0428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:16:09.0203 0428 Cdrom - ok
15:16:09.0218 0428 Changer - ok
15:16:09.0265 0428 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:16:09.0265 0428 CiSvc - ok
15:16:09.0281 0428 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:16:09.0281 0428 ClipSrv - ok
15:16:09.0328 0428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:09.0453 0428 clr_optimization_v2.0.50727_32 - ok
15:16:09.0484 0428 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:16:09.0484 0428 CmdIde - ok
15:16:09.0500 0428 COMSysApp - ok
15:16:09.0515 0428 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:16:09.0515 0428 Cpqarray - ok
15:16:09.0546 0428 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:16:09.0546 0428 CryptSvc - ok
15:16:09.0578 0428 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:16:09.0578 0428 dac2w2k - ok
15:16:09.0578 0428 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:16:09.0593 0428 dac960nt - ok
15:16:09.0656 0428 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:16:09.0656 0428 DcomLaunch - ok
15:16:09.0718 0428 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:16:09.0718 0428 Dhcp - ok
15:16:09.0734 0428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:16:09.0734 0428 Disk - ok
15:16:09.0734 0428 dmadmin - ok
15:16:09.0781 0428 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:16:09.0796 0428 dmboot - ok
15:16:09.0812 0428 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:16:09.0812 0428 dmio - ok
15:16:09.0859 0428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:16:09.0859 0428 dmload - ok
15:16:09.0875 0428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:16:09.0875 0428 dmserver - ok
15:16:09.0890 0428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:16:09.0890 0428 DMusic - ok
15:16:09.0953 0428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:16:09.0953 0428 Dnscache - ok
15:16:10.0015 0428 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:16:10.0015 0428 Dot3svc - ok
15:16:10.0015 0428 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:16:10.0031 0428 dpti2o - ok
15:16:10.0062 0428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:16:10.0062 0428 drmkaud - ok
15:16:10.0078 0428 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:16:10.0078 0428 E100B - ok
15:16:10.0109 0428 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:16:10.0109 0428 EapHost - ok
15:16:10.0156 0428 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:16:10.0156 0428 ERSvc - ok
15:16:10.0218 0428 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:16:10.0234 0428 Eventlog - ok
15:16:10.0296 0428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:16:10.0296 0428 EventSystem - ok
15:16:10.0343 0428 [ 8313A6AF9DE34A9D24DF2329A548B004 ] eyeonedp C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
15:16:10.0343 0428 eyeonedp - ok
15:16:10.0375 0428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:16:10.0375 0428 Fastfat - ok
15:16:10.0421 0428 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:16:10.0421 0428 FastUserSwitchingCompatibility - ok
15:16:10.0453 0428 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:16:10.0468 0428 Fax - ok
15:16:10.0484 0428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:16:10.0484 0428 Fdc - ok
15:16:10.0500 0428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:16:10.0500 0428 Fips - ok
15:16:10.0515 0428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:16:10.0515 0428 Flpydisk - ok
15:16:10.0546 0428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:16:10.0546 0428 FltMgr - ok
15:16:10.0656 0428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:10.0656 0428 FontCache3.0.0.0 - ok
15:16:10.0703 0428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:16:10.0703 0428 Fs_Rec - ok
15:16:10.0765 0428 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:16:10.0765 0428 Ftdisk - ok
15:16:10.0812 0428 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:16:10.0812 0428 GEARAspiWDM - ok
15:16:10.0875 0428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:16:10.0875 0428 Gpc - ok
15:16:10.0968 0428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:10.0984 0428 gupdate - ok
15:16:10.0984 0428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:10.0984 0428 gupdatem - ok
15:16:11.0062 0428 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:16:11.0062 0428 gusvc - ok
15:16:11.0078 0428 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:16:11.0078 0428 HDAudBus - ok
15:16:11.0187 0428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:11.0187 0428 helpsvc - ok
15:16:11.0234 0428 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:16:11.0234 0428 HidServ - ok
15:16:11.0296 0428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:11.0296 0428 HidUsb - ok
15:16:11.0343 0428 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:16:11.0343 0428 hkmsvc - ok
15:16:11.0484 0428 [ 53DCA61931847E35C950504BFB7559C6 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
15:16:11.0484 0428 HP LaserJet Service - ok
15:16:11.0515 0428 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:16:11.0515 0428 hpn - ok
15:16:11.0546 0428 [ 17D1C55EFA65217D3AB313011ADD9D42 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
15:16:11.0546 0428 HPSIService - ok
15:16:11.0609 0428 [ F878FA356F8864F8581B327F95731CCD ] htcusbnet C:\WINDOWS\system32\DRIVERS\htcusbnet.sys
15:16:11.0609 0428 htcusbnet - ok
15:16:11.0656 0428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:11.0671 0428 HTTP - ok
15:16:11.0718 0428 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:16:11.0718 0428 HTTPFilter - ok
15:16:11.0750 0428 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:16:11.0750 0428 i2omgmt - ok
15:16:11.0781 0428 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:16:11.0781 0428 i2omp - ok
15:16:11.0812 0428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:11.0812 0428 i8042prt - ok
15:16:11.0859 0428 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:16:11.0875 0428 ialm - ok
15:16:11.0937 0428 [ BE9A7EE5BFCFE8E3F11C98B892D8FEF5 ] Iap C:\Program Files\Dell\OpenManage\Client\Iap.exe
15:16:11.0937 0428 Iap - ok
15:16:12.0062 0428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:12.0078 0428 idsvc - ok
15:16:12.0109 0428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:12.0109 0428 Imapi - ok
15:16:12.0156 0428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:16:12.0171 0428 ImapiService - ok
15:16:12.0187 0428 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:16:12.0187 0428 ini910u - ok
15:16:12.0234 0428 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:16:12.0234 0428 IntelIde - ok
15:16:12.0281 0428 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:16:12.0281 0428 intelppm - ok
15:16:12.0328 0428 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:16:12.0328 0428 Ip6Fw - ok
15:16:12.0343 0428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:12.0343 0428 IpFilterDriver - ok
15:16:12.0375 0428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:12.0375 0428 IpInIp - ok
15:16:12.0453 0428 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:16:12.0468 0428 iPod Service - ok
15:16:12.0500 0428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:12.0500 0428 IPSec - ok
15:16:12.0531 0428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:12.0531 0428 IRENUM - ok
15:16:12.0578 0428 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:12.0578 0428 isapnp - ok
15:16:12.0734 0428 [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:16:12.0734 0428 JavaQuickStarterService - ok
15:16:12.0750 0428 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:12.0750 0428 Kbdclass - ok
15:16:12.0765 0428 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:16:12.0765 0428 kbdhid - ok
15:16:12.0796 0428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:16:12.0796 0428 kmixer - ok
15:16:12.0828 0428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:12.0828 0428 KSecDD - ok
15:16:12.0890 0428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:16:12.0890 0428 lanmanserver - ok
15:16:12.0921 0428 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:16:12.0953 0428 lanmanworkstation - ok
15:16:12.0953 0428 lbrtfdc - ok
15:16:12.0984 0428 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:16:12.0984 0428 LHidFilt - ok
15:16:13.0031 0428 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:16:13.0031 0428 LmHosts - ok
15:16:13.0046 0428 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:16:13.0046 0428 LMouFilt - ok
15:16:13.0062 0428 MCSTRM - ok
15:16:13.0125 0428 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:16:13.0125 0428 MDM - ok
15:16:13.0156 0428 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:16:13.0156 0428 Messenger - ok
15:16:13.0171 0428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:13.0187 0428 mnmdd - ok
15:16:13.0234 0428 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:16:13.0250 0428 mnmsrvc - ok
15:16:13.0296 0428 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:16:13.0296 0428 Modem - ok
15:16:13.0328 0428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:13.0328 0428 Mouclass - ok
15:16:13.0343 0428 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:13.0343 0428 mouhid - ok
15:16:13.0343 0428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:13.0359 0428 MountMgr - ok
15:16:13.0468 0428 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:16:13.0468 0428 MozillaMaintenance - ok
15:16:13.0531 0428 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:16:13.0531 0428 MpFilter - ok
15:16:13.0796 0428 [ A69630D039C38018689190234F866D77 ] MpKsl768374c8 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F403A326-6D2A-4622-BBB2-6293422DCD70}\MpKsl768374c8.sys
15:16:13.0796 0428 MpKsl768374c8 - ok
15:16:13.0828 0428 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:16:13.0828 0428 mraid35x - ok
15:16:13.0875 0428 MREMP50 - ok
15:16:13.0875 0428 MREMPR5 - ok
15:16:13.0890 0428 MRENDIS5 - ok
15:16:13.0890 0428 MRESP50 - ok
15:16:13.0937 0428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:13.0937 0428 MRxDAV - ok
15:16:14.0015 0428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:14.0031 0428 MRxSmb - ok
15:16:14.0093 0428 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:16:14.0093 0428 MSDTC - ok
15:16:14.0109 0428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:16:14.0109 0428 Msfs - ok
15:16:14.0109 0428 MSIServer - ok
15:16:14.0140 0428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:16:14.0140 0428 MSKSSRV - ok
15:16:14.0234 0428 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:16:14.0234 0428 MsMpSvc - ok
15:16:14.0265 0428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:14.0265 0428 MSPCLOCK - ok
15:16:14.0296 0428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:14.0296 0428 MSPQM - ok
15:16:14.0328 0428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:14.0328 0428 mssmbios - ok
15:16:14.0375 0428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:16:14.0375 0428 Mup - ok
15:16:14.0437 0428 [ 6459E08514811CDEF51B3F635A7A2E78 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
15:16:14.0437 0428 mvusbews - ok
15:16:14.0500 0428 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:16:14.0500 0428 napagent - ok
15:16:14.0515 0428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:16:14.0531 0428 NDIS - ok
15:16:14.0578 0428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:14.0578 0428 NdisTapi - ok
15:16:14.0593 0428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:14.0593 0428 Ndisuio - ok
15:16:14.0609 0428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:14.0609 0428 NdisWan - ok
15:16:14.0656 0428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:14.0656 0428 NDProxy - ok
15:16:14.0703 0428 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:16:14.0703 0428 Net Driver HPZ12 - ok
15:16:14.0750 0428 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
15:16:14.0750 0428 Netaapl - ok
15:16:14.0765 0428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:14.0765 0428 NetBIOS - ok
15:16:14.0796 0428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:14.0796 0428 NetBT - ok
15:16:14.0859 0428 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:16:14.0859 0428 NetDDE - ok
15:16:14.0875 0428 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:16:14.0875 0428 NetDDEdsdm - ok
15:16:14.0937 0428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:16:14.0937 0428 Netlogon - ok
15:16:14.0984 0428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:16:14.0984 0428 Netman - ok
15:16:15.0109 0428 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
15:16:15.0109 0428 NetSvc - ok
15:16:15.0234 0428 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:16:15.0234 0428 NetTcpPortSharing - ok
15:16:15.0296 0428 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:16:15.0296 0428 Nla - ok
15:16:15.0343 0428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:16:15.0359 0428 Npfs - ok
15:16:15.0421 0428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:15.0437 0428 Ntfs - ok
15:16:15.0437 0428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:16:15.0437 0428 NtLmSsp - ok
15:16:15.0484 0428 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:16:15.0500 0428 NtmsSvc - ok
15:16:15.0515 0428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:16:15.0515 0428 Null - ok
15:16:15.0609 0428 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:16:15.0640 0428 nv - ok
15:16:15.0671 0428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:15.0671 0428 NwlnkFlt - ok
15:16:15.0703 0428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:15.0703 0428 NwlnkFwd - ok
15:16:15.0750 0428 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
15:16:15.0750 0428 omci - ok
15:16:15.0812 0428 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:15.0812 0428 ose - ok
15:16:15.0843 0428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:15.0843 0428 Parport - ok
15:16:15.0906 0428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:15.0906 0428 PartMgr - ok
15:16:15.0984 0428 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:15.0984 0428 ParVdm - ok
15:16:15.0984 0428 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:16.0000 0428 PCI - ok
15:16:16.0000 0428 PCIDump - ok
15:16:16.0015 0428 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:16:16.0031 0428 PCIIde - ok
15:16:16.0062 0428 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:16.0062 0428 Pcmcia - ok
15:16:16.0078 0428 PDCOMP - ok
15:16:16.0093 0428 PDFRAME - ok
15:16:16.0125 0428 [ 274FB48DC92E0EC012D4D8D866CFAF8A ] PDIHWCTL C:\WINDOWS\system32\drivers\pdihwctl.sys
15:16:16.0125 0428 PDIHWCTL - ok
15:16:16.0140 0428 PDRELI - ok
15:16:16.0140 0428 PDRFRAME - ok
15:16:16.0156 0428 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:16:16.0156 0428 perc2 - ok
15:16:16.0171 0428 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:16:16.0171 0428 perc2hib - ok
15:16:16.0203 0428 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:16:16.0203 0428 PlugPlay - ok
15:16:16.0234 0428 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:16:16.0234 0428 Pml Driver HPZ12 - ok
15:16:16.0234 0428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:16:16.0250 0428 PolicyAgent - ok
15:16:16.0250 0428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:16.0250 0428 PptpMiniport - ok
15:16:16.0265 0428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:16:16.0265 0428 ProtectedStorage - ok
15:16:16.0281 0428 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:16.0281 0428 PSched - ok
15:16:16.0296 0428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:16.0296 0428 Ptilink - ok
15:16:16.0312 0428 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:16:16.0312 0428 ql1080 - ok
15:16:16.0343 0428 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:16:16.0343 0428 Ql10wnt - ok
15:16:16.0343 0428 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:16:16.0343 0428 ql12160 - ok
15:16:16.0359 0428 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:16:16.0359 0428 ql1240 - ok
15:16:16.0375 0428 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:16:16.0375 0428 ql1280 - ok
15:16:16.0390 0428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:16.0390 0428 RasAcd - ok
15:16:16.0453 0428 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:16:16.0453 0428 RasAuto - ok
15:16:16.0484 0428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:16.0484 0428 Rasl2tp - ok
15:16:16.0531 0428 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:16:16.0546 0428 RasMan - ok
15:16:16.0562 0428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:16.0562 0428 RasPppoe - ok
15:16:16.0578 0428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:16.0578 0428 Raspti - ok
15:16:16.0593 0428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:16.0609 0428 Rdbss - ok
15:16:16.0625 0428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:16.0625 0428 RDPCDD - ok
15:16:16.0640 0428 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:16.0640 0428 rdpdr - ok
15:16:16.0703 0428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:16.0703 0428 RDPWD - ok
15:16:16.0734 0428 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:16:16.0750 0428 RDSessMgr - ok
15:16:16.0765 0428 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:16:16.0765 0428 redbook - ok
15:16:16.0812 0428 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:16:16.0812 0428 RemoteAccess - ok
15:16:16.0890 0428 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:16:16.0890 0428 RemoteRegistry - ok
15:16:16.0906 0428 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:16:16.0906 0428 RpcLocator - ok
15:16:16.0937 0428 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:16:16.0953 0428 RpcSs - ok
15:16:17.0031 0428 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:16:17.0031 0428 RSVP - ok
15:16:17.0046 0428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:16:17.0046 0428 SamSs - ok
15:16:17.0109 0428 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:16:17.0109 0428 SASDIFSV - ok
15:16:17.0125 0428 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:16:17.0125 0428 SASKUTIL - ok
15:16:17.0156 0428 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:16:17.0156 0428 SCardSvr - ok
15:16:17.0171 0428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:16:17.0171 0428 Schedule - ok
15:16:17.0234 0428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:17.0234 0428 Secdrv - ok
15:16:17.0265 0428 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:16:17.0265 0428 seclogon - ok
15:16:17.0281 0428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:16:17.0296 0428 SENS - ok
15:16:17.0343 0428 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:17.0343 0428 serenum - ok
15:16:17.0359 0428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:17.0359 0428 Serial - ok
15:16:17.0390 0428 setup_9.0.0.722_24.05.2011_22-14drv - ok
15:16:17.0406 0428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:16:17.0406 0428 Sfloppy - ok
15:16:17.0453 0428 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:16:17.0468 0428 SharedAccess - ok
15:16:17.0484 0428 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:16:17.0500 0428 ShellHWDetection - ok
15:16:17.0500 0428 Simbad - ok
15:16:17.0546 0428 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:16:17.0546 0428 sisagp - ok
15:16:17.0593 0428 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:16:17.0609 0428 Sparrow - ok
15:16:17.0656 0428 [ 5230E971018CE7FF87422F7EA81CA6C0 ] Spfd C:\WINDOWS\system32\DRIVERS\Spfd.sys
15:16:17.0656 0428 Spfd - ok
15:16:17.0703 0428 [ 7D217F3AA2B5D94C2E8F7AE5C5E8B73F ] SpfdBus C:\WINDOWS\system32\DRIVERS\SpfdBus.sys
15:16:17.0703 0428 SpfdBus - ok
15:16:17.0718 0428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:16:17.0718 0428 splitter - ok
15:16:17.0765 0428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:16:17.0765 0428 Spooler - ok
15:16:17.0843 0428 sprtsvc_smartagent - ok
15:16:17.0875 0428 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:17.0875 0428 sr - ok
15:16:17.0953 0428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:16:17.0953 0428 srservice - ok
15:16:18.0031 0428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:18.0046 0428 Srv - ok
15:16:18.0093 0428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:16:18.0093 0428 SSDPSRV - ok
15:16:18.0171 0428 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:16:18.0203 0428 STHDA - ok
15:16:18.0250 0428 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:16:18.0265 0428 stisvc - ok
15:16:18.0328 0428 [ 2E9FA053700556F1EE7E6FBA658D081D ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
15:16:18.0343 0428 SupportSoft RemoteAssist - ok
15:16:18.0390 0428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:16:18.0390 0428 swenum - ok
15:16:18.0453 0428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:16:18.0453 0428 swmidi - ok
15:16:18.0468 0428 SwPrv - ok
15:16:18.0500 0428 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:16:18.0500 0428 symc810 - ok
15:16:18.0515 0428 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:16:18.0515 0428 symc8xx - ok
15:16:18.0531 0428 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:16:18.0531 0428 sym_hi - ok
15:16:18.0531 0428 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:16:18.0531 0428 sym_u3 - ok
15:16:18.0562 0428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:16:18.0562 0428 sysaudio - ok
15:16:18.0625 0428 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:16:18.0625 0428 SysmonLog - ok
15:16:18.0656 0428 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:16:18.0656 0428 TapiSrv - ok
15:16:18.0718 0428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:16:18.0718 0428 Tcpip - ok
15:16:18.0750 0428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:16:18.0750 0428 TDPIPE - ok
15:16:18.0781 0428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:16:18.0781 0428 TDTCP - ok
15:16:18.0812 0428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:16:18.0828 0428 TermDD - ok
15:16:18.0859 0428 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:16:18.0859 0428 TermService - ok
15:16:18.0875 0428 tgsrvc_smartagent - ok
15:16:18.0906 0428 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:16:18.0906 0428 Themes - ok
15:16:18.0984 0428 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:16:18.0984 0428 TlntSvr - ok
15:16:19.0015 0428 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:16:19.0015 0428 TosIde - ok
15:16:19.0046 0428 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:16:19.0062 0428 TrkWks - ok
15:16:19.0078 0428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:16:19.0078 0428 Udfs - ok
15:16:19.0125 0428 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:16:19.0125 0428 ultra - ok
15:16:19.0187 0428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:16:19.0187 0428 Update - ok
15:16:19.0218 0428 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:16:19.0234 0428 upnphost - ok
15:16:19.0250 0428 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:16:19.0250 0428 UPS - ok
15:16:19.0296 0428 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:16:19.0296 0428 USBAAPL - ok
15:16:19.0343 0428 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:16:19.0343 0428 usbccgp - ok
15:16:19.0359 0428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:16:19.0359 0428 usbehci - ok
15:16:19.0390 0428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:16:19.0390 0428 usbhub - ok
15:16:19.0437 0428 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:16:19.0437 0428 usbprint - ok
15:16:19.0468 0428 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:16:19.0468 0428 usbscan - ok
15:16:19.0484 0428 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:16:19.0484 0428 USBSTOR - ok
15:16:19.0500 0428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:16:19.0500 0428 usbuhci - ok
15:16:19.0515 0428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:16:19.0515 0428 VgaSave - ok
15:16:19.0562 0428 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:16:19.0562 0428 viaagp - ok
15:16:19.0578 0428 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:16:19.0578 0428 ViaIde - ok
15:16:19.0609 0428 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:16:19.0625 0428 VolSnap - ok
15:16:19.0687 0428 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:16:19.0687 0428 VSS - ok
15:16:19.0718 0428 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:16:19.0718 0428 w32time - ok
15:16:19.0750 0428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:16:19.0750 0428 Wanarp - ok
15:16:19.0796 0428 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:16:19.0812 0428 Wdf01000 - ok
15:16:19.0812 0428 WDICA - ok
15:16:19.0843 0428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:16:19.0843 0428 wdmaud - ok
15:16:19.0890 0428 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:16:19.0890 0428 WebClient - ok
15:16:20.0000 0428 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:16:20.0000 0428 winmgmt - ok
15:16:20.0062 0428 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:16:20.0078 0428 WmdmPmSN - ok
15:16:20.0125 0428 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:16:20.0140 0428 Wmi - ok
15:16:20.0171 0428 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:16:20.0187 0428 WmiApSrv - ok
15:16:20.0328 0428 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:16:20.0343 0428 WMPNetworkSvc - ok
15:16:20.0421 0428 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:16:20.0421 0428 wscsvc - ok
15:16:20.0437 0428 wtibcimmnworxrpv - ok
15:16:20.0453 0428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:16:20.0453 0428 wuauserv - ok
15:16:20.0515 0428 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:16:20.0515 0428 WudfPf - ok
15:16:20.0562 0428 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:16:20.0578 0428 WudfRd - ok
15:16:20.0593 0428 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:16:20.0593 0428 WudfSvc - ok
15:16:20.0671 0428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:16:20.0687 0428 WZCSVC - ok
15:16:20.0718 0428 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:16:20.0718 0428 xmlprov - ok
15:16:20.0734 0428 ================ Scan global ===============================
15:16:20.0781 0428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:16:20.0843 0428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:16:20.0859 0428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:16:20.0875 0428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:16:20.0875 0428 [Global] - ok
15:16:20.0890 0428 ================ Scan MBR ==================================
15:16:20.0906 0428 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:16:21.0234 0428 \Device\Harddisk0\DR0 - ok
15:16:21.0250 0428 ================ Scan VBR ==================================
15:16:21.0281 0428 [ 3744BDCDCAB6A289E6137A007E2E757C ] \Device\Harddisk0\DR0\Partition1
15:16:21.0281 0428 \Device\Harddisk0\DR0\Partition1 - ok
15:16:21.0281 0428 ============================================================
15:16:21.0281 0428 Scan finished
15:16:21.0281 0428 ============================================================
15:16:21.0296 3696 Detected object count: 0
15:16:21.0296 3696 Actual detected object count: 0
15:16:44.0500 3060 Deinitialize success

#4 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 05 November 2012 - 03:22 PM

During the running of JRT, after I'd run it but before I'd copied the log, I needed to open a Word document; the first log file never saved, it seems. I'm sorry, I didn't know that opening a document would cause that. I ran JRT again, the log I posted is the second one.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 05 November 2012 - 03:50 PM

That's OK... see if they stop after these.
Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.



Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 05 November 2012 - 04:10 PM

Thank you, it seems OK now.

Because this problem has been on/off (doesn't happen on every search), I'd like to leave the topic open until tomorrow, is that OK? I'm pretty sure it's fixed, but just to be certain?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 05 November 2012 - 07:46 PM

No problem,, Let me know as there are a few things to clean up yet that are vulnerabilities.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 06 November 2012 - 10:18 AM

OK, there are no more redirects, in either IE or Firefox. Are there some vulnerabilities that I can correct? Thank you.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 06 November 2012 - 02:53 PM

Ok... Open the Control Panel,Add/Remove Programs and remove all these.
Adobe Reader 6.0.1 (Version: 006.000.001)
Adobe Reader 7.0.8 (Version: 7.0.8)
Adobe Reader 7.0.9 (Version: 7.0.9)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.7 (Version: 8.1.7)
Adobe Reader 8.2.1 (Version: 8.2.1)

Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)

Reboot.


Now go here install

Note UN check any box that says install Free Toolbar
http://www.oracle.com/technetwork/java/javase/downloads/jre7u9-downloads-1859586.html
Windows x86 Offline 29.72 MB jre-7u9-windows-i586.exe

Then Here and install Adobe Reader XI
http://www.adobe.com/products/reader.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 06 November 2012 - 04:16 PM

Okay, those are done. I noticed that you only asked me to remove the java updates; I assume that I was to leave the original Java install there, and add the Java 7 update 9 to that. (I followed the instructions as you wrote them).

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 06 November 2012 - 09:34 PM

Yes the older updates are exploitable by malwares and that is why they need to go.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 07 November 2012 - 11:12 AM

Thank you, I have done as you've suggested. And I read the links you've provided, thank you again.

Son of a gun, this ticked me off. I take great pride in not getting this stuff. I scan daily, and update daily, and I rarely visit sites from this machine that I don't already have bookmarked. I'm pretty sure I got it from a (calm, uninteresting) forum I frequent that had inadequate protection in its coding and was randomly targeted: members were reporting the next day that they were getting warnings from their anti-infection programs ("Are you sure you want to continue?"), and I usually get those from AVG, but didn't. But who knows. I stopped visiting there. From here, anyhow.

Thank you,

Tom

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 PM

Posted 07 November 2012 - 03:32 PM

Yes Tom,it was my pleasure. It is getting harder everyday to stay clean. Keep windows and apps updated. Run the antimalware tools and the antivirus more often..

Edited by boopme, 07 November 2012 - 09:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Mosca

Mosca
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:29 PM

Posted 07 November 2012 - 07:51 PM

All the best, my friend, and thank you for the good work you do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users