Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack


  • Please log in to reply
9 replies to this topic

#1 zorro3012

zorro3012

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 19 November 2012 - 01:39 AM

Searches on google through internet explorer is redirecting to random phishing sites. I ran Malwarebytes which found an infection and removed it, however the problem persists.

Can anyone help please

Thanks

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 19 November 2012 - 06:01 AM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

#3 zorro3012

zorro3012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 19 November 2012 - 08:21 AM

TDSSKiller log

14:55:52.0312 1572 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:55:53.0078 1572 ============================================================
14:55:53.0078 1572 Current date / time: 2012/11/19 14:55:53.0078
14:55:53.0078 1572 SystemInfo:
14:55:53.0078 1572
14:55:53.0078 1572 OS Version: 5.1.2600 ServicePack: 3.0
14:55:53.0078 1572 Product type: Workstation
14:55:53.0078 1572 ComputerName: LENOVO-1535A3CB
14:55:53.0078 1572 UserName: Sabre
14:55:53.0078 1572 Windows directory: C:\WINDOWS
14:55:53.0078 1572 System windows directory: C:\WINDOWS
14:55:53.0078 1572 Processor architecture: Intel x86
14:55:53.0078 1572 Number of processors: 2
14:55:53.0078 1572 Page size: 0x1000
14:55:53.0078 1572 Boot type: Normal boot
14:55:53.0078 1572 ============================================================
14:55:54.0171 1572 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:55:54.0171 1572 ============================================================
14:55:54.0171 1572 \Device\Harddisk0\DR0:
14:55:54.0171 1572 MBR partitions:
14:55:54.0171 1572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1CB03000
14:55:54.0171 1572 ============================================================
14:55:54.0203 1572 C: <-> \Device\Harddisk0\DR0\Partition1
14:55:54.0203 1572 ============================================================
14:55:54.0203 1572 Initialize success
14:55:54.0203 1572 ============================================================
14:55:59.0281 3264 ============================================================
14:55:59.0281 3264 Scan started
14:55:59.0281 3264 Mode: Manual; TDLFS;
14:55:59.0281 3264 ============================================================
14:56:01.0140 3264 ================ Scan system memory ========================
14:56:01.0140 3264 System memory - ok
14:56:01.0140 3264 ================ Scan services =============================
14:56:01.0593 3264 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
14:56:01.0593 3264 6to4 - ok
14:56:01.0625 3264 Abiosdsk - ok
14:56:01.0640 3264 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:56:01.0656 3264 abp480n5 - ok
14:56:01.0671 3264 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:56:01.0671 3264 ACPI - ok
14:56:01.0671 3264 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:56:01.0671 3264 ACPIEC - ok
14:56:01.0703 3264 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:56:01.0703 3264 adpu160m - ok
14:56:01.0734 3264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:56:01.0734 3264 aec - ok
14:56:01.0765 3264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:56:01.0765 3264 AFD - ok
14:56:01.0781 3264 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:56:01.0781 3264 agp440 - ok
14:56:01.0781 3264 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:56:01.0781 3264 agpCPQ - ok
14:56:01.0796 3264 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:56:01.0796 3264 Aha154x - ok
14:56:01.0796 3264 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:56:01.0796 3264 aic78u2 - ok
14:56:01.0796 3264 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:56:01.0812 3264 aic78xx - ok
14:56:01.0828 3264 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:56:01.0843 3264 Alerter - ok
14:56:01.0843 3264 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:56:01.0859 3264 ALG - ok
14:56:01.0859 3264 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:56:01.0859 3264 AliIde - ok
14:56:01.0875 3264 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:56:01.0875 3264 alim1541 - ok
14:56:01.0875 3264 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:56:01.0875 3264 amdagp - ok
14:56:01.0890 3264 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:56:01.0890 3264 amsint - ok
14:56:01.0953 3264 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:56:01.0953 3264 Apple Mobile Device - ok
14:56:01.0968 3264 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:56:01.0968 3264 AppMgmt - ok
14:56:01.0984 3264 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:56:01.0984 3264 Arp1394 - ok
14:56:02.0000 3264 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:56:02.0000 3264 asc - ok
14:56:02.0015 3264 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:56:02.0015 3264 asc3350p - ok
14:56:02.0031 3264 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:56:02.0031 3264 asc3550 - ok
14:56:02.0125 3264 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:56:02.0156 3264 aspnet_state - ok
14:56:02.0171 3264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:56:02.0171 3264 AsyncMac - ok
14:56:02.0187 3264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:56:02.0187 3264 atapi - ok
14:56:02.0187 3264 Atdisk - ok
14:56:02.0203 3264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:56:02.0203 3264 Atmarpc - ok
14:56:02.0218 3264 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:56:02.0218 3264 AudioSrv - ok
14:56:02.0234 3264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:56:02.0234 3264 audstub - ok
14:56:02.0296 3264 [ C7B31FDFCCFA25C78615E72ECAA9967A ] BandLuxe_Service C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
14:56:02.0296 3264 BandLuxe_Service - ok
14:56:02.0359 3264 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:56:02.0359 3264 BcmSqlStartupSvc - ok
14:56:02.0359 3264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:56:02.0359 3264 Beep - ok
14:56:02.0406 3264 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:56:02.0421 3264 BITS - ok
14:56:02.0453 3264 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:56:02.0453 3264 Bonjour Service - ok
14:56:02.0484 3264 [ BAEAE0AB3F321DC72F1A84A66149783C ] br3gmdm C:\WINDOWS\system32\DRIVERS\br3gmdm.sys
14:56:02.0484 3264 br3gmdm - ok
14:56:02.0500 3264 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:56:02.0500 3264 Browser - ok
14:56:02.0531 3264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:56:02.0531 3264 cbidf - ok
14:56:02.0531 3264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:56:02.0531 3264 cbidf2k - ok
14:56:02.0546 3264 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:56:02.0546 3264 cd20xrnt - ok
14:56:02.0562 3264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:56:02.0562 3264 Cdaudio - ok
14:56:02.0562 3264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:56:02.0562 3264 Cdfs - ok
14:56:02.0578 3264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:56:02.0578 3264 Cdrom - ok
14:56:02.0593 3264 [ 01B158419AA4525054D0673619AE3067 ] CfgSrvc C:\WINDOWS\system32\CfgSrvc.exe
14:56:02.0593 3264 CfgSrvc - ok
14:56:02.0593 3264 Changer - ok
14:56:02.0625 3264 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:56:02.0625 3264 CiSvc - ok
14:56:02.0640 3264 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:56:02.0640 3264 ClipSrv - ok
14:56:02.0671 3264 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:02.0687 3264 clr_optimization_v2.0.50727_32 - ok
14:56:02.0703 3264 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:56:02.0703 3264 CmBatt - ok
14:56:02.0734 3264 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:56:02.0734 3264 CmdIde - ok
14:56:02.0734 3264 cnnctfy2MP - ok
14:56:02.0734 3264 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:56:02.0734 3264 Compbatt - ok
14:56:02.0750 3264 COMSysApp - ok
14:56:02.0781 3264 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:56:02.0781 3264 Cpqarray - ok
14:56:02.0796 3264 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:56:02.0828 3264 CryptSvc - ok
14:56:02.0875 3264 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:56:02.0875 3264 dac2w2k - ok
14:56:02.0890 3264 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:56:02.0890 3264 dac960nt - ok
14:56:02.0921 3264 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:56:02.0921 3264 DcomLaunch - ok
14:56:02.0937 3264 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:56:02.0937 3264 Dhcp - ok
14:56:02.0937 3264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:56:02.0937 3264 Disk - ok
14:56:02.0984 3264 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
14:56:02.0984 3264 DLABMFSM - ok
14:56:02.0984 3264 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:56:02.0984 3264 DLABOIOM - ok
14:56:02.0984 3264 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:56:02.0984 3264 DLACDBHM - ok
14:56:02.0984 3264 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
14:56:02.0984 3264 DLADResM - ok
14:56:03.0000 3264 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:56:03.0000 3264 DLAIFS_M - ok
14:56:03.0000 3264 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:56:03.0000 3264 DLAOPIOM - ok
14:56:03.0000 3264 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:56:03.0000 3264 DLAPoolM - ok
14:56:03.0015 3264 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:56:03.0015 3264 DLARTL_M - ok
14:56:03.0015 3264 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:56:03.0015 3264 DLAUDFAM - ok
14:56:03.0015 3264 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:56:03.0015 3264 DLAUDF_M - ok
14:56:03.0015 3264 dmadmin - ok
14:56:03.0046 3264 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:56:03.0062 3264 dmboot - ok
14:56:03.0062 3264 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:56:03.0078 3264 dmio - ok
14:56:03.0078 3264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:56:03.0078 3264 dmload - ok
14:56:03.0093 3264 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:56:03.0093 3264 dmserver - ok
14:56:03.0109 3264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:56:03.0109 3264 DMusic - ok
14:56:03.0140 3264 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:56:03.0140 3264 Dnscache - ok
14:56:03.0156 3264 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:56:03.0156 3264 Dot3svc - ok
14:56:03.0171 3264 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:56:03.0171 3264 Dot4 - ok
14:56:03.0187 3264 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:56:03.0187 3264 Dot4Print - ok
14:56:03.0218 3264 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
14:56:03.0218 3264 dot4usb - ok
14:56:03.0250 3264 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:56:03.0250 3264 dpti2o - ok
14:56:03.0265 3264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:56:03.0265 3264 drmkaud - ok
14:56:03.0281 3264 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:56:03.0281 3264 DRVMCDB - ok
14:56:03.0281 3264 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:56:03.0281 3264 DRVNDDM - ok
14:56:03.0328 3264 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:56:03.0328 3264 EapHost - ok
14:56:03.0343 3264 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:56:03.0343 3264 ERSvc - ok
14:56:03.0375 3264 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:56:03.0375 3264 Eventlog - ok
14:56:03.0390 3264 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:56:03.0390 3264 EventSystem - ok
14:56:03.0406 3264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:56:03.0421 3264 Fastfat - ok
14:56:03.0453 3264 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:56:03.0453 3264 FastUserSwitchingCompatibility - ok
14:56:03.0468 3264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:56:03.0468 3264 Fdc - ok
14:56:03.0468 3264 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:56:03.0468 3264 Fips - ok
14:56:03.0484 3264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:56:03.0484 3264 Flpydisk - ok
14:56:03.0484 3264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:56:03.0484 3264 FltMgr - ok
14:56:03.0546 3264 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:03.0546 3264 FontCache3.0.0.0 - ok
14:56:03.0546 3264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:56:03.0546 3264 Fs_Rec - ok
14:56:03.0562 3264 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:56:03.0562 3264 Ftdisk - ok
14:56:03.0593 3264 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:56:03.0593 3264 GEARAspiWDM - ok
14:56:03.0609 3264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:56:03.0609 3264 Gpc - ok
14:56:03.0609 3264 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:56:03.0609 3264 HDAudBus - ok
14:56:03.0640 3264 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:56:03.0640 3264 helpsvc - ok
14:56:03.0656 3264 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:56:03.0656 3264 HidServ - ok
14:56:03.0687 3264 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:56:03.0687 3264 HidUsb - ok
14:56:03.0703 3264 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:56:03.0703 3264 hkmsvc - ok
14:56:03.0718 3264 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:56:03.0718 3264 hpn - ok
14:56:03.0750 3264 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:56:03.0750 3264 HPZid412 - ok
14:56:03.0765 3264 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:56:03.0765 3264 HPZipr12 - ok
14:56:03.0765 3264 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:56:03.0765 3264 HPZius12 - ok
14:56:03.0781 3264 [ 01B158419AA4525054D0673619AE3067 ] HsspConfig C:\WINDOWS\system32\CfgSrvc.exe
14:56:03.0781 3264 HsspConfig - ok
14:56:03.0796 3264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:56:03.0796 3264 HTTP - ok
14:56:03.0812 3264 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:56:03.0812 3264 HTTPFilter - ok
14:56:03.0828 3264 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:56:03.0828 3264 i2omgmt - ok
14:56:03.0843 3264 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:56:03.0843 3264 i2omp - ok
14:56:03.0843 3264 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:56:03.0843 3264 i8042prt - ok
14:56:03.0968 3264 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:56:04.0062 3264 ialm - ok
14:56:04.0171 3264 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:04.0187 3264 idsvc - ok
14:56:04.0234 3264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:56:04.0234 3264 Imapi - ok
14:56:04.0250 3264 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:56:04.0250 3264 ImapiService - ok
14:56:04.0296 3264 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:56:04.0296 3264 ini910u - ok
14:56:04.0406 3264 [ 053517D1BCADF00BEDB21FB7218C8F33 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:56:04.0437 3264 IntcAzAudAddService - ok
14:56:04.0453 3264 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:56:04.0453 3264 IntelIde - ok
14:56:04.0468 3264 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:56:04.0468 3264 intelppm - ok
14:56:04.0484 3264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:56:04.0484 3264 Ip6Fw - ok
14:56:04.0500 3264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:56:04.0500 3264 IpFilterDriver - ok
14:56:04.0515 3264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:56:04.0515 3264 IpInIp - ok
14:56:04.0531 3264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:56:04.0531 3264 IpNat - ok
14:56:04.0562 3264 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:56:04.0578 3264 iPod Service - ok
14:56:04.0578 3264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:56:04.0578 3264 IPSec - ok
14:56:04.0578 3264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:56:04.0578 3264 IRENUM - ok
14:56:04.0625 3264 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:56:04.0625 3264 isapnp - ok
14:56:04.0625 3264 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:56:04.0625 3264 Kbdclass - ok
14:56:04.0640 3264 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:56:04.0640 3264 kbdhid - ok
14:56:04.0640 3264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:56:04.0640 3264 kmixer - ok
14:56:04.0671 3264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:56:04.0671 3264 KSecDD - ok
14:56:04.0687 3264 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:56:04.0687 3264 LanmanServer - ok
14:56:04.0718 3264 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:56:04.0734 3264 lanmanworkstation - ok
14:56:04.0734 3264 lbrtfdc - ok
14:56:04.0750 3264 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:56:04.0750 3264 LmHosts - ok
14:56:04.0781 3264 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
14:56:04.0781 3264 mbamchameleon - ok
14:56:04.0796 3264 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
14:56:04.0796 3264 MBAMProtector - ok
14:56:04.0859 3264 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:56:04.0859 3264 MBAMScheduler - ok
14:56:04.0906 3264 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:56:04.0921 3264 MBAMService - ok
14:56:04.0921 3264 mcmscsvc - ok
14:56:05.0046 3264 [ AA490BFB95998686AF46FDCD8093443B ] McNASvc c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
14:56:05.0093 3264 McNASvc - ok
14:56:05.0093 3264 McShield - ok
14:56:05.0093 3264 McSysmon - ok
14:56:05.0140 3264 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:56:05.0156 3264 MDM - ok
14:56:05.0171 3264 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:56:05.0171 3264 Messenger - ok
14:56:05.0203 3264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:56:05.0203 3264 mnmdd - ok
14:56:05.0234 3264 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:56:05.0234 3264 mnmsrvc - ok
14:56:05.0250 3264 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:56:05.0250 3264 Modem - ok
14:56:05.0265 3264 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:56:05.0265 3264 Mouclass - ok
14:56:05.0281 3264 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:56:05.0281 3264 mouhid - ok
14:56:05.0296 3264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:56:05.0296 3264 MountMgr - ok
14:56:05.0312 3264 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:56:05.0312 3264 mraid35x - ok
14:56:05.0312 3264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:56:05.0312 3264 MRxDAV - ok
14:56:05.0343 3264 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:56:05.0359 3264 MRxSmb - ok
14:56:05.0375 3264 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:56:05.0375 3264 MSDTC - ok
14:56:05.0390 3264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:56:05.0390 3264 Msfs - ok
14:56:05.0390 3264 MSIServer - ok
14:56:05.0406 3264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:56:05.0406 3264 MSKSSRV - ok
14:56:05.0437 3264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:56:05.0437 3264 MSPCLOCK - ok
14:56:05.0453 3264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:56:05.0453 3264 MSPQM - ok
14:56:05.0453 3264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:56:05.0453 3264 mssmbios - ok
14:56:05.0531 3264 MSSQL$MSSMLBIZ - ok
14:56:05.0578 3264 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:56:05.0578 3264 MSSQLServerADHelper - ok
14:56:05.0593 3264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:56:05.0593 3264 Mup - ok
14:56:05.0609 3264 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:56:05.0625 3264 napagent - ok
14:56:05.0656 3264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:56:05.0656 3264 NDIS - ok
14:56:05.0687 3264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:56:05.0687 3264 NdisTapi - ok
14:56:05.0703 3264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:56:05.0703 3264 Ndisuio - ok
14:56:05.0703 3264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:56:05.0703 3264 NdisWan - ok
14:56:05.0734 3264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:56:05.0734 3264 NDProxy - ok
14:56:05.0750 3264 [ 90EB97C8DBF11BB0016C51946AC5ECD6 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:56:05.0750 3264 Net Driver HPZ12 - ok
14:56:05.0750 3264 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:56:05.0750 3264 NetBIOS - ok
14:56:05.0781 3264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:56:05.0781 3264 NetBT - ok
14:56:05.0812 3264 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:56:05.0812 3264 NetDDE - ok
14:56:05.0828 3264 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:56:05.0828 3264 NetDDEdsdm - ok
14:56:05.0843 3264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:56:05.0859 3264 Netlogon - ok
14:56:05.0859 3264 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:56:05.0859 3264 Netman - ok
14:56:05.0921 3264 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:05.0921 3264 NetTcpPortSharing - ok
14:56:05.0937 3264 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:56:05.0937 3264 NIC1394 - ok
14:56:05.0984 3264 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:56:05.0984 3264 Nla - ok
14:56:06.0000 3264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:56:06.0000 3264 Npfs - ok
14:56:06.0031 3264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:56:06.0046 3264 Ntfs - ok
14:56:06.0046 3264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:56:06.0062 3264 NtLmSsp - ok
14:56:06.0078 3264 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:56:06.0093 3264 NtmsSvc - ok
14:56:06.0109 3264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:56:06.0109 3264 Null - ok
14:56:06.0125 3264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:56:06.0125 3264 NwlnkFlt - ok
14:56:06.0125 3264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:56:06.0125 3264 NwlnkFwd - ok
14:56:06.0187 3264 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:56:06.0203 3264 odserv - ok
14:56:06.0203 3264 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:56:06.0203 3264 ohci1394 - ok
14:56:06.0218 3264 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:56:06.0234 3264 ose - ok
14:56:06.0250 3264 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:56:06.0250 3264 Parport - ok
14:56:06.0250 3264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:56:06.0265 3264 PartMgr - ok
14:56:06.0265 3264 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:56:06.0265 3264 ParVdm - ok
14:56:06.0281 3264 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:56:06.0281 3264 PCI - ok
14:56:06.0281 3264 PCIDump - ok
14:56:06.0312 3264 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:56:06.0312 3264 PCIIde - ok
14:56:06.0312 3264 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:56:06.0312 3264 Pcmcia - ok
14:56:06.0328 3264 PDCOMP - ok
14:56:06.0328 3264 PDFRAME - ok
14:56:06.0328 3264 PDRELI - ok
14:56:06.0328 3264 PDRFRAME - ok
14:56:06.0359 3264 [ BD71F603C9AA0754C96E7557EE0001F9 ] pelmouse C:\WINDOWS\system32\DRIVERS\pelmouse.sys
14:56:06.0359 3264 pelmouse - ok
14:56:06.0375 3264 [ 25C36DCCBE713F62BD9D24DD5C554B4E ] pelusblf C:\WINDOWS\system32\DRIVERS\pelusblf.sys
14:56:06.0375 3264 pelusblf - ok
14:56:06.0375 3264 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:56:06.0375 3264 perc2 - ok
14:56:06.0406 3264 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:56:06.0406 3264 perc2hib - ok
14:56:06.0453 3264 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:56:06.0453 3264 PlugPlay - ok
14:56:06.0484 3264 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
14:56:06.0484 3264 pmem - ok
14:56:06.0515 3264 [ F0EFAF6000E9FCBD77F769D527CE5F9D ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:56:06.0515 3264 Pml Driver HPZ12 - ok
14:56:06.0515 3264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:56:06.0515 3264 PolicyAgent - ok
14:56:06.0531 3264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:56:06.0531 3264 PptpMiniport - ok
14:56:06.0531 3264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:56:06.0531 3264 ProtectedStorage - ok
14:56:06.0546 3264 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
14:56:06.0562 3264 psadd - ok
14:56:06.0562 3264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:56:06.0562 3264 PSched - ok
14:56:06.0562 3264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:56:06.0562 3264 Ptilink - ok
14:56:06.0593 3264 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:56:06.0593 3264 PxHelp20 - ok
14:56:06.0609 3264 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:56:06.0609 3264 ql1080 - ok
14:56:06.0609 3264 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:56:06.0625 3264 Ql10wnt - ok
14:56:06.0640 3264 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:56:06.0640 3264 ql12160 - ok
14:56:06.0640 3264 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:56:06.0640 3264 ql1240 - ok
14:56:06.0640 3264 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:56:06.0640 3264 ql1280 - ok
14:56:06.0656 3264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:56:06.0656 3264 RasAcd - ok
14:56:06.0687 3264 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:56:06.0687 3264 RasAuto - ok
14:56:06.0703 3264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:56:06.0703 3264 Rasl2tp - ok
14:56:06.0703 3264 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:56:06.0718 3264 RasMan - ok
14:56:06.0718 3264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:56:06.0718 3264 RasPppoe - ok
14:56:06.0718 3264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:56:06.0718 3264 Raspti - ok
14:56:06.0734 3264 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:56:06.0734 3264 Rdbss - ok
14:56:06.0750 3264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:56:06.0750 3264 RDPCDD - ok
14:56:06.0750 3264 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:56:06.0765 3264 rdpdr - ok
14:56:06.0781 3264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:56:06.0781 3264 RDPWD - ok
14:56:06.0812 3264 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:56:06.0812 3264 RDSessMgr - ok
14:56:06.0828 3264 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:56:06.0828 3264 redbook - ok
14:56:06.0859 3264 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:56:06.0859 3264 RemoteAccess - ok
14:56:06.0875 3264 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:56:06.0875 3264 RemoteRegistry - ok
14:56:06.0953 3264 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:56:06.0984 3264 RoxMediaDB10 - ok
14:56:07.0015 3264 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:56:07.0015 3264 RpcLocator - ok
14:56:07.0031 3264 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:56:07.0046 3264 RpcSs - ok
14:56:07.0046 3264 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:56:07.0062 3264 RSVP - ok
14:56:07.0125 3264 [ 26B8BCA45977F85E2C77CBDD3E9D4EE3 ] SabrePrint C:\SABRE\Apps\OADP\Oadp.exe
14:56:07.0140 3264 SabrePrint - ok
14:56:07.0140 3264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:56:07.0140 3264 SamSs - ok
14:56:07.0156 3264 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:56:07.0171 3264 SCardSvr - ok
14:56:07.0187 3264 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:56:07.0187 3264 Schedule - ok
14:56:07.0218 3264 [ C5D3B48667E92000C9107B0883F11EED ] SDMan C:\WINDOWS\SDMan.EXE
14:56:08.0187 3264 SDMan - ok
14:56:08.0218 3264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:56:08.0218 3264 Secdrv - ok
14:56:08.0250 3264 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:56:08.0250 3264 seclogon - ok
14:56:08.0250 3264 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:56:08.0250 3264 SENS - ok
14:56:08.0265 3264 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:56:08.0265 3264 Serenum - ok
14:56:08.0281 3264 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:56:08.0281 3264 Serial - ok
14:56:08.0328 3264 SessionLauncher - ok
14:56:08.0359 3264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:56:08.0359 3264 Sfloppy - ok
14:56:08.0390 3264 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:56:08.0390 3264 SharedAccess - ok
14:56:08.0406 3264 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:56:08.0406 3264 ShellHWDetection - ok
14:56:08.0421 3264 Simbad - ok
14:56:08.0437 3264 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:56:08.0437 3264 sisagp - ok
14:56:08.0437 3264 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:56:08.0453 3264 Sparrow - ok
14:56:08.0468 3264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:56:08.0468 3264 splitter - ok
14:56:08.0500 3264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:56:08.0515 3264 Spooler - ok
14:56:08.0546 3264 [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:56:08.0546 3264 SQLBrowser - ok
14:56:08.0562 3264 [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:56:08.0578 3264 SQLWriter - ok
14:56:08.0578 3264 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:56:08.0578 3264 sr - ok
14:56:08.0609 3264 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:56:08.0609 3264 srservice - ok
14:56:08.0625 3264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:56:08.0640 3264 Srv - ok
14:56:08.0640 3264 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:56:08.0640 3264 SSDPSRV - ok
14:56:08.0656 3264 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:56:08.0671 3264 stisvc - ok
14:56:08.0703 3264 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:56:08.0703 3264 stllssvr - ok
14:56:08.0734 3264 [ 05756B6A3A45DB52334526F9E1FEC6BC ] SuperIO C:\WINDOWS\system32\DRIVERS\spio.sys
14:56:08.0734 3264 SuperIO - ok
14:56:08.0812 3264 [ B71A41CAD9DE92219C3891E88F822AC3 ] SUService c:\program files\lenovo\system update\suservice.exe
14:56:08.0812 3264 SUService - ok
14:56:08.0843 3264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:56:08.0843 3264 swenum - ok
14:56:08.0859 3264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:56:08.0859 3264 swmidi - ok
14:56:08.0859 3264 SwPrv - ok
14:56:08.0875 3264 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:56:08.0875 3264 symc810 - ok
14:56:08.0875 3264 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:56:08.0875 3264 symc8xx - ok
14:56:08.0875 3264 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:56:08.0875 3264 sym_hi - ok
14:56:08.0890 3264 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:56:08.0890 3264 sym_u3 - ok
14:56:08.0906 3264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:56:08.0906 3264 sysaudio - ok
14:56:08.0921 3264 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:56:08.0937 3264 SysmonLog - ok
14:56:08.0937 3264 [ C516B5CFFB7C307FCB7DF87D7D7FA200 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
14:56:08.0937 3264 tap0901 - ok
14:56:08.0968 3264 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:56:08.0968 3264 TapiSrv - ok
14:56:09.0000 3264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:56:09.0015 3264 Tcpip - ok
14:56:09.0031 3264 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:56:09.0031 3264 Tcpip6 - ok
14:56:09.0046 3264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:56:09.0046 3264 TDPIPE - ok
14:56:09.0046 3264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:56:09.0046 3264 TDTCP - ok
14:56:09.0062 3264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:56:09.0062 3264 TermDD - ok
14:56:09.0078 3264 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:56:09.0078 3264 TermService - ok
14:56:09.0093 3264 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:56:09.0093 3264 Themes - ok
14:56:09.0171 3264 [ EB90A37AABAEFD7B4F4F92BEFEA8C2E2 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:56:09.0187 3264 ThinkVantage Registry Monitor Service - ok
14:56:09.0203 3264 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:56:09.0218 3264 TlntSvr - ok
14:56:09.0218 3264 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:56:09.0218 3264 TosIde - ok
14:56:09.0234 3264 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:56:09.0250 3264 TrkWks - ok
14:56:09.0265 3264 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:56:09.0265 3264 tunmp - ok
14:56:09.0296 3264 [ 1AA675A55E169BC45B5685355BEC2C66 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
14:56:09.0312 3264 TVT Backup Protection Service - ok
14:56:09.0328 3264 [ FF86960CF29EAB25CDDECC92CBBA43D4 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:56:09.0343 3264 TVT Backup Service - ok
14:56:09.0421 3264 [ 49851E0177F2044184C125E919D1917C ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
14:56:09.0453 3264 TVT Scheduler - ok
14:56:09.0484 3264 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
14:56:09.0484 3264 tvtfilter - ok
14:56:09.0500 3264 [ F2BACC1B7ADFECBA363275E7330AB5C1 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
14:56:09.0500 3264 TVTI2C - ok
14:56:09.0546 3264 [ 930B8B8EF659A714CF1C755928B8850C ] tvtumon C:\WINDOWS\system32\DRIVERS\tvtumon.sys
14:56:09.0546 3264 tvtumon - ok
14:56:09.0578 3264 [ 22A001F3FBB92E3811C3BFD8FDAD3ED3 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
14:56:09.0578 3264 TVT_UpdateMonitor - ok
14:56:09.0609 3264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:56:09.0609 3264 Udfs - ok
14:56:09.0625 3264 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:56:09.0625 3264 ultra - ok
14:56:09.0625 3264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:56:09.0625 3264 Update - ok
14:56:09.0656 3264 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:56:09.0656 3264 upnphost - ok
14:56:09.0671 3264 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:56:09.0671 3264 UPS - ok
14:56:09.0718 3264 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:56:09.0734 3264 USBAAPL - ok
14:56:09.0750 3264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:56:09.0750 3264 usbccgp - ok
14:56:09.0765 3264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:56:09.0765 3264 usbehci - ok
14:56:09.0781 3264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:56:09.0781 3264 usbhub - ok
14:56:09.0796 3264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:56:09.0812 3264 usbprint - ok
14:56:09.0828 3264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:56:09.0843 3264 usbscan - ok
14:56:09.0875 3264 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:56:09.0875 3264 USBSTOR - ok
14:56:09.0890 3264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:56:09.0890 3264 usbuhci - ok
14:56:09.0906 3264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:56:09.0906 3264 VgaSave - ok
14:56:09.0921 3264 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:56:09.0921 3264 viaagp - ok
14:56:09.0937 3264 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:56:09.0937 3264 ViaIde - ok
14:56:09.0937 3264 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:56:09.0953 3264 VolSnap - ok
14:56:09.0984 3264 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:56:09.0984 3264 VSS - ok
14:56:10.0000 3264 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:56:10.0000 3264 W32Time - ok
14:56:10.0015 3264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:56:10.0015 3264 Wanarp - ok
14:56:10.0015 3264 WDICA - ok
14:56:10.0031 3264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:56:10.0031 3264 wdmaud - ok
14:56:10.0046 3264 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:56:10.0046 3264 WebClient - ok
14:56:10.0109 3264 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:56:10.0109 3264 winmgmt - ok
14:56:10.0140 3264 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:56:10.0140 3264 WmdmPmSN - ok
14:56:10.0171 3264 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:56:10.0171 3264 Wmi - ok
14:56:10.0171 3264 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:56:10.0171 3264 WmiAcpi - ok
14:56:10.0203 3264 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:56:10.0218 3264 WmiApSrv - ok
14:56:10.0265 3264 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:56:10.0281 3264 WMPNetworkSvc - ok
14:56:10.0296 3264 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:56:10.0296 3264 WS2IFSL - ok
14:56:10.0328 3264 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:56:10.0343 3264 wscsvc - ok
14:56:10.0359 3264 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:56:10.0359 3264 wuauserv - ok
14:56:10.0390 3264 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:56:10.0390 3264 WudfPf - ok
14:56:10.0390 3264 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:56:10.0390 3264 WudfRd - ok
14:56:10.0406 3264 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:56:10.0421 3264 WudfSvc - ok
14:56:10.0437 3264 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:56:10.0437 3264 WZCSVC - ok
14:56:10.0468 3264 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:56:10.0484 3264 xmlprov - ok
14:56:10.0500 3264 [ 849494D3F85A45231744CA7470246C71 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:56:10.0515 3264 yukonwxp - ok
14:56:10.0515 3264 ================ Scan global ===============================
14:56:10.0546 3264 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:56:10.0578 3264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:56:10.0578 3264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:56:10.0593 3264 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:56:10.0593 3264 [Global] - ok
14:56:10.0593 3264 ================ Scan MBR ==================================
14:56:10.0609 3264 [ 602EFCD29A6CEB149A86F4DC8CD9F04A ] \Device\Harddisk0\DR0
14:56:10.0890 3264 \Device\Harddisk0\DR0 - ok
14:56:10.0890 3264 ================ Scan VBR ==================================
14:56:10.0890 3264 [ 19289CDF42DBA352BE9155DE396F36BE ] \Device\Harddisk0\DR0\Partition1
14:56:10.0890 3264 \Device\Harddisk0\DR0\Partition1 - ok
14:56:10.0890 3264 ============================================================
14:56:10.0890 3264 Scan finished
14:56:10.0890 3264 ============================================================
14:56:10.0906 3256 Detected object count: 0
14:56:10.0906 3256 Actual detected object count: 0


Malware Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sabre :: LENOVO-1535A3CB [administrator]

Protection: Enabled

11/19/2012 3:00:23 PM
mbam-log-2012-11-19 (15-00-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227049
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 1
C:\Program Files\PremierOpinion\pmropn.exe (Adware.PremierOpinion) -> 2984 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\PremierOpinion\pmls.dll (Adware.PremierOpinion) -> Delete on reboot.

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 26
C:\Program Files\PremierOpinion (Trojan.Agent) -> Delete on reboot.
C:\Program Files\PremierOpinion\components (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\defaults (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\defaults\preferences (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\locale (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit\data (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\data (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\content (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\dom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\events (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\tabs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\traits (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\windows (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\data (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\data\.idea (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\data\.idea\scopes (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Detected: 93
C:\Program Files\PremierOpinion\pmls.dll (Adware.PremierOpinion) -> Delete on reboot.
C:\Program Files\PremierOpinion\pmropn.exe (Adware.PremierOpinion) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-7524785752-6345833975-578718951-7605\MsMxEng.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\chrome.manifest (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\install.rdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\ncncf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\nscf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmcm.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmcm.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmls64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmoci.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmph.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmropn64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmservice.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\pmxf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\components\pmxg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\bootstrap.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\harness-options.json (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\install.rdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\locales.json (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\pmnx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\locale\en-GB.json (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\locale\eo.json (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\locale\fr-FR.json (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit\lib\page-mod.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit\lib\tabs.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\addon-kit\lib\windows.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\data\content-proxy.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\data\test-content-symbiont.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\data\test-message-manager.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\data\test-trusted-document.html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\memory.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\api-utils.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\byte-streams.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\channel.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\collection.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\content.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\cortex.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\cuddlefish.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\environment.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\errors.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\events.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\file.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\globals!.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\hidden-frame.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\light-traits.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\list.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\match-pattern.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\message-manager.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\namespace.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\observer-service.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\plain-text-console.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\process.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\runtime.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\sandbox.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\self!.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\system.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\text-streams.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\timer.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\traceback.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\traits.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\unload.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\url.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\window-utils.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\xpcom.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\xul-app.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\content\loader.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\content\symbiont.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\content\worker.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\dom\events.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\events\assembler.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\tabs\events.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\tabs\observer.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\tabs\tab.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\tabs\utils.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\traits\core.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils\data.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils\function.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils\object.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils\registry.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\utils\thumbnail.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\windows\dom.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\windows\loader.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\windows\observer.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\api-utils\lib\windows\tabs.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\data\content.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\lib\dompilot.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\lib\dputil.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PremierOpinion\firefox\resources\dpjs\lib\main.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.

(end)

SuperAnti Spyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/19/2012 at 03:22 PM

Application Version : 5.6.1014

Core Rules Database Version : 9610
Trace Rules Database Version: 7422

Scan type : Quick Scan
Total Scan Time : 00:09:37

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 554
Memory threats detected : 0
Registry items scanned : 32328
Registry threats detected : 0
File items scanned : 9270
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Sabre\Cookies\XH66CXNC.txt [ /kaspersky.122.2o7.net ]
C:\Documents and Settings\Sabre\Cookies\CSDXYN8M.txt [ /ads.virtuallythere.com ]
C:\Documents and Settings\Sabre\Cookies\QPCSKW31.txt [ /kontera.com ]
C:\Documents and Settings\Sabre\Cookies\7TS8YD1A.txt [ /timesofindia.indiatimes.com ]
C:\Documents and Settings\Sabre\Cookies\68FAHLYR.txt [ /doubleclick.net ]
C:\Documents and Settings\Sabre\Cookies\0IK1U0WL.txt [ /fastclick.net ]
C:\Documents and Settings\Sabre\Cookies\2MVSMSE5.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Sabre\Cookies\J89JLZC8.txt [ /zedo.com ]
C:\Documents and Settings\Sabre\Cookies\AW4WS54Y.txt [ /apmebf.com ]
C:\Documents and Settings\Sabre\Cookies\GUD3ZMWI.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Sabre\Cookies\5FG8GC7Q.txt [ /advertising.com ]
C:\Documents and Settings\Sabre\Cookies\QPV2QHXY.txt [ /accounts.google.com ]
C:\DOCUMENTS AND SETTINGS\SABRE\Cookies\O4BP0K1A.txt [ Cookie:sabre@www.google.com/accounts ]


Eset Log

Operating memory probably a variant of Win32/Ponmocup.AA trojan


Minitoolbox Log

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Sabre (administrator) on 19-11-2012 at 16:14:36
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : LENOVO-1535A3CB Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : LocalEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Local Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller Physical Address. . . . . . . . . : 00-25-11-5C-F5-AB Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::225:11ff:fe5c:f5ab%4 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Lease Obtained. . . . . . . . . . : Monday, November 19, 2012 3:24:13 PM Lease Expires . . . . . . . . . . : Thursday, November 29, 2012 3:24:13 PMTunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Local Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-01-02 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.2%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : DisabledServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.35.105, 173.194.35.101, 173.194.35.103, 173.194.35.104
173.194.35.110, 173.194.35.98, 173.194.35.97, 173.194.35.96, 173.194.35.99
173.194.35.100, 173.194.35.102

Pinging google.com [173.194.35.102] with 32 bytes of data:Reply from 173.194.35.102: bytes=32 time=303ms TTL=51Reply from 173.194.35.102: bytes=32 time=266ms TTL=51Ping statistics for 173.194.35.102: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 266ms, Maximum = 303ms, Average = 284msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=863ms TTL=45Reply from 98.139.183.24: bytes=32 time=990ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 863ms, Maximum = 990ms, Average = 926msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 11 5c f5 ab ...... Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 10
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 10
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 10
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2012 04:04:28 PM) (Source: Application Hang) (User: )
Description: Hanging application mysabre.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/12/2012 00:44:58 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.6242, fault address 0x000334f3.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/05/2012 01:37:47 PM) (Source: Microsoft Office 12) (User: )
Description: EventType officelifeboathang, P1 excel.exe, P2 12.0.6214.1000, P3 oart.dll, P4 12.0.6214.1000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (10/17/2012 00:44:32 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2012 01:19:57 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2012 01:19:56 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 03:23:26 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 03:23:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/25/2012 00:59:45 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/22/2012 00:04:02 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/19/2012 03:25:56 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (11/19/2012 03:25:56 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/19/2012 03:10:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ACPIEC
Pcmcia

Error: (11/19/2012 03:10:34 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (11/19/2012 03:10:34 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/19/2012 03:09:03 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (11/19/2012 02:55:05 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (11/19/2012 02:55:05 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Error: (11/18/2012 01:51:21 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (11/18/2012 01:51:21 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Real-time Scanner service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (01/26/2012 00:14:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 747717 seconds with 8160 seconds of active time. This session ended with a crash.

Error: (11/24/2011 00:21:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 314706 seconds with 1740 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer (Version: 7.1.5)
Access Help (Version: 2.00)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adacalc v2.47 (Version: 2.47)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader 9.5.2 (Version: 9.5.2)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
BandLuxe HSDPA Utility R11 (Version: 1.10.0064)
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Outlook 2007 SP1 (Version: 3.0.7311.0)
Core FTP LE
DBsign Web Signer (Version: 3.0)
DirectXInstallService (Version: 9.0.2)
Drag-to-Disc (Version: 9.05)
ESET Online Scanner v3
FaceMorpher Lite 2.5 (Version: 2.5)
FanSpeedControl (Version: 1.00.00.9)
Google Update Helper (Version: 1.3.21.123)
Help Center (Version: 2.00h)
HiJackThis (Version: 1.0.0)
HP LaserJet P3005
HP LaserJet P3005 (Version: 1.2.82.008)
HP LaserJet P3005 Fonts (Version: 1.00.0000)
HP LaserJet P3005 User Guide (Version: 1.3.0000)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.0.142)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java 2 Runtime Environment, SE v1.4.2_06 (Version: 1.4.2_06)
Lenovo Registration
Lenovo System Toolbox (Version: 5.1.5122.06)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Marvell Miniport Driver (Version: 10.62.1.3)
McAfee SecurityCenter
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8003.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Standard 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft PowerPoint Viewer (Version: 14.0.4763.1000)
Microsoft Rise Of Nations
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6215.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Mouse Suite
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MSXML4 Parser (Version: 1.0.0)
MySabre
Open Systems Client
Productivity Center Supplement for ThinkCentre (Version: 3.00b)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 5.10.0.5700)
Rescue and Recovery (Version: 4.21.0030.00)
Roxio Activation Module (Version: 1.0)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Creator Business Edition (Version: 10.1)
Roxio Creator Business Edition (Version: 10.1.177)
Roxio Express Labeler 3 (Version: 3.2.1)
Sabre Device Manager
Sabre Print Module
Sabre VPN
SabreScribe Design
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sonic Icons for Lenovo (Version: 2.0.0)
SUPERAntiSpyware (Version: 5.6.1014)
System Update (Version: 3.14.0034)
ThinkVantage Productivity Center (Version: 3.00b)
ThinkVantage Technologies Welcome Message (Version: 1.20)
Turbo Sabre 7.3
Turbo Sabre 7.3 Qik Shared Files 2008.0.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Wallpapers
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0
XP Themes (Version: 1.00.0000)
Yahoo! Messenger

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2013.17 MB
Available physical RAM: 1263.74 MB
Total Pagefile: 3906.2 MB
Available Pagefile: 3248.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.92 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:229.51 GB) (Free:185.12 GB) NTFS

========================= Users: ========================================

User accounts for \\LENOVO-1535A3CB

Administrator ASPNET Guest
HelpAssistant Sabre SUPPORT_388945a0


**** End of log ****


Adaware Log

# AdwCleaner v2.008 - Logfile created 11/19/2012 at 16:16:45
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sabre - LENOVO-1535A3CB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sabre\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Sabre\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1318 octets] - [19/11/2012 16:15:47]
AdwCleaner[S1].txt - [1269 octets] - [19/11/2012 16:16:45]

########## EOF - C:\AdwCleaner[S1].txt - [1329 octets] ##########

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 19 November 2012 - 05:14 PM

You will need to plug in the ethernet cord to the machine while this scan runs to update it.

http://www.howtogeek.com/howto/36403/how-to-use-the-kaspersky-rescue-disk-to-clean-your-infected-pc/ instructions on its use.

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso The File.


After you run this select quarantine for each item then reboot into normal mode update do a quick scan with malwarebytes and post the new log. :)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 AM

Posted 19 November 2012 - 08:39 PM

Hello, this infection required you run this earlier,,'

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 zorro3012

zorro3012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 20 November 2012 - 01:31 AM

aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 09:11:29
-----------------------------
09:11:29.859 OS Version: Windows 5.1.2600 Service Pack 3
09:11:29.859 Number of processors: 2 586 0x170A
09:11:29.859 ComputerName: LENOVO-1535A3CB UserName: Sabre
09:11:30.453 Initialize success
09:20:44.781 AVAST engine defs: 12111901
09:22:20.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
09:22:20.171 Disk 0 Vendor: WDC_WD2500AAJS-08L7A0 02.03E02 Size: 238475MB BusType: 3
09:22:20.187 Disk 0 MBR read successfully
09:22:20.203 Disk 0 MBR scan
09:22:20.250 Disk 0 unknown MBR code
09:22:20.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 235014 MB offset 2048
09:22:20.296 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 3459 MB offset 481310720
09:22:20.312 Disk 0 scanning sectors +488394752
09:22:20.375 Disk 0 scanning C:\WINDOWS\system32\drivers
09:22:25.343 Service scanning
09:22:40.937 Modules scanning
09:23:05.187 Disk 0 trace - called modules:
09:23:05.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:23:05.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5c6ab8]
09:23:05.203 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a5aaf18]
09:23:05.218 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a57dd98]
09:23:05.750 AVAST engine scan C:\WINDOWS
09:23:27.546 AVAST engine scan C:\WINDOWS\system32
09:25:31.140 AVAST engine scan C:\WINDOWS\system32\drivers
09:25:43.734 AVAST engine scan C:\Documents and Settings\Sabre
09:33:20.562 AVAST engine scan C:\Documents and Settings\All Users
09:33:58.281 Scan finished successfully
09:34:09.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sabre\Desktop\MBR.dat"
09:34:09.250 The log file has been saved successfully to "C:\Documents and Settings\Sabre\Desktop\aswMBR.txt"

Edited by zorro3012, 20 November 2012 - 01:31 AM.


#7 zorro3012

zorro3012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 20 November 2012 - 04:50 AM

Here is the result after running Kaspersky rescue disk

Objects Scan: completed 2 minutes ago (events: 10, objects: 553492, time: 00:52:13)
11/20/12 11:41 AM Task started
11/20/12 12:20 PM Detected: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP10/A0000667.dll
11/20/12 12:20 PM Untreated: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP10/A0000667.dll Postponed
11/20/12 12:20 PM Detected: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP5/A0000259.dll
11/20/12 12:20 PM Untreated: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP5/A0000259.dll Postponed
11/20/12 12:33 PM Detected: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP10/A0000667.dll
11/20/12 12:33 PM Deleted: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP10/A0000667.dll
11/20/12 12:33 PM Detected: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP5/A0000259.dll
11/20/12 12:33 PM Deleted: Packed.Win32.Krap.hc C:/System Volume Information/_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}/RP5/A0000259.dll
11/20/12 12:33 PM Task completed

#8 zorro3012

zorro3012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 20 November 2012 - 05:01 AM

Malwarebytes scan result

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sabre :: LENOVO-1535A3CB [administrator]

Protection: Enabled

11/20/2012 12:54:50 PM
mbam-log-2012-11-20 (12-54-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228135
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 AM

Posted 20 November 2012 - 07:17 PM

This infection will require More tools than are aloud in this forum see the link below follow steps 6 through 8.

http://www.bleepingcomputer.com/forums/topic34773.html

Edit:

See below from the AswMBR Log.

09:22:20.250 Disk 0 unknown MBR code

Edited by InadequateInfirmity, 20 November 2012 - 07:19 PM.


#10 zorro3012

zorro3012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 21 November 2012 - 08:38 AM

Ok....will do so and revert. Am out of town so will report on Sat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users