Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google isearchinfo redirect issue


  • This topic is locked This topic is locked
22 replies to this topic

#1 Pate

Pate

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 03 December 2012 - 07:46 PM

I need serious help. I've tried everything I can do on my own and can't remove the Google isearchinfo redirect with anything I've done so far.

Here are the things I've already done.

AdwCleaner-

RogueKiller--

Security Check-

ComboFix (Already ran before coming here, sorry)

Hijack this

Here are the logs.

---------------------------------------------------------------------------------------------------------
# AdwCleaner v2.011 - Logfile created 12/03/2012 at 18:47:24
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JohnA - JOHN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JohnA.JOHN.000\Local Settings\Temporary Internet Files\Content.IE5\QAJ33VYP\adwcleaner[1].exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\Program Files\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2639 octets] - [03/12/2012 18:47:24]

########## EOF - C:\AdwCleaner[R1].txt - [2699 octets] ##########

---------------------------------------------------------------------------------------------------------

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JohnA [Admin rights]
Mode : Remove -- Date : 12/03/2012 18:58:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5925 (C:\DOCUME~1\JOHNAJ~1.000\LOCALS~1\Temp\5925.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5925 (C:\DOCUME~1\JOHNAJ~1.000\LOCALS~1\Temp\5925.sys) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (szkgfs.sys @ 0xF760C9C6)
_INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC)
_INLINE_ : NtSetSecurityObject -> HOOKED (szkgfs.sys @ 0xF760BE28)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF7489852)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823A +++++
--- User ---
[MBR] 14ef24dcad7c5081818dea0c3ae4aaef
[BSP] 2dec0a12fb05b8587dacd7dc2ff46f0c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: QUANTUM FIREBALLP LM20.4 +++++
--- User ---
[MBR] d849eae19896f5a9d883c3503ca4de0b
[BSP] 754f3d4ad0b5b8bf15d7ae62a2da314c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 19469 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12032012_02d1858.txt >>
RKreport[1]_S_12032012_02d1856.txt ; RKreport[2]_D_12032012_02d1858.txt


------------------------------------------------------------------------------------------------------------

ComboFix 12-12-02.01 - JohnA 12/03/2012 19:16:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.948 [GMT -5:00]
Running from: c:\documents and settings\JohnA.JOHN.000\Desktop\ComboFix.exe
AV: STOPzilla! *Disabled/Updated* {271A6322-9DAA-4E02-932D-7EDF389FFCF0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\JohnA.JOHN.000\My Documents\DPE.DUS
c:\documents and settings\JohnA.JOHN.000\WINDOWS
c:\documents and settings\JohnA.JOHN\g2mdlhlpx.exe
c:\documents and settings\JohnA.JOHN\WINDOWS
c:\documents and settings\johna\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-03 11:33 . 2012-01-12 13:26 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-12-03 11:33 . 2012-01-12 13:26 21240 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2012-12-03 11:25 . 2012-12-03 11:25 105 ----a-w- C:\prefs.js
2012-12-03 03:37 . 2012-12-03 03:37 -------- d-sh--w- c:\documents and settings\JohnA.JOHN.000\IECompatCache
2012-12-02 21:34 . 2012-12-02 21:36 -------- d-----w- c:\program files\STOPzilla!
2012-12-02 21:33 . 2012-12-04 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2012-12-02 20:32 . 2012-10-24 14:32 30688 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-02 12:57 . 2012-12-02 12:57 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\LavasoftStatistics
2012-12-02 12:48 . 2012-12-02 12:48 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Local Settings\Application Data\Downloaded Installations
2012-12-02 12:48 . 2012-12-02 12:48 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 12:47 . 2012-12-02 12:47 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\blekko
2012-12-02 02:08 . 2012-12-02 02:09 -------- d-----w- c:\documents and settings\Administrator.JOHN
2012-12-01 22:45 . 2012-12-01 22:45 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\AppData
2012-12-01 22:43 . 2012-12-01 22:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2012-11-16 16:27 . 2012-11-16 16:27 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 13:59 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-24 13:16 . 2012-10-24 13:16 23416 ----a-r- c:\windows\system32\SZIO5.dll
2012-10-24 13:16 . 2012-10-24 13:16 681848 ----a-r- c:\windows\system32\SZComp5.dll
2012-10-24 13:16 . 2012-10-24 13:16 509816 ----a-r- c:\windows\system32\SZBase5.dll
2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 14:06 . 2012-10-11 14:06 29048 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-10-11 14:06 . 2012-10-11 14:06 231288 ----a-r- c:\windows\system32\IS3Win325.dll
2012-10-11 14:06 . 2012-10-11 14:06 391032 ----a-r- c:\windows\system32\IS3UI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 100216 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-10-11 14:06 . 2012-10-11 14:06 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-10-11 14:06 . 2012-10-11 14:06 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-10-11 14:06 . 2012-10-11 14:06 460664 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-10-11 14:06 . 2012-10-11 14:06 817016 ----a-r- c:\windows\system32\IS3Base5.dll
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-11-27 01:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"HostManager"="c:\program files\Common Files\AOL\1322569161\ee\AOLSoftware.exe" [2010-03-08 41800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
c:\documents and settings\johna\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2007-11-14 2836304]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1322569161\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/2/2012 7:48 AM 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [12/4/2011 4:42 PM 14776]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 2:28 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/4/2012 1:05 PM 73008]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]
R1 NEOFLTR_700_19821;Juniper Networks TDI Filter Driver (NEOFLTR_700_19821);c:\windows\system32\drivers\NEOFLTR_700_19821.SYS [1/26/2012 10:00 AM 85064]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/3/2012 6:33 AM 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/26/2011 8:13 PM 101112]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [12/1/2012 5:35 PM 464256]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/3/2012 6:33 AM 77816]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [3/20/2012 9:51 AM 99728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/2/2012 3:32 PM 30688]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: state.ny.us\secure.ejusticeny
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-12-03 19:29:42
ComboFix-quarantined-files.txt 2012-12-04 00:29
ComboFix2.txt 2009-12-02 14:55
ComboFix3.txt 2009-12-01 17:31
.
Pre-Run: 193,736,888,320 bytes free
Post-Run: 193,991,548,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 57D11215DFC1B47FD3562EFADB2778C4

------------------------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
STOPzilla!
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 1.99.1
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:44:26 PM, on 12/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1322569161\ee\AOLSoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\1322569161\ee\aolupdates.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JohnA.JOHN.000\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1322569161\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7\AOL.EXE" -b
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secure.ejusticeny.state.ny.us/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\STOPzilla!\SZServer.exe

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 04 December 2012 - 12:58 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 04 December 2012 - 08:29 AM

Thanks in advance for your help Gringo. Ran everything as instructed with no issues.



Ran unhide and did reboot.

Ran Security Check

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
STOPzilla!
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 1.99.1
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

--------------------------------------------------------------------------

OTL log


OTL logfile created on: 12/4/2012 8:08:34 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JohnA.JOHN.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 59.62% Memory free
3.35 Gb Paging File | 2.91 Gb Available in Paging File | 86.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 180.67 Gb Free Space | 77.58% Space Free | Partition Type: NTFS
Drive D: | 19.00 Gb Total Space | 4.56 Gb Free Space | 24.01% Space Free | Partition Type: FAT32

Computer Name: JOHN | User Name: JohnA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\JohnA.JOHN.000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\STOPzilla!\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\AOL\1322569161\ee\aolupdates.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\AOL\1322569161\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe ()
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files\STOPzilla!\SZEngine.dll ()
MOD - C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\VIPRE\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!\VIPRE\libBase64.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe ()
MOD - C:\Program Files\NETGEAR\WPN311\WlanDll.dll ()
MOD - C:\WINDOWS\system32\acs.exe ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (szserver) -- C:\Program Files\STOPzilla!\SZServer.exe (iS3, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 05 December 2012 - 04:07 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 December 2012 - 05:42 PM

Here are the two logs you needed Gringo.

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 17:33:20
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JohnA - JOHN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\JohnA.JOHN.000\Local Settings\Temporary Internet Files\Content.IE5\IQ7GIGMZ\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2768 octets] - [03/12/2012 18:47:24]
AdwCleaner[R2].txt - [2828 octets] - [03/12/2012 18:48:31]
AdwCleaner[S1].txt - [2940 octets] - [03/12/2012 18:48:42]
AdwCleaner[S2].txt - [771 octets] - [05/12/2012 17:33:20]

########## EOF - C:\AdwCleaner[S2].txt - [830 octets] ##########




RogueKiller V8.3.1 [Dec 5 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JohnA [Admin rights]
Mode : Scan -- Date : 12/05/2012 17:39:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (szkgfs.sys @ 0xF760C9C6)
_INLINE_ : NtSetSecurityObject -> HOOKED (szkgfs.sys @ 0xF760BE28)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([INLINE] atapi.sys @ 0xF7489852)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250823A +++++
--- User ---
[MBR] 14ef24dcad7c5081818dea0c3ae4aaef
[BSP] 2dec0a12fb05b8587dacd7dc2ff46f0c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: QUANTUM FIREBALLP LM20.4 +++++
--- User ---
[MBR] d849eae19896f5a9d883c3503ca4de0b
[BSP] 754f3d4ad0b5b8bf15d7ae62a2da314c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 19469 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_12052012_02d1739.txt >>
RKreport[2]_D_12032012_02d1858.txt ; RKreport[3]_S_12052012_02d1739.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 05 December 2012 - 06:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 December 2012 - 07:33 PM

I ran the last two items and wanted to let you know that everything seems to be back to normal. I will run combo fix as requested and post the log.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 05 December 2012 - 07:42 PM

That is good news!! I will be waiting for the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 December 2012 - 12:06 PM

Seems like it's back again. :(

Here's the Combofix log.


ComboFix 12-12-02.01 - JohnA 12/06/2012 11:17:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.992 [GMT -5:00]
Running from: c:\documents and settings\JohnA.JOHN.000\Desktop\ComboFix.exe
AV: STOPzilla! *Disabled/Outdated* {271A6322-9DAA-4E02-932D-7EDF389FFCF0}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-03 11:33 . 2012-01-12 13:26 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-12-03 11:33 . 2012-01-12 13:26 21240 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2012-12-03 11:25 . 2012-12-03 11:25 105 ----a-w- C:\prefs.js
2012-12-03 03:37 . 2012-12-03 03:37 -------- d-sh--w- c:\documents and settings\JohnA.JOHN.000\IECompatCache
2012-12-02 21:34 . 2012-12-06 14:16 -------- d-----w- c:\program files\STOPzilla!
2012-12-02 21:33 . 2012-12-06 16:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2012-12-02 20:32 . 2012-10-24 14:32 30688 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-02 12:57 . 2012-12-02 12:57 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\LavasoftStatistics
2012-12-02 12:48 . 2012-12-02 12:48 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Local Settings\Application Data\Downloaded Installations
2012-12-02 12:48 . 2012-12-02 12:48 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 12:47 . 2012-12-02 12:47 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\blekko
2012-12-02 02:08 . 2012-12-02 02:09 -------- d-----w- c:\documents and settings\Administrator.JOHN
2012-12-01 22:45 . 2012-12-01 22:45 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\AppData
2012-12-01 22:43 . 2012-12-01 22:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2012-11-16 16:27 . 2012-11-16 16:27 -------- d-----w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 13:59 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-24 13:16 . 2012-10-24 13:16 23416 ----a-r- c:\windows\system32\SZIO5.dll
2012-10-24 13:16 . 2012-10-24 13:16 681848 ----a-r- c:\windows\system32\SZComp5.dll
2012-10-24 13:16 . 2012-10-24 13:16 509816 ----a-r- c:\windows\system32\SZBase5.dll
2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 14:06 . 2012-10-11 14:06 29048 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-10-11 14:06 . 2012-10-11 14:06 231288 ----a-r- c:\windows\system32\IS3Win325.dll
2012-10-11 14:06 . 2012-10-11 14:06 391032 ----a-r- c:\windows\system32\IS3UI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 100216 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-10-11 14:06 . 2012-10-11 14:06 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-10-11 14:06 . 2012-10-11 14:06 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-10-11 14:06 . 2012-10-11 14:06 460664 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-10-11 14:06 . 2012-10-11 14:06 817016 ----a-r- c:\windows\system32\IS3Base5.dll
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-11-27 01:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
"Cache Cleaner"="c:\documents and settings\JohnA.JOHN.000\Application Data\Juniper Networks\Host Checker\dsCCProc.exe" [2011-11-28 31304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"HostManager"="c:\program files\Common Files\AOL\1322569161\ee\AOLSoftware.exe" [2010-03-08 41800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
c:\documents and settings\johna\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2007-11-14 2836304]
.
c:\documents and settings\JohnA.JOHN.000\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-14 33280]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1322569161\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/2/2012 7:48 AM 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [12/4/2011 4:42 PM 14776]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 2:28 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/4/2012 1:05 PM 73008]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]
R1 NEOFLTR_700_19821;Juniper Networks TDI Filter Driver (NEOFLTR_700_19821);c:\windows\system32\drivers\NEOFLTR_700_19821.SYS [1/26/2012 10:00 AM 85064]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/3/2012 6:33 AM 21240]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [12/1/2012 5:35 PM 464256]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/3/2012 6:33 AM 77816]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [3/20/2012 9:51 AM 99728]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/26/2011 8:13 PM 101112]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/2/2012 3:32 PM 30688]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: state.ny.us\secure.ejusticeny
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-06 11:34:08
ComboFix-quarantined-files.txt 2012-12-06 16:34
ComboFix2.txt 2012-12-04 00:29
ComboFix3.txt 2009-12-02 14:55
ComboFix4.txt 2009-12-01 17:31
.
Pre-Run: 194,123,046,912 bytes free
Post-Run: 194,508,382,208 bytes free
.
- - End Of File - - 7F03EB8D302C887861D796340541AD82

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 06 December 2012 - 07:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 December 2012 - 09:12 PM

Here's the first log. The other one won't run. It gets 1/2 way though the scan and then crashes and the computer reboots.


20:01:29.0187 3696  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:01:29.0453 3696  ============================================================
20:01:29.0453 3696  Current date / time: 2012/12/06 20:01:29.0453
20:01:29.0453 3696  SystemInfo:
20:01:29.0453 3696  
20:01:29.0453 3696  OS Version: 5.1.2600 ServicePack: 3.0
20:01:29.0453 3696  Product type: Workstation
20:01:29.0453 3696  ComputerName: JOHN
20:01:29.0453 3696  UserName: JohnA
20:01:29.0453 3696  Windows directory: C:\WINDOWS
20:01:29.0453 3696  System windows directory: C:\WINDOWS
20:01:29.0453 3696  Processor architecture: Intel x86
20:01:29.0453 3696  Number of processors: 1
20:01:29.0453 3696  Page size: 0x1000
20:01:29.0453 3696  Boot type: Normal boot
20:01:29.0453 3696  ============================================================
20:01:31.0156 3696  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:01:31.0171 3696  Drive \Device\Harddisk1\DR1 - Size: 0x4C0EF0000 (19.01 Gb), SectorSize: 0x200, Cylinders: 0x9B2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:01:31.0171 3696  ============================================================
20:01:31.0171 3696  \Device\Harddisk0\DR0:
20:01:31.0171 3696  MBR partitions:
20:01:31.0171 3696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
20:01:31.0171 3696  \Device\Harddisk1\DR1:
20:01:31.0171 3696  MBR partitions:
20:01:31.0171 3696  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2606AF3
20:01:31.0171 3696  ============================================================
20:01:31.0203 3696  C: <-> \Device\Harddisk0\DR0\Partition1
20:01:31.0203 3696  D: <-> \Device\Harddisk1\DR1\Partition1
20:01:31.0203 3696  ============================================================
20:01:31.0203 3696  Initialize success
20:01:31.0203 3696  ============================================================
20:01:40.0937 3504  ============================================================
20:01:40.0937 3504  Scan started
20:01:40.0937 3504  Mode: Manual;
20:01:40.0937 3504  ============================================================
20:01:41.0343 3504  ================ Scan system memory ========================
20:01:41.0343 3504  System memory - ok
20:01:41.0343 3504  ================ Scan services =============================
20:01:41.0421 3504  Abiosdsk - ok
20:01:41.0437 3504  abp480n5 - ok
20:01:41.0500 3504  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:01:41.0515 3504  ACPI - ok
20:01:41.0609 3504  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:01:41.0625 3504  ACPIEC - ok
20:01:41.0687 3504  [ 233235123F3D73228EC3D2BBA0E7143D ] ACS             C:\WINDOWS\system32\acs.exe
20:01:42.0765 3504  ACS - ok
20:01:42.0781 3504  adpu160m - ok
20:01:42.0937 3504  [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
20:01:42.0953 3504  AdvancedSystemCareService6 - ok
20:01:43.0000 3504  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:01:43.0015 3504  aec - ok
20:01:43.0062 3504  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:01:43.0078 3504  AegisP - ok
20:01:43.0125 3504  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:01:43.0125 3504  AFD - ok
20:01:43.0171 3504  [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
20:01:43.0171 3504  AFS2K - ok
20:01:43.0218 3504  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:01:43.0218 3504  agp440 - ok
20:01:43.0234 3504  Aha154x - ok
20:01:43.0250 3504  aic78u2 - ok
20:01:43.0265 3504  aic78xx - ok
20:01:43.0296 3504  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:01:43.0312 3504  Alerter - ok
20:01:43.0343 3504  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:01:43.0359 3504  ALG - ok
20:01:43.0375 3504  AliIde - ok
20:01:43.0390 3504  amsint - ok
20:01:43.0484 3504  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
20:01:43.0484 3504  AOL ACS - ok
20:01:43.0562 3504  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:01:43.0578 3504  Apple Mobile Device - ok
20:01:43.0593 3504  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:01:43.0609 3504  AppMgmt - ok
20:01:43.0671 3504  [ 08E03E8AB837DC9DD2737930ECD19FBC ] AR5211          C:\WINDOWS\system32\DRIVERS\WPN311.sys
20:01:43.0687 3504  AR5211 - ok
20:01:43.0703 3504  asc - ok
20:01:43.0703 3504  asc3350p - ok
20:01:43.0718 3504  asc3550 - ok
20:01:43.0859 3504  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:01:43.0921 3504  aspnet_state - ok
20:01:43.0953 3504  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:01:43.0984 3504  AsyncMac - ok
20:01:44.0031 3504  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:01:44.0046 3504  atapi - ok
20:01:44.0046 3504  Atdisk - ok
20:01:44.0078 3504  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:01:44.0109 3504  Atmarpc - ok
20:01:44.0156 3504  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:01:44.0171 3504  AudioSrv - ok
20:01:44.0218 3504  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:01:44.0234 3504  audstub - ok
20:01:44.0296 3504  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:01:44.0312 3504  Beep - ok
20:01:44.0359 3504  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:01:44.0375 3504  BITS - ok
20:01:44.0468 3504  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:01:44.0484 3504  Bonjour Service - ok
20:01:44.0546 3504  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:01:44.0546 3504  Browser - ok
20:01:44.0578 3504  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:01:44.0609 3504  cbidf2k - ok
20:01:44.0687 3504  [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
20:01:45.0031 3504  CCALib8 - ok
20:01:45.0046 3504  cd20xrnt - ok
20:01:45.0093 3504  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:01:45.0109 3504  Cdaudio - ok
20:01:45.0140 3504  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:01:45.0140 3504  Cdfs - ok
20:01:45.0203 3504  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:01:45.0218 3504  Cdrom - ok
20:01:45.0234 3504  Changer - ok
20:01:45.0250 3504  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:01:45.0265 3504  CiSvc - ok
20:01:45.0296 3504  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:01:45.0312 3504  ClipSrv - ok
20:01:45.0343 3504  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:45.0406 3504  clr_optimization_v2.0.50727_32 - ok
20:01:45.0421 3504  CmdIde - ok
20:01:45.0468 3504  [ E5842CCF0953D3D46D5E26427B67E901 ] cmpci           C:\WINDOWS\system32\drivers\cmaudio.sys
20:01:45.0484 3504  cmpci - ok
20:01:45.0500 3504  COMSysApp - ok
20:01:45.0531 3504  Cpqarray - ok
20:01:45.0578 3504  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:01:45.0593 3504  CryptSvc - ok
20:01:45.0656 3504  [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
20:01:45.0656 3504  ctxusbm - ok
20:01:45.0671 3504  dac2w2k - ok
20:01:45.0687 3504  dac960nt - ok
20:01:45.0750 3504  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:01:45.0750 3504  DcomLaunch - ok
20:01:45.0796 3504  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:01:45.0796 3504  Dhcp - ok
20:01:45.0859 3504  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:01:45.0859 3504  Disk - ok
20:01:45.0859 3504  dmadmin - ok
20:01:45.0953 3504  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:01:45.0984 3504  dmboot - ok
20:01:46.0000 3504  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:01:46.0000 3504  dmio - ok
20:01:46.0031 3504  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:01:46.0031 3504  dmload - ok
20:01:46.0062 3504  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:01:46.0078 3504  dmserver - ok
20:01:46.0125 3504  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:01:46.0156 3504  DMusic - ok
20:01:46.0203 3504  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:01:46.0203 3504  Dnscache - ok
20:01:46.0250 3504  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:01:46.0265 3504  Dot3svc - ok
20:01:46.0281 3504  dpti2o - ok
20:01:46.0296 3504  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:01:46.0312 3504  drmkaud - ok
20:01:46.0343 3504  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:01:46.0375 3504  EapHost - ok
20:01:46.0390 3504  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:01:46.0406 3504  ERSvc - ok
20:01:46.0453 3504  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:01:46.0484 3504  Eventlog - ok
20:01:46.0515 3504  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
20:01:46.0515 3504  EventSystem - ok
20:01:46.0656 3504  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:01:46.0656 3504  Fastfat - ok
20:01:46.0687 3504  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:01:46.0703 3504  FastUserSwitchingCompatibility - ok
20:01:46.0750 3504  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:01:46.0765 3504  Fdc - ok
20:01:46.0781 3504  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:01:46.0796 3504  Fips - ok
20:01:46.0828 3504  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:01:46.0843 3504  Flpydisk - ok
20:01:47.0015 3504  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:01:47.0015 3504  FltMgr - ok
20:01:47.0140 3504  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:47.0140 3504  FontCache3.0.0.0 - ok
20:01:47.0156 3504  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:01:47.0171 3504  Fs_Rec - ok
20:01:47.0203 3504  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:01:47.0203 3504  Ftdisk - ok
20:01:47.0250 3504  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:01:47.0250 3504  gameenum - ok
20:01:47.0312 3504  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:01:47.0328 3504  GEARAspiWDM - ok
20:01:47.0375 3504  [ D8E3E0C677913046A9910FFA6E5352B9 ] gfiark          C:\WINDOWS\system32\drivers\gfiark.sys
20:01:47.0390 3504  gfiark - ok
20:01:47.0437 3504  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
20:01:47.0437 3504  gfibto - ok
20:01:47.0453 3504  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:01:47.0468 3504  Gpc - ok
20:01:47.0546 3504  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:01:47.0562 3504  helpsvc - ok
20:01:47.0578 3504  HidServ - ok
20:01:47.0640 3504  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:01:47.0640 3504  hidusb - ok
20:01:47.0687 3504  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:01:47.0703 3504  hkmsvc - ok
20:01:47.0718 3504  hpn - ok
20:01:47.0750 3504  [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:01:47.0781 3504  HPZid412 - ok
20:01:47.0781 3504  [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:01:47.0796 3504  HPZipr12 - ok
20:01:47.0843 3504  [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:01:47.0859 3504  HPZius12 - ok
20:01:47.0906 3504  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:01:47.0921 3504  HTTP - ok
20:01:47.0937 3504  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:01:47.0968 3504  HTTPFilter - ok
20:01:47.0984 3504  i2omgmt - ok
20:01:48.0000 3504  i2omp - ok
20:01:48.0031 3504  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:01:48.0046 3504  i8042prt - ok
20:01:48.0156 3504  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:48.0203 3504  idsvc - ok
20:01:48.0234 3504  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:01:48.0250 3504  Imapi - ok
20:01:48.0312 3504  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:01:48.0328 3504  ImapiService - ok
20:01:48.0343 3504  ini910u - ok
20:01:48.0390 3504  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:01:48.0421 3504  IntelIde - ok
20:01:48.0468 3504  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:01:48.0468 3504  intelppm - ok
20:01:48.0484 3504  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:01:48.0500 3504  Ip6Fw - ok
20:01:48.0531 3504  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:01:48.0546 3504  IpFilterDriver - ok
20:01:48.0546 3504  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:01:48.0578 3504  IpInIp - ok
20:01:48.0625 3504  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:01:48.0625 3504  IpNat - ok
20:01:48.0703 3504  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:01:48.0812 3504  iPod Service - ok
20:01:48.0859 3504  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:01:48.0890 3504  IPSec - ok
20:01:48.0937 3504  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:01:48.0953 3504  IRENUM - ok
20:01:48.0984 3504  [ DCCBDFD30BBECA6D74D9133981429B94 ] is3srv          C:\WINDOWS\system32\drivers\is3srv.sys
20:01:48.0984 3504  is3srv - ok
20:01:49.0015 3504  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:01:49.0015 3504  isapnp - ok
20:01:49.0140 3504  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:01:49.0156 3504  JavaQuickStarterService - ok
20:01:49.0203 3504  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:01:49.0218 3504  Kbdclass - ok
20:01:49.0250 3504  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:01:49.0265 3504  kmixer - ok
20:01:49.0296 3504  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:01:49.0296 3504  KSecDD - ok
20:01:49.0328 3504  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
20:01:49.0328 3504  LanmanServer - ok
20:01:49.0375 3504  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:01:49.0390 3504  lanmanworkstation - ok
20:01:49.0390 3504  lbrtfdc - ok
20:01:49.0437 3504  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:01:49.0453 3504  LmHosts - ok
20:01:49.0515 3504  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:01:49.0531 3504  Messenger - ok
20:01:49.0640 3504  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:01:49.0656 3504  Microsoft Office Groove Audit Service - ok
20:01:49.0687 3504  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:01:49.0703 3504  mnmdd - ok
20:01:49.0750 3504  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:01:49.0765 3504  mnmsrvc - ok
20:01:49.0796 3504  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:01:49.0828 3504  Modem - ok
20:01:49.0859 3504  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:01:49.0875 3504  Mouclass - ok
20:01:49.0906 3504  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:01:49.0921 3504  mouhid - ok
20:01:49.0968 3504  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:01:49.0968 3504  MountMgr - ok
20:01:49.0984 3504  mraid35x - ok
20:01:50.0000 3504  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:01:50.0000 3504  MRxDAV - ok
20:01:50.0046 3504  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:01:50.0062 3504  MRxSmb - ok
20:01:50.0109 3504  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:01:50.0109 3504  MSDTC - ok
20:01:50.0187 3504  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:01:50.0187 3504  Msfs - ok
20:01:50.0203 3504  MSIServer - ok
20:01:50.0250 3504  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:01:50.0265 3504  MSKSSRV - ok
20:01:50.0281 3504  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:01:50.0296 3504  MSPCLOCK - ok
20:01:50.0312 3504  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:01:50.0312 3504  MSPQM - ok
20:01:50.0359 3504  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:01:50.0359 3504  mssmbios - ok
20:01:50.0390 3504  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:01:50.0390 3504  Mup - ok
20:01:50.0437 3504  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:01:50.0468 3504  napagent - ok
20:01:50.0484 3504  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:01:50.0484 3504  NDIS - ok
20:01:50.0515 3504  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:01:50.0515 3504  NdisTapi - ok
20:01:50.0562 3504  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:01:50.0562 3504  Ndisuio - ok
20:01:50.0609 3504  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:01:50.0625 3504  NdisWan - ok
20:01:50.0687 3504  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:01:50.0687 3504  NDProxy - ok
20:01:50.0734 3504  [ F1E6811D85A202F0F3048B3C0B9CEF71 ] NEOFLTR_700_19821 C:\WINDOWS\system32\Drivers\NEOFLTR_700_19821.SYS
20:01:50.0734 3504  NEOFLTR_700_19821 - ok
20:01:50.0750 3504  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:01:50.0750 3504  NetBIOS - ok
20:01:50.0765 3504  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:01:50.0781 3504  NetBT - ok
20:01:50.0843 3504  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:01:50.0859 3504  NetDDE - ok
20:01:50.0875 3504  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:01:50.0875 3504  NetDDEdsdm - ok
20:01:50.0937 3504  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:01:50.0937 3504  Netlogon - ok
20:01:50.0953 3504  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:01:50.0968 3504  Netman - ok
20:01:51.0000 3504  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:51.0031 3504  NetTcpPortSharing - ok
20:01:51.0078 3504  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:01:51.0078 3504  Nla - ok
20:01:51.0125 3504  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:01:51.0125 3504  Npfs - ok
20:01:51.0171 3504  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:01:51.0171 3504  Ntfs - ok
20:01:51.0187 3504  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:01:51.0187 3504  NtLmSsp - ok
20:01:51.0234 3504  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:01:51.0265 3504  NtmsSvc - ok
20:01:51.0281 3504  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:01:51.0296 3504  Null - ok
20:01:51.0375 3504  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:01:51.0437 3504  nv - ok
20:01:51.0484 3504  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:01:51.0500 3504  NwlnkFlt - ok
20:01:51.0515 3504  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:01:51.0531 3504  NwlnkFwd - ok
20:01:51.0640 3504  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:01:51.0656 3504  odserv - ok
20:01:51.0703 3504  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:51.0718 3504  ose - ok
20:01:51.0750 3504  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:01:51.0765 3504  Parport - ok
20:01:51.0796 3504  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:01:51.0796 3504  PartMgr - ok
20:01:51.0843 3504  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:01:51.0859 3504  ParVdm - ok
20:01:51.0890 3504  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:01:51.0890 3504  PCI - ok
20:01:51.0906 3504  PCIDump - ok
20:01:51.0921 3504  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:01:51.0921 3504  PCIIde - ok
20:01:51.0984 3504  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:01:52.0000 3504  Pcmcia - ok
20:01:52.0015 3504  PDCOMP - ok
20:01:52.0031 3504  PDFRAME - ok
20:01:52.0046 3504  PDRELI - ok
20:01:52.0046 3504  PDRFRAME - ok
20:01:52.0062 3504  perc2 - ok
20:01:52.0078 3504  perc2hib - ok
20:01:52.0125 3504  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:01:52.0140 3504  PlugPlay - ok
20:01:52.0171 3504  [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:01:52.0203 3504  Pml Driver HPZ12 - ok
20:01:52.0203 3504  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:01:52.0203 3504  PolicyAgent - ok
20:01:52.0250 3504  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:01:52.0265 3504  PptpMiniport - ok
20:01:52.0265 3504  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:01:52.0281 3504  ProtectedStorage - ok
20:01:52.0281 3504  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:01:52.0296 3504  PSched - ok
20:01:52.0312 3504  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:01:52.0328 3504  Ptilink - ok
20:01:52.0343 3504  ql1080 - ok
20:01:52.0359 3504  Ql10wnt - ok
20:01:52.0375 3504  ql12160 - ok
20:01:52.0375 3504  ql1240 - ok
20:01:52.0390 3504  ql1280 - ok
20:01:52.0406 3504  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:01:52.0437 3504  RasAcd - ok
20:01:52.0484 3504  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:01:52.0500 3504  RasAuto - ok
20:01:52.0531 3504  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:01:52.0546 3504  Rasl2tp - ok
20:01:52.0578 3504  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:01:52.0593 3504  RasMan - ok
20:01:52.0609 3504  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:01:52.0625 3504  RasPppoe - ok
20:01:52.0671 3504  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:01:52.0687 3504  Raspti - ok
20:01:52.0703 3504  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:01:52.0718 3504  Rdbss - ok
20:01:52.0734 3504  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:01:52.0750 3504  RDPCDD - ok
20:01:52.0812 3504  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:01:52.0828 3504  rdpdr - ok
20:01:52.0875 3504  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:01:52.0875 3504  RDPWD - ok
20:01:52.0937 3504  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:01:52.0937 3504  RDSessMgr - ok
20:01:52.0984 3504  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:01:53.0000 3504  redbook - ok
20:01:53.0062 3504  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:01:53.0078 3504  RemoteAccess - ok
20:01:53.0156 3504  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:01:53.0171 3504  RemoteRegistry - ok
20:01:53.0187 3504  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:01:53.0203 3504  RpcLocator - ok
20:01:53.0250 3504  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:01:53.0265 3504  RpcSs - ok
20:01:53.0296 3504  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:01:53.0312 3504  RSVP - ok
20:01:53.0343 3504  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:01:53.0359 3504  rtl8139 - ok
20:01:53.0390 3504  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:01:53.0390 3504  SamSs - ok
20:01:53.0437 3504  [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
20:01:53.0453 3504  sbaphd - ok
20:01:53.0484 3504  [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
20:01:53.0484 3504  sbapifs - ok
20:01:53.0531 3504  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
20:01:53.0546 3504  SBRE - ok
20:01:53.0593 3504  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:01:53.0609 3504  SCardSvr - ok
20:01:53.0656 3504  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:01:53.0687 3504  Schedule - ok
20:01:53.0703 3504  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:01:53.0734 3504  Secdrv - ok
20:01:53.0781 3504  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:01:53.0796 3504  seclogon - ok
20:01:53.0812 3504  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:01:53.0812 3504  SENS - ok
20:01:53.0859 3504  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:01:53.0875 3504  serenum - ok
20:01:53.0890 3504  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:01:53.0906 3504  Serial - ok
20:01:53.0968 3504  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:01:53.0984 3504  Sfloppy - ok
20:01:54.0031 3504  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:01:54.0046 3504  SharedAccess - ok
20:01:54.0109 3504  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:01:54.0109 3504  ShellHWDetection - ok
20:01:54.0125 3504  Simbad - ok
20:01:54.0156 3504  [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
20:01:54.0156 3504  SmartDefragDriver - ok
20:01:54.0218 3504  [ 13D149D7114A72DACE8464B8464B7767 ] SMBios          C:\WINDOWS\system32\DRIVERS\SMBios.sys
20:01:54.0234 3504  SMBios - ok
20:01:54.0250 3504  Sparrow - ok
20:01:54.0296 3504  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:01:54.0312 3504  splitter - ok
20:01:54.0343 3504  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:01:54.0359 3504  Spooler - ok
20:01:54.0390 3504  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:01:54.0390 3504  sr - ok
20:01:54.0421 3504  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:01:54.0437 3504  srservice - ok
20:01:54.0484 3504  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:01:54.0500 3504  Srv - ok
20:01:54.0531 3504  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:01:54.0546 3504  SSDPSRV - ok
20:01:54.0609 3504  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
20:01:54.0625 3504  StillCam - ok
20:01:54.0718 3504  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:01:54.0750 3504  stisvc - ok
20:01:54.0765 3504  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:01:54.0796 3504  swenum - ok
20:01:54.0843 3504  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:01:54.0859 3504  swmidi - ok
20:01:54.0875 3504  SwPrv - ok
20:01:54.0875 3504  symc810 - ok
20:01:54.0890 3504  symc8xx - ok
20:01:54.0906 3504  sym_hi - ok
20:01:54.0921 3504  sym_u3 - ok
20:01:54.0953 3504  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:01:54.0968 3504  sysaudio - ok
20:01:55.0015 3504  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:01:55.0031 3504  SysmonLog - ok
20:01:55.0078 3504  [ DAF040F1F0EE176518860FBC339539DA ] szkg5           C:\WINDOWS\system32\DRIVERS\szkg.sys
20:01:55.0078 3504  szkg5 - ok
20:01:55.0093 3504  [ C686E097A867FB950EBF8878E350D95B ] szkgfs          C:\WINDOWS\system32\drivers\szkgfs.sys
20:01:55.0093 3504  szkgfs - ok
20:01:55.0156 3504  [ 3C564D2E4BB4AB224FB0AE134DB4F9E0 ] szserver        C:\Program Files\STOPzilla!\SZServer.exe
20:01:55.0171 3504  szserver - ok
20:01:55.0218 3504  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:01:55.0234 3504  TapiSrv - ok
20:01:55.0281 3504  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:01:55.0281 3504  Tcpip - ok
20:01:55.0328 3504  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:01:55.0343 3504  TDPIPE - ok
20:01:55.0343 3504  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:01:55.0359 3504  TDTCP - ok
20:01:55.0390 3504  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:01:55.0406 3504  TermDD - ok
20:01:55.0437 3504  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:01:55.0468 3504  TermService - ok
20:01:55.0500 3504  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:01:55.0500 3504  Themes - ok
20:01:55.0546 3504  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:01:55.0578 3504  TlntSvr - ok
20:01:55.0593 3504  TosIde - ok
20:01:55.0625 3504  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:01:55.0640 3504  TrkWks - ok
20:01:55.0703 3504  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:01:55.0718 3504  Udfs - ok
20:01:55.0734 3504  ultra - ok
20:01:55.0781 3504  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:01:55.0796 3504  Update - ok
20:01:55.0875 3504  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:01:55.0890 3504  upnphost - ok
20:01:55.0921 3504  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:01:55.0937 3504  UPS - ok
20:01:55.0968 3504  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:01:55.0984 3504  USBAAPL - ok
20:01:56.0000 3504  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:01:56.0046 3504  usbccgp - ok
20:01:56.0062 3504  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:01:56.0078 3504  usbehci - ok
20:01:56.0125 3504  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:01:56.0140 3504  usbhub - ok
20:01:56.0171 3504  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:01:56.0187 3504  usbprint - ok
20:01:56.0218 3504  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:01:56.0234 3504  usbscan - ok
20:01:56.0250 3504  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:01:56.0265 3504  usbstor - ok
20:01:56.0296 3504  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:01:56.0312 3504  usbuhci - ok
20:01:56.0343 3504  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:01:56.0343 3504  VgaSave - ok
20:01:56.0359 3504  ViaIde - ok
20:01:56.0406 3504  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:01:56.0406 3504  VolSnap - ok
20:01:56.0453 3504  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:01:56.0484 3504  VSS - ok
20:01:56.0546 3504  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:01:56.0562 3504  W32Time - ok
20:01:56.0609 3504  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:01:56.0625 3504  Wanarp - ok
20:01:56.0656 3504  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:01:56.0671 3504  wanatw - ok
20:01:56.0671 3504  WDICA - ok
20:01:56.0718 3504  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:01:56.0734 3504  wdmaud - ok
20:01:56.0796 3504  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:01:56.0812 3504  WebClient - ok
20:01:56.0921 3504  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:01:56.0937 3504  winmgmt - ok
20:01:57.0000 3504  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
20:01:57.0031 3504  WmdmPmSN - ok
20:01:57.0062 3504  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:01:57.0078 3504  Wmi - ok
20:01:57.0140 3504  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:01:57.0156 3504  WmiApSrv - ok
20:01:57.0203 3504  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:01:57.0218 3504  WS2IFSL - ok
20:01:57.0250 3504  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:01:57.0265 3504  wscsvc - ok
20:01:57.0312 3504  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:01:57.0343 3504  wuauserv - ok
20:01:57.0375 3504  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:01:57.0390 3504  WZCSVC - ok
20:01:57.0453 3504  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:01:57.0468 3504  xmlprov - ok
20:01:57.0484 3504  ================ Scan global ===============================
20:01:57.0531 3504  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:01:57.0593 3504  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:01:57.0656 3504  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:01:57.0671 3504  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:01:57.0671 3504  [Global] - ok
20:01:57.0671 3504  ================ Scan MBR ==================================
20:01:57.0703 3504  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:01:57.0875 3504  \Device\Harddisk0\DR0 - ok
20:01:57.0875 3504  [ EEAFC431327CF42A72D9CFAFFC02DC26 ] \Device\Harddisk1\DR1
20:01:57.0937 3504  \Device\Harddisk1\DR1 - ok
20:01:57.0937 3504  ================ Scan VBR ==================================
20:01:57.0937 3504  [ B0DCCA4169B6ABDAC55A89DBA3313D32 ] \Device\Harddisk0\DR0\Partition1
20:01:57.0937 3504  \Device\Harddisk0\DR0\Partition1 - ok
20:01:57.0953 3504  [ 62A0B9FA62328FEF72D38951D13C0B08 ] \Device\Harddisk1\DR1\Partition1
20:01:57.0953 3504  \Device\Harddisk1\DR1\Partition1 - ok
20:01:57.0953 3504  ============================================================
20:01:57.0953 3504  Scan finished
20:01:57.0953 3504  ============================================================
20:01:57.0984 1696  Detected object count: 0
20:01:57.0984 1696  Actual detected object count: 0
 

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 06 December 2012 - 10:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 07 December 2012 - 07:15 PM

Here's the combofix log. It has been working good for 36 hours and the redirect hasn't returned.


ComboFix 12-12-04.01 - JohnA 12/07/2012 18:50:15.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.861 [GMT -5:00]
Running from: c:\documents and settings\JohnA.JOHN.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JohnA.JOHN.000\Desktop\CFScript.txt
AV: STOPzilla! *Disabled/Updated* {271A6322-9DAA-4E02-932D-7EDF389FFCF0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\SBS_LIBNSIS_TEMP_20121107184130.109_ 49
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-06 19:19 . 2012-12-06 19:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-03 11:33 . 2012-01-12 13:26 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-12-03 11:33 . 2012-01-12 13:26 21240 ----a-r- c:\windows\system32\drivers\sbaphd.sys
2012-12-03 11:25 . 2012-12-03 11:25 105 ----a-w- C:\prefs.js
2012-12-03 03:37 . 2012-12-03 03:37 -------- d-sh--w- c:\documents and settings\JohnA.JOHN.000\IECompatCache
2012-12-02 21:34 . 2012-12-06 14:16 -------- d-----w- c:\program files\STOPzilla!
2012-12-02 21:33 . 2012-12-08 00:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2012-12-02 20:32 . 2012-10-24 14:32 30688 ----a-w- c:\windows\system32\drivers\gfiark.sys
2012-12-02 12:57 . 2012-12-02 12:57 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\LavasoftStatistics
2012-12-02 12:48 . 2012-12-02 12:48 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Local Settings\Application Data\Downloaded Installations
2012-12-02 12:48 . 2012-12-02 12:48 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 12:47 . 2012-12-02 12:47 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\Application Data\blekko
2012-12-02 02:08 . 2012-12-02 02:09 -------- d-----w- c:\documents and settings\Administrator.JOHN
2012-12-01 22:45 . 2012-12-01 22:45 -------- d-----w- c:\documents and settings\JohnA.JOHN.000\AppData
2012-12-01 22:43 . 2012-12-01 22:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2012-11-16 16:27 . 2012-11-16 16:27 -------- d-----w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 19:20 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-11-03 13:59 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
2012-10-24 13:16 . 2012-10-24 13:16 23416 ----a-r- c:\windows\system32\SZIO5.dll
2012-10-24 13:16 . 2012-10-24 13:16 681848 ----a-r- c:\windows\system32\SZComp5.dll
2012-10-24 13:16 . 2012-10-24 13:16 509816 ----a-r- c:\windows\system32\SZBase5.dll
2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 14:06 . 2012-10-11 14:06 29048 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-10-11 14:06 . 2012-10-11 14:06 231288 ----a-r- c:\windows\system32\IS3Win325.dll
2012-10-11 14:06 . 2012-10-11 14:06 391032 ----a-r- c:\windows\system32\IS3UI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 100216 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-10-11 14:06 . 2012-10-11 14:06 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-10-11 14:06 . 2012-10-11 14:06 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-10-11 14:06 . 2012-10-11 14:06 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-10-11 14:06 . 2012-10-11 14:06 460664 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-10-11 14:06 . 2012-10-11 14:06 817016 ----a-r- c:\windows\system32\IS3Base5.dll
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2011-11-27 01:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-25 490880]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"HostManager"="c:\program files\Common Files\AOL\1322569161\ee\AOLSoftware.exe" [2010-03-08 41800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
c:\documents and settings\johna\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2007-11-14 2836304]
.
c:\documents and settings\JohnA.JOHN.000\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-14 33280]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1322569161\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/2/2012 7:48 AM 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [12/4/2011 4:42 PM 14776]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 2:28 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/4/2012 1:05 PM 73008]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]
R1 NEOFLTR_700_19821;Juniper Networks TDI Filter Driver (NEOFLTR_700_19821);c:\windows\system32\drivers\NEOFLTR_700_19821.SYS [1/26/2012 10:00 AM 85064]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [12/3/2012 6:33 AM 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/26/2011 8:13 PM 101112]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [12/1/2012 5:35 PM 464256]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [12/3/2012 6:33 AM 77816]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [3/20/2012 9:51 AM 99728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/2/2012 3:32 PM 30688]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: state.ny.us\secure.ejusticeny
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37024868.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-07 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3040)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\STOPzilla!\SZServer.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\Mixer.exe
c:\program files\AOL Desktop 9.7\waol.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.7\shellmon.exe
c:\program files\Common Files\AOL\1322569161\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-12-07 19:15:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-08 00:15
ComboFix2.txt 2012-12-06 16:34
ComboFix3.txt 2012-12-04 00:29
ComboFix4.txt 2009-12-02 14:55
ComboFix5.txt 2012-12-07 23:45
.
Pre-Run: 194,176,016,384 bytes free
Post-Run: 194,490,126,336 bytes free
.
- - End Of File - - D1C2F9831F732E954F3BF621AEA966BA

Edited by Pate, 07 December 2012 - 07:15 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 07 December 2012 - 08:38 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Pate

Pate
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 08 December 2012 - 01:38 PM

Here's the new log. Everything is still working o.k.


Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advanced SystemCare 6
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Disney Toontown Online
DocProc
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Update
hpmdtab
HPPhotoSmartExpress
I.R.I.S. OCR
Image Plugin
InstantShareAlert
iTunes
Java Auto Updater
Java™ 6 Update 29
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Malwarebytes Anti-Malware version 1.65.1.1000
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
NETGEAR WPN311 Wireless Adapter
PCI Audio Driver
QFolder
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart Defrag 2
STOPzilla
swMSM
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
XMLinst




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users