Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow and redirects, please help


  • This topic is locked This topic is locked
14 replies to this topic

#1 peterk422

peterk422

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 December 2012 - 02:04 PM

My fathers computer, a Dell desktop computer, is running very slow and redirects searches.I have remove the Mywebsearch toolbar several time but it keeps coming back. Please help

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 08 December 2012 - 02:18 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 December 2012 - 04:45 PM

Here is the TDSS log



16:24:37.0453 1956 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:24:37.0500 1956 ============================================================
16:24:37.0500 1956 Current date / time: 2012/12/08 16:24:37.0500
16:24:37.0500 1956 SystemInfo:
16:24:37.0500 1956
16:24:37.0500 1956 OS Version: 5.1.2600 ServicePack: 3.0
16:24:37.0500 1956 Product type: Workstation
16:24:37.0500 1956 ComputerName: DELL
16:24:37.0500 1956 UserName: Owner
16:24:37.0500 1956 Windows directory: C:\WINDOWS
16:24:37.0500 1956 System windows directory: C:\WINDOWS
16:24:37.0500 1956 Processor architecture: Intel x86
16:24:37.0500 1956 Number of processors: 1
16:24:37.0500 1956 Page size: 0x1000
16:24:37.0500 1956 Boot type: Normal boot
16:24:37.0500 1956 ============================================================
16:24:39.0593 1956 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:24:39.0609 1956 Drive \Device\Harddisk1\DR2 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:24:39.0609 1956 ============================================================
16:24:39.0609 1956 \Device\Harddisk0\DR0:
16:24:39.0609 1956 MBR partitions:
16:24:39.0609 1956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
16:24:39.0609 1956 \Device\Harddisk1\DR2:
16:24:39.0609 1956 MBR partitions:
16:24:39.0609 1956 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
16:24:39.0609 1956 ============================================================
16:24:39.0640 1956 C: <-> \Device\Harddisk0\DR0\Partition1
16:24:39.0640 1956 ============================================================
16:24:39.0640 1956 Initialize success
16:24:39.0640 1956 ============================================================
16:24:42.0406 0452 ============================================================
16:24:42.0406 0452 Scan started
16:24:42.0406 0452 Mode: Manual;
16:24:42.0406 0452 ============================================================
16:24:43.0828 0452 ================ Scan system memory ========================
16:24:43.0828 0452 System memory - ok
16:24:43.0843 0452 ================ Scan services =============================
16:24:43.0968 0452 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:24:43.0968 0452 !SASCORE - ok
16:24:44.0078 0452 Abiosdsk - ok
16:24:44.0093 0452 abp480n5 - ok
16:24:44.0171 0452 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:24:44.0187 0452 ACPI - ok
16:24:44.0609 0452 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:24:44.0609 0452 ACPIEC - ok
16:24:44.0734 0452 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:24:44.0765 0452 AdobeFlashPlayerUpdateSvc - ok
16:24:44.0765 0452 adpu160m - ok
16:24:44.0812 0452 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:24:44.0828 0452 aec - ok
16:24:44.0843 0452 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:24:44.0859 0452 AFD - ok
16:24:44.0859 0452 Aha154x - ok
16:24:44.0875 0452 aic78u2 - ok
16:24:44.0890 0452 aic78xx - ok
16:24:44.0953 0452 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:24:44.0953 0452 Alerter - ok
16:24:44.0984 0452 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:24:44.0984 0452 ALG - ok
16:24:44.0984 0452 AliIde - ok
16:24:45.0000 0452 amsint - ok
16:24:45.0015 0452 asc - ok
16:24:45.0031 0452 asc3350p - ok
16:24:45.0046 0452 asc3550 - ok
16:24:45.0156 0452 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:24:45.0250 0452 aspnet_state - ok
16:24:45.0296 0452 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:24:45.0296 0452 AsyncMac - ok
16:24:45.0328 0452 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:24:45.0328 0452 atapi - ok
16:24:45.0343 0452 Atdisk - ok
16:24:45.0359 0452 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:24:45.0359 0452 Atmarpc - ok
16:24:45.0437 0452 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:24:45.0437 0452 AudioSrv - ok
16:24:45.0500 0452 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:24:45.0500 0452 audstub - ok
16:24:45.0578 0452 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:24:45.0578 0452 Beep - ok
16:24:45.0609 0452 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:24:45.0609 0452 Browser - ok
16:24:45.0609 0452 catchme - ok
16:24:45.0640 0452 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:24:45.0640 0452 cbidf2k - ok
16:24:45.0656 0452 cd20xrnt - ok
16:24:45.0671 0452 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:24:45.0671 0452 Cdaudio - ok
16:24:45.0734 0452 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:24:45.0734 0452 Cdfs - ok
16:24:45.0765 0452 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:24:45.0765 0452 Cdrom - ok
16:24:45.0796 0452 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
16:24:45.0796 0452 cercsr6 - ok
16:24:45.0812 0452 Changer - ok
16:24:45.0875 0452 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:24:45.0875 0452 CiSvc - ok
16:24:45.0875 0452 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:24:45.0875 0452 ClipSrv - ok
16:24:45.0906 0452 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:46.0015 0452 clr_optimization_v2.0.50727_32 - ok
16:24:46.0031 0452 CmdIde - ok
16:24:46.0046 0452 COMSysApp - ok
16:24:46.0062 0452 Cpqarray - ok
16:24:46.0109 0452 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:24:46.0109 0452 CryptSvc - ok
16:24:46.0125 0452 dac2w2k - ok
16:24:46.0125 0452 dac960nt - ok
16:24:46.0218 0452 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:24:46.0359 0452 DcomLaunch - ok
16:24:46.0437 0452 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:24:46.0437 0452 Dhcp - ok
16:24:46.0453 0452 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:24:46.0453 0452 Disk - ok
16:24:46.0468 0452 dmadmin - ok
16:24:46.0515 0452 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:24:46.0546 0452 dmboot - ok
16:24:46.0562 0452 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:24:46.0562 0452 dmio - ok
16:24:46.0609 0452 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:24:46.0609 0452 dmload - ok
16:24:46.0640 0452 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:24:46.0640 0452 dmserver - ok
16:24:46.0687 0452 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:24:46.0687 0452 DMusic - ok
16:24:46.0750 0452 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:24:46.0750 0452 Dnscache - ok
16:24:46.0812 0452 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:24:46.0812 0452 Dot3svc - ok
16:24:46.0843 0452 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:24:46.0890 0452 dot4 - ok
16:24:46.0890 0452 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:24:46.0890 0452 Dot4Print - ok
16:24:46.0921 0452 [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
16:24:46.0921 0452 Dot4Scan - ok
16:24:46.0921 0452 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:24:46.0921 0452 dot4usb - ok
16:24:46.0953 0452 dpti2o - ok
16:24:47.0015 0452 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:24:47.0015 0452 drmkaud - ok
16:24:47.0093 0452 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:24:47.0109 0452 E100B - ok
16:24:47.0171 0452 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:24:47.0171 0452 EapHost - ok
16:24:47.0250 0452 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:24:47.0250 0452 ERSvc - ok
16:24:47.0312 0452 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:24:47.0328 0452 Eventlog - ok
16:24:47.0359 0452 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:24:47.0375 0452 EventSystem - ok
16:24:47.0406 0452 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:24:47.0421 0452 Fastfat - ok
16:24:47.0500 0452 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:24:47.0500 0452 FastUserSwitchingCompatibility - ok
16:24:47.0531 0452 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:24:47.0531 0452 Fdc - ok
16:24:47.0609 0452 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:24:47.0609 0452 Fips - ok
16:24:47.0609 0452 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:24:47.0609 0452 Flpydisk - ok
16:24:47.0640 0452 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:24:47.0640 0452 FltMgr - ok
16:24:47.0765 0452 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:24:47.0765 0452 FontCache3.0.0.0 - ok
16:24:47.0781 0452 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:24:47.0781 0452 Fs_Rec - ok
16:24:47.0796 0452 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:24:47.0796 0452 Ftdisk - ok
16:24:47.0828 0452 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:24:47.0828 0452 Gpc - ok
16:24:47.0937 0452 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:24:47.0937 0452 helpsvc - ok
16:24:47.0984 0452 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:24:47.0984 0452 HidServ - ok
16:24:48.0031 0452 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:24:48.0031 0452 HidUsb - ok
16:24:48.0093 0452 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:24:48.0093 0452 hkmsvc - ok
16:24:48.0109 0452 hpn - ok
16:24:48.0171 0452 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:24:48.0187 0452 HTTP - ok
16:24:48.0234 0452 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:24:48.0234 0452 HTTPFilter - ok
16:24:48.0250 0452 i2omgmt - ok
16:24:48.0265 0452 i2omp - ok
16:24:48.0343 0452 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:24:48.0343 0452 i8042prt - ok
16:24:48.0453 0452 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:24:48.0484 0452 ialm - ok
16:24:48.0593 0452 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:24:48.0625 0452 idsvc - ok
16:24:48.0640 0452 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:24:48.0640 0452 Imapi - ok
16:24:48.0703 0452 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:24:48.0718 0452 ImapiService - ok
16:24:48.0734 0452 ini910u - ok
16:24:48.0750 0452 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:24:48.0750 0452 IntelIde - ok
16:24:48.0828 0452 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:24:48.0828 0452 intelppm - ok
16:24:48.0843 0452 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:24:48.0843 0452 Ip6Fw - ok
16:24:48.0890 0452 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:24:48.0890 0452 IpFilterDriver - ok
16:24:48.0906 0452 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:24:48.0906 0452 IpInIp - ok
16:24:48.0921 0452 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:24:48.0953 0452 IpNat - ok
16:24:48.0984 0452 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:24:48.0984 0452 IPSec - ok
16:24:49.0000 0452 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:24:49.0000 0452 IRENUM - ok
16:24:49.0015 0452 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:24:49.0015 0452 isapnp - ok
16:24:49.0140 0452 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:24:49.0156 0452 JavaQuickStarterService - ok
16:24:49.0171 0452 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:24:49.0171 0452 Kbdclass - ok
16:24:49.0234 0452 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:24:49.0234 0452 kbdhid - ok
16:24:49.0281 0452 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:24:49.0296 0452 kmixer - ok
16:24:49.0359 0452 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:24:49.0375 0452 KSecDD - ok
16:24:49.0437 0452 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:24:49.0453 0452 lanmanserver - ok
16:24:49.0531 0452 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:24:49.0593 0452 lanmanworkstation - ok
16:24:49.0640 0452 Lavasoft Kernexplorer - ok
16:24:49.0671 0452 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:24:49.0671 0452 Lbd - ok
16:24:49.0671 0452 lbrtfdc - ok
16:24:49.0750 0452 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:24:49.0750 0452 LmHosts - ok
16:24:49.0781 0452 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:24:49.0781 0452 Messenger - ok
16:24:49.0843 0452 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:24:49.0843 0452 mnmdd - ok
16:24:49.0906 0452 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:24:49.0906 0452 mnmsrvc - ok
16:24:49.0968 0452 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:24:49.0968 0452 Modem - ok
16:24:50.0015 0452 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:24:50.0031 0452 MODEMCSA - ok
16:24:50.0062 0452 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:24:50.0062 0452 Mouclass - ok
16:24:50.0140 0452 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:24:50.0140 0452 mouhid - ok
16:24:50.0156 0452 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:24:50.0156 0452 MountMgr - ok
16:24:50.0171 0452 mraid35x - ok
16:24:50.0187 0452 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:24:50.0187 0452 MRxDAV - ok
16:24:50.0265 0452 [ 5287CA4D2B74A11DF5B718AC8982DAAB ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:24:50.0296 0452 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 5287CA4D2B74A11DF5B718AC8982DAAB, Fake md5: 7D304A5EB4344EBEEAB53A2FE3FFB9F0
16:24:50.0296 0452 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
16:24:50.0296 0452 MRxSmb - detected Virus.Win32.ZAccess.c (0)
16:24:50.0375 0452 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:24:50.0375 0452 MSDTC - ok
16:24:50.0390 0452 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:24:50.0390 0452 Msfs - ok
16:24:50.0406 0452 MSIServer - ok
16:24:50.0468 0452 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:24:50.0468 0452 MSKSSRV - ok
16:24:50.0484 0452 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:24:50.0484 0452 MSPCLOCK - ok
16:24:50.0500 0452 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:24:50.0500 0452 MSPQM - ok
16:24:50.0546 0452 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:24:50.0546 0452 mssmbios - ok
16:24:50.0578 0452 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:24:50.0578 0452 Mup - ok
16:24:50.0625 0452 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:24:50.0640 0452 napagent - ok
16:24:50.0703 0452 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:24:50.0703 0452 NDIS - ok
16:24:50.0765 0452 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:24:50.0765 0452 NdisTapi - ok
16:24:50.0796 0452 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:24:50.0796 0452 Ndisuio - ok
16:24:50.0796 0452 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:24:50.0812 0452 NdisWan - ok
16:24:50.0843 0452 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:24:50.0843 0452 NDProxy - ok
16:24:50.0890 0452 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:24:50.0890 0452 NetBIOS - ok
16:24:50.0968 0452 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:24:50.0984 0452 NetBT - ok
16:24:51.0046 0452 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:24:51.0046 0452 NetDDE - ok
16:24:51.0062 0452 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:24:51.0062 0452 NetDDEdsdm - ok
16:24:51.0109 0452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:24:51.0109 0452 Netlogon - ok
16:24:51.0125 0452 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:24:51.0140 0452 Netman - ok
16:24:51.0359 0452 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:24:51.0375 0452 NetTcpPortSharing - ok
16:24:51.0437 0452 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:24:51.0453 0452 Nla - ok
16:24:51.0515 0452 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:24:51.0515 0452 Npfs - ok
16:24:51.0546 0452 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:24:51.0562 0452 Ntfs - ok
16:24:51.0578 0452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:24:51.0578 0452 NtLmSsp - ok
16:24:51.0640 0452 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:24:51.0671 0452 NtmsSvc - ok
16:24:51.0703 0452 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:24:51.0703 0452 Null - ok
16:24:51.0765 0452 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:24:51.0765 0452 NwlnkFlt - ok
16:24:51.0781 0452 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:24:51.0781 0452 NwlnkFwd - ok
16:24:51.0937 0452 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:24:51.0953 0452 odserv - ok
16:24:52.0000 0452 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:24:52.0015 0452 ose - ok
16:24:52.0078 0452 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:24:52.0078 0452 Parport - ok
16:24:52.0093 0452 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:24:52.0093 0452 PartMgr - ok
16:24:52.0156 0452 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:24:52.0171 0452 ParVdm - ok
16:24:52.0171 0452 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:24:52.0171 0452 PCI - ok
16:24:52.0187 0452 PCIDump - ok
16:24:52.0218 0452 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:24:52.0218 0452 PCIIde - ok
16:24:52.0296 0452 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:24:52.0312 0452 Pcmcia - ok
16:24:52.0312 0452 PDCOMP - ok
16:24:52.0328 0452 PDFRAME - ok
16:24:52.0343 0452 PDRELI - ok
16:24:52.0359 0452 PDRFRAME - ok
16:24:52.0359 0452 perc2 - ok
16:24:52.0375 0452 perc2hib - ok
16:24:52.0453 0452 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:24:52.0453 0452 PlugPlay - ok
16:24:52.0453 0452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:24:52.0453 0452 PolicyAgent - ok
16:24:52.0531 0452 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:24:52.0531 0452 PptpMiniport - ok
16:24:52.0531 0452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:24:52.0531 0452 ProtectedStorage - ok
16:24:52.0546 0452 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:24:52.0546 0452 PSched - ok
16:24:52.0625 0452 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:24:52.0625 0452 PSI - ok
16:24:52.0656 0452 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:24:52.0656 0452 Ptilink - ok
16:24:52.0703 0452 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:24:52.0703 0452 PxHelp20 - ok
16:24:52.0718 0452 ql1080 - ok
16:24:52.0718 0452 Ql10wnt - ok
16:24:52.0734 0452 ql12160 - ok
16:24:52.0750 0452 ql1240 - ok
16:24:52.0750 0452 ql1280 - ok
16:24:52.0765 0452 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:24:52.0765 0452 RasAcd - ok
16:24:52.0828 0452 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:24:52.0828 0452 RasAuto - ok
16:24:52.0875 0452 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:24:52.0875 0452 Rasl2tp - ok
16:24:52.0953 0452 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:24:52.0968 0452 RasMan - ok
16:24:52.0968 0452 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:24:52.0984 0452 RasPppoe - ok
16:24:52.0984 0452 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:24:52.0984 0452 Raspti - ok
16:24:53.0062 0452 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:24:53.0062 0452 Rdbss - ok
16:24:53.0093 0452 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:24:53.0093 0452 RDPCDD - ok
16:24:53.0156 0452 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:24:53.0171 0452 RDPWD - ok
16:24:53.0218 0452 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:24:53.0281 0452 RDSessMgr - ok
16:24:53.0343 0452 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:24:53.0343 0452 redbook - ok
16:24:53.0406 0452 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:24:53.0406 0452 RemoteAccess - ok
16:24:53.0421 0452 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:24:53.0421 0452 RpcLocator - ok
16:24:53.0468 0452 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:24:53.0468 0452 RpcSs - ok
16:24:53.0515 0452 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:24:53.0531 0452 RSVP - ok
16:24:53.0562 0452 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:24:53.0578 0452 SamSs - ok
16:24:53.0640 0452 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:24:53.0640 0452 SASDIFSV - ok
16:24:53.0656 0452 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:24:53.0671 0452 SASKUTIL - ok
16:24:53.0671 0452 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:24:53.0687 0452 SCardSvr - ok
16:24:53.0750 0452 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:24:53.0765 0452 Schedule - ok
16:24:53.0812 0452 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:24:53.0828 0452 Secdrv - ok
16:24:53.0859 0452 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:24:53.0859 0452 seclogon - ok
16:24:53.0968 0452 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
16:24:54.0000 0452 Secunia PSI Agent - ok
16:24:54.0046 0452 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
16:24:54.0062 0452 Secunia Update Agent - ok
16:24:54.0156 0452 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
16:24:54.0187 0452 senfilt - ok
16:24:54.0203 0452 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:24:54.0203 0452 SENS - ok
16:24:54.0250 0452 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:24:54.0250 0452 serenum - ok
16:24:54.0265 0452 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:24:54.0265 0452 Serial - ok
16:24:54.0296 0452 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:24:54.0296 0452 Sfloppy - ok
16:24:54.0328 0452 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:24:54.0328 0452 ShellHWDetection - ok
16:24:54.0343 0452 Simbad - ok
16:24:54.0359 0452 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:24:54.0375 0452 smwdm - ok
16:24:54.0375 0452 Sparrow - ok
16:24:54.0453 0452 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:24:54.0453 0452 splitter - ok
16:24:54.0531 0452 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:24:54.0531 0452 Spooler - ok
16:24:54.0578 0452 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:24:54.0578 0452 sr - ok
16:24:54.0656 0452 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:24:54.0671 0452 srservice - ok
16:24:54.0750 0452 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:24:54.0765 0452 Srv - ok
16:24:54.0796 0452 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:24:54.0812 0452 SSDPSRV - ok
16:24:54.0859 0452 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:24:54.0859 0452 StillCam - ok
16:24:54.0937 0452 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:24:54.0968 0452 stisvc - ok
16:24:55.0000 0452 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:24:55.0000 0452 swenum - ok
16:24:55.0046 0452 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:24:55.0046 0452 swmidi - ok
16:24:55.0062 0452 SwPrv - ok
16:24:55.0078 0452 symc810 - ok
16:24:55.0093 0452 symc8xx - ok
16:24:55.0109 0452 sym_hi - ok
16:24:55.0109 0452 sym_u3 - ok
16:24:55.0140 0452 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:24:55.0140 0452 sysaudio - ok
16:24:55.0156 0452 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:24:55.0171 0452 SysmonLog - ok
16:24:55.0265 0452 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:24:55.0281 0452 TapiSrv - ok
16:24:55.0359 0452 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:24:55.0375 0452 Tcpip - ok
16:24:55.0437 0452 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:24:55.0437 0452 TDPIPE - ok
16:24:55.0453 0452 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:24:55.0453 0452 TDTCP - ok
16:24:55.0484 0452 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:24:55.0484 0452 TermDD - ok
16:24:55.0562 0452 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:24:55.0578 0452 TermService - ok
16:24:55.0609 0452 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:24:55.0609 0452 Themes - ok
16:24:55.0625 0452 TosIde - ok
16:24:55.0656 0452 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:24:55.0656 0452 TrkWks - ok
16:24:55.0718 0452 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:24:55.0718 0452 Udfs - ok
16:24:55.0734 0452 ultra - ok
16:24:55.0781 0452 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:24:55.0796 0452 Update - ok
16:24:55.0859 0452 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:24:55.0859 0452 upnphost - ok
16:24:55.0906 0452 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:24:55.0906 0452 UPS - ok
16:24:55.0968 0452 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:24:55.0968 0452 usbccgp - ok
16:24:56.0000 0452 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:24:56.0000 0452 usbehci - ok
16:24:56.0046 0452 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:24:56.0046 0452 usbhub - ok
16:24:56.0078 0452 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:24:56.0078 0452 usbprint - ok
16:24:56.0125 0452 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:24:56.0125 0452 usbscan - ok
16:24:56.0171 0452 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:24:56.0171 0452 USBSTOR - ok
16:24:56.0234 0452 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:24:56.0234 0452 usbuhci - ok
16:24:56.0250 0452 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:24:56.0265 0452 VgaSave - ok
16:24:56.0265 0452 ViaIde - ok
16:24:56.0296 0452 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:24:56.0296 0452 VolSnap - ok
16:24:56.0359 0452 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:24:56.0390 0452 VSS - ok
16:24:56.0406 0452 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:24:56.0421 0452 W32Time - ok
16:24:56.0468 0452 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:24:56.0468 0452 Wanarp - ok
16:24:56.0484 0452 WDICA - ok
16:24:56.0531 0452 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:24:56.0531 0452 wdmaud - ok
16:24:56.0562 0452 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:24:56.0562 0452 WebClient - ok
16:24:56.0656 0452 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:24:56.0671 0452 winmgmt - ok
16:24:56.0734 0452 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:24:56.0734 0452 WmdmPmSN - ok
16:24:56.0812 0452 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:24:56.0812 0452 WmiApSrv - ok
16:24:56.0953 0452 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:24:56.0968 0452 WMPNetworkSvc - ok
16:24:57.0031 0452 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:24:57.0031 0452 WS2IFSL - ok
16:24:57.0093 0452 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:24:57.0093 0452 wscsvc - ok
16:24:57.0140 0452 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:24:57.0140 0452 WudfPf - ok
16:24:57.0156 0452 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:24:57.0156 0452 WudfRd - ok
16:24:57.0187 0452 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:24:57.0203 0452 WudfSvc - ok
16:24:57.0281 0452 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:24:57.0312 0452 WZCSVC - ok
16:24:57.0359 0452 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:24:57.0375 0452 xmlprov - ok
16:24:57.0390 0452 ================ Scan global ===============================
16:24:57.0437 0452 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:24:57.0515 0452 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:24:57.0546 0452 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:24:57.0578 0452 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:24:57.0578 0452 [Global] - ok
16:24:57.0578 0452 ================ Scan MBR ==================================
16:24:57.0609 0452 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:24:57.0781 0452 \Device\Harddisk0\DR0 - ok
16:24:57.0796 0452 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
16:24:57.0796 0452 \Device\Harddisk1\DR2 - ok
16:24:57.0812 0452 ================ Scan VBR ==================================
16:24:57.0828 0452 [ 05907E6999FDF635157FCC68CE179D4C ] \Device\Harddisk0\DR0\Partition1
16:24:57.0828 0452 \Device\Harddisk0\DR0\Partition1 - ok
16:24:57.0843 0452 [ 90AF0AB1852254EC1AB209BD4D047BC0 ] \Device\Harddisk1\DR2\Partition1
16:24:57.0843 0452 \Device\Harddisk1\DR2\Partition1 - ok
16:24:57.0843 0452 ============================================================
16:24:57.0843 0452 Scan finished
16:24:57.0843 0452 ============================================================
16:24:57.0859 1220 Detected object count: 1
16:24:57.0859 1220 Actual detected object count: 1
16:25:45.0359 1220 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
16:25:46.0515 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\@ - copied to quarantine
16:25:46.0531 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\Desktop.ini - copied to quarantine
16:25:46.0531 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\L\00000004.@ - copied to quarantine
16:25:46.0578 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\L\1afb2d56 - copied to quarantine
16:25:46.0593 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\L\201d3dde - copied to quarantine
16:25:46.0671 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\L\4cce1f70 - copied to quarantine
16:25:47.0062 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\L\pfesuvxz - copied to quarantine
16:25:47.0156 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\00000004.@ - copied to quarantine
16:25:47.0375 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\00000008.@ - copied to quarantine
16:25:47.0390 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\000000cb.@ - copied to quarantine
16:25:47.0437 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\80000000.@ - copied to quarantine
16:25:47.0500 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\80000032.@ - copied to quarantine
16:25:52.0062 1220 Backup copy found, using it..
16:25:52.0500 1220 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
16:25:52.0578 1220 C:\WINDOWS\$NtUninstallKB38411$\1553229488 - will be deleted on reboot
16:25:52.0625 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\@ - will be deleted on reboot
16:25:52.0625 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\Desktop.ini - will be deleted on reboot
16:25:52.0921 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\00000004.@ - will be deleted on reboot
16:25:52.0921 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\00000008.@ - will be deleted on reboot
16:25:52.0921 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\000000cb.@ - will be deleted on reboot
16:25:52.0921 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\80000000.@ - will be deleted on reboot
16:25:52.0921 1220 C:\WINDOWS\$NtUninstallKB38411$\739097094\U\80000032.@ - will be deleted on reboot
16:25:52.0921 1220 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
16:26:21.0750 0976 Deinitialize success

#4 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 December 2012 - 04:46 PM

Here is the security check log

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.2004)
CCleaner
Java™ 6 Update 37
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#5 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 December 2012 - 04:48 PM

Here is the FSS log

Farbar Service Scanner Version: 07-12-2012
Ran by Owner (administrator) on 08-12-2012 at 16:38:23
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of wscsvc: ""C:\WINDOWS\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****

#6 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 December 2012 - 04:49 PM

And here is the mini toolbox log

MiniToolBox by Farbar Version: 25-11-2012
Ran by Owner (administrator) on 08-12-2012 at 16:40:46
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : twcny.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : twcny.rr.com

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-76-30-16-9D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

192.168.1.1

209.18.47.61

209.18.47.62

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Saturday, December 08, 2012 4:32:39 PM

Lease Expires . . . . . . . . . . : Sunday, December 09, 2012 4:32:39 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.228.35, 74.125.228.36, 74.125.228.37, 74.125.228.38
74.125.228.39, 74.125.228.40, 74.125.228.41, 74.125.228.46, 74.125.228.32
74.125.228.33, 74.125.228.34



Pinging google.com [74.125.228.67] with 32 bytes of data:



Reply from 74.125.228.67: bytes=32 time=36ms TTL=50

Reply from 74.125.228.67: bytes=32 time=39ms TTL=50



Ping statistics for 74.125.228.67:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 39ms, Average = 37ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=186ms TTL=47

Reply from 98.138.253.109: bytes=32 time=118ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 186ms, Average = 152ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 30 16 9d ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2012 00:53:54 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x007de6d4.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (12/08/2012 00:51:51 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x007de3dc.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (12/03/2012 00:39:59 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application playpoker.exe, version 1.0.0.219, stamp 50ac4833, faulting module kernel32.dll, version 5.1.2600.5781, stamp 49c4f482, debug? 0, fault address 0x00012afb.

Error: (11/20/2012 06:16:27 PM) (Source: Application Error) (User: )
Description: Faulting application psia.exe, version 3.0.0.2004, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037000.
Processing media-specific event for [psia.exe!ws!]

Error: (11/05/2012 00:02:50 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application playpoker.exe, version 1.0.0.219, stamp 50858232, faulting module mscorwks.dll, version 2.0.50727.3634, stamp 4ef6c0ec, debug? 0, fault address 0x0000f1e0.

Error: (11/05/2012 00:02:45 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3634 - Fatal Execution Engine Error (7A0BC6A6) (80131506)

Error: (10/28/2012 06:15:45 PM) (Source: Application Error) (User: )
Description: Faulting application coreServiceShell.exe, version 2.0.0.1313, faulting module unknown, version 0.0.0.0, fault address 0x0005fe40.
Processing media-specific event for [coreServiceShell.exe!ws!]

Error: (10/28/2012 06:15:36 PM) (Source: Application Error) (User: )
Description: Faulting application uiseagnt.exe, version 2.0.0.1301, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x000356bf.
Processing media-specific event for [uiseagnt.exe!ws!]

Error: (10/28/2012 06:15:24 PM) (Source: Application Error) (User: )
Description: Faulting application coreServiceShell.exe, version 2.0.0.1313, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x000356bf.
Processing media-specific event for [coreServiceShell.exe!ws!]

Error: (09/17/2012 07:50:15 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x007de6d4.
Processing media-specific event for [svchost.exe!ws!]


System errors:
=============
Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126

Error: (12/08/2012 04:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
CCleaner (Version: 3.22)
Dell Resource CD (Version: 1.00.0000)
FUJIFILM USB Driver
Google Chrome (Version: 25.0.1349.2)
HP Deskjet 3050A J611 series Basic Device Software (Version: 23.0.504.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
NBC Sports
SanDiskSecureAccess_Manager.exe (Version: 1.0.0)
Secunia PSI (3.0.0.2004) (Version: 3.0.0.2004)
SoundMAX (Version: 5.12.01.7000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 1277.98 MB
Available physical RAM: 947.22 MB
Total Pagefile: 1901.06 MB
Available Pagefile: 1726.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

1 Drive c: (DSK1_VOL1) (Fixed) (Total:149.01 GB) (Free:128.74 GB) NTFS
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.6 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

09-09-2012 21:08:54 System Checkpoint
10-09-2012 21:26:51 System Checkpoint
12-09-2012 01:05:36 System Checkpoint
13-09-2012 03:28:34 System Checkpoint
14-09-2012 04:23:11 System Checkpoint
15-09-2012 05:08:54 System Checkpoint
16-09-2012 21:09:19 System Checkpoint
17-09-2012 21:27:32 System Checkpoint
18-09-2012 23:04:51 System Checkpoint
19-09-2012 23:30:12 System Checkpoint
21-09-2012 03:37:07 System Checkpoint
22-09-2012 15:39:05 System Checkpoint
24-09-2012 03:55:57 System Checkpoint
25-09-2012 15:53:58 System Checkpoint
27-09-2012 23:02:16 System Checkpoint
29-09-2012 21:36:38 System Checkpoint
30-09-2012 22:26:01 System Checkpoint
02-10-2012 03:41:42 System Checkpoint
07-10-2012 20:33:56 System Checkpoint
08-10-2012 21:10:57 System Checkpoint
09-10-2012 22:09:26 System Checkpoint
10-10-2012 22:10:57 System Checkpoint
11-10-2012 23:11:07 System Checkpoint
13-10-2012 00:10:56 System Checkpoint
22-10-2012 18:47:43 System Checkpoint
23-10-2012 23:22:07 System Checkpoint
25-10-2012 00:22:00 System Checkpoint
26-10-2012 00:45:50 System Checkpoint
27-10-2012 01:20:39 System Checkpoint
28-10-2012 20:37:57 System Checkpoint
29-10-2012 21:33:32 System Checkpoint
31-10-2012 18:07:56 System Checkpoint
01-11-2012 18:49:12 System Checkpoint
02-11-2012 19:34:23 System Checkpoint
04-11-2012 22:31:35 System Checkpoint
05-11-2012 23:31:34 System Checkpoint
07-11-2012 00:06:00 System Checkpoint
08-11-2012 00:54:09 System Checkpoint
09-11-2012 00:56:40 System Checkpoint
10-11-2012 00:57:39 System Checkpoint
11-11-2012 02:04:33 System Checkpoint
12-11-2012 02:20:12 System Checkpoint
13-11-2012 03:00:17 System Checkpoint
14-11-2012 22:37:25 System Checkpoint
16-11-2012 23:50:50 System Checkpoint
18-11-2012 00:21:18 System Checkpoint
19-11-2012 01:47:29 System Checkpoint
20-11-2012 02:42:46 System Checkpoint
21-11-2012 02:47:04 System Checkpoint
22-11-2012 14:25:30 System Checkpoint
23-11-2012 23:15:39 System Checkpoint
24-11-2012 23:48:38 System Checkpoint
26-11-2012 00:16:59 System Checkpoint
27-11-2012 02:39:59 System Checkpoint
28-11-2012 03:20:44 System Checkpoint
29-11-2012 04:06:39 System Checkpoint
30-11-2012 04:29:03 System Checkpoint
01-12-2012 20:21:36 System Checkpoint
02-12-2012 23:53:25 System Checkpoint
04-12-2012 03:57:16 System Checkpoint
05-12-2012 04:45:54 System Checkpoint
06-12-2012 20:54:35 System Checkpoint
08-12-2012 18:44:32 Installed HiJackThis
08-12-2012 21:21:57 Removed HiJackThis

**** End of log ****

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 08 December 2012 - 08:52 PM

Hi

Your computer is infected with ZeroAccess according to multiple indications in the previous logs you posted.
Lets see if TDSSkiller detects any remnants of it first.

Please do the following next:

:step1:

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Rerun Security Check by screen317 on your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


:step3:

Please rerun Farbar Service Scanner (FSS) on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


:step4:

Please rerun Minitoolbox on your desktop

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 December 2012 - 03:37 PM

Here is my tdsskiller log.

15:31:53.0609 1868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:31:53.0625 1868 ============================================================
15:31:53.0625 1868 Current date / time: 2012/12/09 15:31:53.0625
15:31:53.0625 1868 SystemInfo:
15:31:53.0625 1868
15:31:53.0625 1868 OS Version: 5.1.2600 ServicePack: 3.0
15:31:53.0625 1868 Product type: Workstation
15:31:53.0625 1868 ComputerName: DELL
15:31:53.0625 1868 UserName: Owner
15:31:53.0625 1868 Windows directory: C:\WINDOWS
15:31:53.0625 1868 System windows directory: C:\WINDOWS
15:31:53.0625 1868 Processor architecture: Intel x86
15:31:53.0625 1868 Number of processors: 1
15:31:53.0625 1868 Page size: 0x1000
15:31:53.0625 1868 Boot type: Normal boot
15:31:53.0625 1868 ============================================================
15:31:55.0640 1868 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:31:55.0640 1868 ============================================================
15:31:55.0640 1868 \Device\Harddisk0\DR0:
15:31:55.0640 1868 MBR partitions:
15:31:55.0640 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
15:31:55.0640 1868 ============================================================
15:31:55.0671 1868 C: <-> \Device\Harddisk0\DR0\Partition1
15:31:55.0671 1868 ============================================================
15:31:55.0671 1868 Initialize success
15:31:55.0671 1868 ============================================================
15:32:05.0968 0776 ============================================================
15:32:05.0968 0776 Scan started
15:32:05.0968 0776 Mode: Manual; SigCheck; TDLFS;
15:32:05.0968 0776 ============================================================
15:32:06.0234 0776 ================ Scan system memory ========================
15:32:06.0234 0776 System memory - ok
15:32:06.0234 0776 ================ Scan services =============================
15:32:06.0375 0776 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:32:06.0500 0776 !SASCORE - ok
15:32:06.0593 0776 78752508 - ok
15:32:06.0609 0776 Abiosdsk - ok
15:32:06.0625 0776 abp480n5 - ok
15:32:06.0703 0776 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:32:06.0843 0776 ACPI - ok
15:32:06.0890 0776 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:32:07.0046 0776 ACPIEC - ok
15:32:07.0171 0776 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:07.0203 0776 AdobeFlashPlayerUpdateSvc - ok
15:32:07.0203 0776 adpu160m - ok
15:32:07.0234 0776 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:32:07.0359 0776 aec - ok
15:32:07.0437 0776 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:32:07.0484 0776 AFD - ok
15:32:07.0500 0776 Aha154x - ok
15:32:07.0500 0776 aic78u2 - ok
15:32:07.0515 0776 aic78xx - ok
15:32:07.0562 0776 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:32:07.0734 0776 Alerter - ok
15:32:07.0765 0776 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:32:07.0843 0776 ALG - ok
15:32:07.0843 0776 AliIde - ok
15:32:07.0859 0776 amsint - ok
15:32:07.0875 0776 asc - ok
15:32:07.0875 0776 asc3350p - ok
15:32:07.0890 0776 asc3550 - ok
15:32:07.0984 0776 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:32:08.0000 0776 aspnet_state - ok
15:32:08.0062 0776 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:32:08.0187 0776 AsyncMac - ok
15:32:08.0203 0776 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:32:08.0328 0776 atapi - ok
15:32:08.0343 0776 Atdisk - ok
15:32:08.0359 0776 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:32:08.0515 0776 Atmarpc - ok
15:32:08.0578 0776 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:32:08.0734 0776 AudioSrv - ok
15:32:08.0781 0776 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:32:08.0937 0776 audstub - ok
15:32:09.0000 0776 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:32:09.0125 0776 Beep - ok
15:32:09.0187 0776 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
15:32:09.0328 0776 Browser - ok
15:32:09.0328 0776 catchme - ok
15:32:09.0390 0776 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:32:09.0546 0776 cbidf2k - ok
15:32:09.0562 0776 cd20xrnt - ok
15:32:09.0562 0776 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:32:09.0718 0776 Cdaudio - ok
15:32:09.0781 0776 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:32:09.0906 0776 Cdfs - ok
15:32:09.0921 0776 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:32:10.0062 0776 Cdrom - ok
15:32:10.0125 0776 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
15:32:10.0156 0776 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
15:32:10.0156 0776 cercsr6 - detected UnsignedFile.Multi.Generic (1)
15:32:10.0171 0776 Changer - ok
15:32:10.0218 0776 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:32:10.0375 0776 CiSvc - ok
15:32:10.0390 0776 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:32:10.0531 0776 ClipSrv - ok
15:32:10.0562 0776 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:10.0578 0776 clr_optimization_v2.0.50727_32 - ok
15:32:10.0578 0776 CmdIde - ok
15:32:10.0593 0776 COMSysApp - ok
15:32:10.0609 0776 Cpqarray - ok
15:32:10.0687 0776 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:32:10.0859 0776 CryptSvc - ok
15:32:10.0859 0776 dac2w2k - ok
15:32:10.0875 0776 dac960nt - ok
15:32:10.0937 0776 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:32:10.0968 0776 DcomLaunch - ok
15:32:11.0031 0776 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:32:11.0187 0776 Dhcp - ok
15:32:11.0234 0776 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:11.0375 0776 Disk - ok
15:32:11.0375 0776 dmadmin - ok
15:32:11.0500 0776 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:32:11.0656 0776 dmboot - ok
15:32:11.0671 0776 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:32:11.0812 0776 dmio - ok
15:32:11.0843 0776 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:32:11.0968 0776 dmload - ok
15:32:12.0000 0776 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:32:12.0156 0776 dmserver - ok
15:32:12.0187 0776 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:32:12.0328 0776 DMusic - ok
15:32:12.0390 0776 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:32:12.0406 0776 Dnscache - ok
15:32:12.0484 0776 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:32:12.0609 0776 Dot3svc - ok
15:32:12.0671 0776 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:32:12.0796 0776 dot4 - ok
15:32:12.0812 0776 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:32:12.0968 0776 Dot4Print - ok
15:32:12.0984 0776 [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:32:13.0140 0776 Dot4Scan - ok
15:32:13.0140 0776 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:32:13.0281 0776 dot4usb - ok
15:32:13.0281 0776 dpti2o - ok
15:32:13.0343 0776 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:13.0468 0776 drmkaud - ok
15:32:13.0531 0776 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:32:13.0546 0776 E100B - ok
15:32:13.0625 0776 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:32:13.0765 0776 EapHost - ok
15:32:13.0812 0776 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:32:13.0937 0776 ERSvc - ok
15:32:14.0015 0776 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:32:14.0031 0776 Eventlog - ok
15:32:14.0062 0776 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:32:14.0093 0776 EventSystem - ok
15:32:14.0156 0776 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:14.0312 0776 Fastfat - ok
15:32:14.0375 0776 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:32:14.0390 0776 FastUserSwitchingCompatibility - ok
15:32:14.0468 0776 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:32:14.0593 0776 Fdc - ok
15:32:14.0640 0776 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:32:14.0781 0776 Fips - ok
15:32:14.0781 0776 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:14.0921 0776 Flpydisk - ok
15:32:14.0953 0776 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:32:15.0109 0776 FltMgr - ok
15:32:15.0234 0776 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:15.0250 0776 FontCache3.0.0.0 - ok
15:32:15.0265 0776 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:15.0421 0776 Fs_Rec - ok
15:32:15.0468 0776 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:15.0609 0776 Ftdisk - ok
15:32:15.0656 0776 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:15.0796 0776 Gpc - ok
15:32:15.0921 0776 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:32:16.0078 0776 helpsvc - ok
15:32:16.0109 0776 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:32:16.0250 0776 HidServ - ok
15:32:16.0281 0776 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:16.0453 0776 HidUsb - ok
15:32:16.0484 0776 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:32:16.0625 0776 hkmsvc - ok
15:32:16.0625 0776 hpn - ok
15:32:16.0687 0776 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:16.0718 0776 HTTP - ok
15:32:16.0765 0776 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:32:16.0906 0776 HTTPFilter - ok
15:32:16.0906 0776 i2omgmt - ok
15:32:16.0921 0776 i2omp - ok
15:32:16.0984 0776 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:32:17.0109 0776 i8042prt - ok
15:32:17.0218 0776 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:32:17.0312 0776 ialm - ok
15:32:17.0390 0776 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:17.0437 0776 idsvc - ok
15:32:17.0437 0776 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:17.0593 0776 Imapi - ok
15:32:17.0656 0776 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:32:17.0796 0776 ImapiService - ok
15:32:17.0796 0776 ini910u - ok
15:32:17.0828 0776 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:32:17.0968 0776 IntelIde - ok
15:32:18.0031 0776 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:32:18.0156 0776 intelppm - ok
15:32:18.0187 0776 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:32:18.0343 0776 Ip6Fw - ok
15:32:18.0375 0776 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:18.0515 0776 IpFilterDriver - ok
15:32:18.0531 0776 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:18.0671 0776 IpInIp - ok
15:32:18.0687 0776 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:18.0828 0776 IpNat - ok
15:32:18.0875 0776 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:19.0281 0776 IPSec - ok
15:32:19.0312 0776 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:19.0359 0776 IRENUM - ok
15:32:19.0390 0776 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:19.0546 0776 isapnp - ok
15:32:19.0656 0776 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:32:19.0671 0776 JavaQuickStarterService - ok
15:32:19.0734 0776 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:19.0875 0776 Kbdclass - ok
15:32:19.0906 0776 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:20.0046 0776 kbdhid - ok
15:32:20.0093 0776 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:32:20.0250 0776 kmixer - ok
15:32:20.0296 0776 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:20.0312 0776 KSecDD - ok
15:32:20.0390 0776 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:32:20.0406 0776 lanmanserver - ok
15:32:20.0500 0776 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:32:20.0515 0776 lanmanworkstation - ok
15:32:20.0546 0776 Lavasoft Kernexplorer - ok
15:32:20.0562 0776 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
15:32:20.0609 0776 Lbd - ok
15:32:20.0625 0776 lbrtfdc - ok
15:32:20.0703 0776 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:32:20.0875 0776 LmHosts - ok
15:32:20.0890 0776 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:32:21.0046 0776 Messenger - ok
15:32:21.0093 0776 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:21.0218 0776 mnmdd - ok
15:32:21.0296 0776 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:32:21.0437 0776 mnmsrvc - ok
15:32:21.0484 0776 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:32:21.0625 0776 Modem - ok
15:32:21.0671 0776 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:32:21.0812 0776 MODEMCSA - ok
15:32:21.0843 0776 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:22.0015 0776 Mouclass - ok
15:32:22.0062 0776 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:22.0218 0776 mouhid - ok
15:32:22.0265 0776 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:22.0390 0776 MountMgr - ok
15:32:22.0406 0776 mraid35x - ok
15:32:22.0421 0776 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:22.0546 0776 MRxDAV - ok
15:32:22.0546 0776 MRxSmb - ok
15:32:22.0609 0776 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:32:22.0750 0776 MSDTC - ok
15:32:22.0765 0776 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:32:22.0937 0776 Msfs - ok
15:32:22.0937 0776 MSIServer - ok
15:32:22.0984 0776 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:23.0125 0776 MSKSSRV - ok
15:32:23.0140 0776 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:23.0265 0776 MSPCLOCK - ok
15:32:23.0281 0776 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:23.0421 0776 MSPQM - ok
15:32:23.0453 0776 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:23.0593 0776 mssmbios - ok
15:32:23.0656 0776 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:32:23.0671 0776 Mup - ok
15:32:23.0734 0776 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:32:23.0890 0776 napagent - ok
15:32:23.0953 0776 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:32:24.0078 0776 NDIS - ok
15:32:24.0156 0776 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:24.0156 0776 NdisTapi - ok
15:32:24.0171 0776 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:24.0328 0776 Ndisuio - ok
15:32:24.0328 0776 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:24.0515 0776 NdisWan - ok
15:32:24.0546 0776 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:24.0562 0776 NDProxy - ok
15:32:24.0609 0776 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:24.0734 0776 NetBIOS - ok
15:32:24.0796 0776 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:24.0968 0776 NetBT - ok
15:32:25.0015 0776 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:32:25.0140 0776 NetDDE - ok
15:32:25.0156 0776 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:32:25.0312 0776 NetDDEdsdm - ok
15:32:25.0343 0776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:32:25.0468 0776 Netlogon - ok
15:32:25.0515 0776 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:32:25.0687 0776 Netman - ok
15:32:25.0718 0776 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:25.0750 0776 NetTcpPortSharing - ok
15:32:25.0796 0776 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:32:25.0812 0776 Nla - ok
15:32:25.0890 0776 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:32:26.0015 0776 Npfs - ok
15:32:26.0046 0776 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:26.0218 0776 Ntfs - ok
15:32:26.0250 0776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:32:26.0406 0776 NtLmSsp - ok
15:32:26.0500 0776 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:32:26.0656 0776 NtmsSvc - ok
15:32:26.0687 0776 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:32:26.0843 0776 Null - ok
15:32:26.0890 0776 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:32:27.0031 0776 NwlnkFlt - ok
15:32:27.0046 0776 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:32:27.0203 0776 NwlnkFwd - ok
15:32:27.0343 0776 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:32:27.0375 0776 odserv - ok
15:32:27.0406 0776 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:27.0421 0776 ose - ok
15:32:27.0484 0776 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:32:27.0656 0776 Parport - ok
15:32:27.0687 0776 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:32:27.0828 0776 PartMgr - ok
15:32:27.0890 0776 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:32:28.0046 0776 ParVdm - ok
15:32:28.0062 0776 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:32:28.0203 0776 PCI - ok
15:32:28.0203 0776 PCIDump - ok
15:32:28.0234 0776 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:32:28.0375 0776 PCIIde - ok
15:32:28.0421 0776 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:32:28.0546 0776 Pcmcia - ok
15:32:28.0562 0776 PDCOMP - ok
15:32:28.0578 0776 PDFRAME - ok
15:32:28.0578 0776 PDRELI - ok
15:32:28.0593 0776 PDRFRAME - ok
15:32:28.0609 0776 perc2 - ok
15:32:28.0609 0776 perc2hib - ok
15:32:28.0671 0776 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:32:28.0687 0776 PlugPlay - ok
15:32:28.0703 0776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:32:28.0843 0776 PolicyAgent - ok
15:32:28.0875 0776 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:32:29.0015 0776 PptpMiniport - ok
15:32:29.0015 0776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:32:29.0171 0776 ProtectedStorage - ok
15:32:29.0171 0776 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:32:29.0343 0776 PSched - ok
15:32:29.0390 0776 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:32:29.0406 0776 PSI - ok
15:32:29.0437 0776 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:32:29.0578 0776 Ptilink - ok
15:32:29.0640 0776 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:32:29.0640 0776 PxHelp20 - ok
15:32:29.0656 0776 ql1080 - ok
15:32:29.0671 0776 Ql10wnt - ok
15:32:29.0671 0776 ql12160 - ok
15:32:29.0687 0776 ql1240 - ok
15:32:29.0703 0776 ql1280 - ok
15:32:29.0718 0776 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:32:29.0843 0776 RasAcd - ok
15:32:29.0906 0776 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:32:30.0046 0776 RasAuto - ok
15:32:30.0078 0776 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:32:30.0234 0776 Rasl2tp - ok
15:32:30.0296 0776 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:32:30.0437 0776 RasMan - ok
15:32:30.0484 0776 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:32:30.0656 0776 RasPppoe - ok
15:32:30.0671 0776 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:32:30.0796 0776 Raspti - ok
15:32:30.0859 0776 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:32:31.0000 0776 Rdbss - ok
15:32:31.0015 0776 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:32:31.0156 0776 RDPCDD - ok
15:32:31.0218 0776 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:32:31.0250 0776 RDPWD - ok
15:32:31.0296 0776 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:32:31.0437 0776 RDSessMgr - ok
15:32:31.0500 0776 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:32:31.0656 0776 redbook - ok
15:32:31.0703 0776 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:32:31.0843 0776 RemoteAccess - ok
15:32:31.0906 0776 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:32:32.0046 0776 RpcLocator - ok
15:32:32.0078 0776 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:32:32.0093 0776 RpcSs - ok
15:32:32.0140 0776 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:32:32.0250 0776 RSVP - ok
15:32:32.0296 0776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:32:32.0453 0776 SamSs - ok
15:32:32.0531 0776 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:32:32.0546 0776 SASDIFSV - ok
15:32:32.0578 0776 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:32:32.0578 0776 SASKUTIL - ok
15:32:32.0656 0776 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:32:32.0796 0776 SCardSvr - ok
15:32:32.0859 0776 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:32:33.0015 0776 Schedule - ok
15:32:33.0062 0776 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:33.0109 0776 Secdrv - ok
15:32:33.0171 0776 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:32:33.0328 0776 seclogon - ok
15:32:33.0484 0776 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:32:33.0562 0776 Secunia PSI Agent - ok
15:32:33.0609 0776 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:32:33.0640 0776 Secunia Update Agent - ok
15:32:33.0718 0776 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
15:32:33.0750 0776 senfilt - ok
15:32:33.0781 0776 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:32:33.0953 0776 SENS - ok
15:32:33.0984 0776 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:32:34.0156 0776 serenum - ok
15:32:34.0156 0776 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:32:34.0296 0776 Serial - ok
15:32:34.0343 0776 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:32:34.0484 0776 Sfloppy - ok
15:32:34.0515 0776 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:32:34.0531 0776 ShellHWDetection - ok
15:32:34.0531 0776 Simbad - ok
15:32:34.0625 0776 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:32:34.0640 0776 smwdm - ok
15:32:34.0640 0776 Sparrow - ok
15:32:34.0718 0776 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:32:34.0875 0776 splitter - ok
15:32:34.0921 0776 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:32:34.0937 0776 Spooler - ok
15:32:34.0968 0776 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:35.0046 0776 sr - ok
15:32:35.0093 0776 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:32:35.0156 0776 srservice - ok
15:32:35.0234 0776 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:35.0250 0776 Srv - ok
15:32:35.0296 0776 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:32:35.0359 0776 SSDPSRV - ok
15:32:35.0406 0776 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:32:35.0531 0776 StillCam - ok
15:32:35.0593 0776 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:32:35.0750 0776 stisvc - ok
15:32:35.0781 0776 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:35.0906 0776 swenum - ok
15:32:35.0953 0776 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:32:36.0109 0776 swmidi - ok
15:32:36.0125 0776 SwPrv - ok
15:32:36.0140 0776 symc810 - ok
15:32:36.0140 0776 symc8xx - ok
15:32:36.0156 0776 sym_hi - ok
15:32:36.0156 0776 sym_u3 - ok
15:32:36.0203 0776 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:36.0343 0776 sysaudio - ok
15:32:36.0406 0776 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:32:36.0546 0776 SysmonLog - ok
15:32:36.0578 0776 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:32:36.0718 0776 TapiSrv - ok
15:32:36.0796 0776 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:36.0812 0776 Tcpip - ok
15:32:36.0859 0776 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:37.0015 0776 TDPIPE - ok
15:32:37.0031 0776 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:37.0171 0776 TDTCP - ok
15:32:37.0203 0776 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:37.0343 0776 TermDD - ok
15:32:37.0406 0776 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:32:37.0625 0776 TermService - ok
15:32:37.0671 0776 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:32:37.0687 0776 Themes - ok
15:32:37.0703 0776 TosIde - ok
15:32:37.0734 0776 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:32:37.0890 0776 TrkWks - ok
15:32:37.0937 0776 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:32:38.0078 0776 Udfs - ok
15:32:38.0078 0776 ultra - ok
15:32:38.0140 0776 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:32:38.0281 0776 Update - ok
15:32:38.0328 0776 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:32:38.0390 0776 upnphost - ok
15:32:38.0468 0776 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:32:38.0593 0776 UPS - ok
15:32:38.0656 0776 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:38.0796 0776 usbccgp - ok
15:32:38.0828 0776 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:38.0984 0776 usbehci - ok
15:32:39.0046 0776 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:39.0187 0776 usbhub - ok
15:32:39.0234 0776 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:32:39.0359 0776 usbprint - ok
15:32:39.0406 0776 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:39.0578 0776 usbscan - ok
15:32:39.0640 0776 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:39.0781 0776 USBSTOR - ok
15:32:39.0843 0776 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:32:40.0015 0776 usbuhci - ok
15:32:40.0062 0776 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:32:40.0203 0776 VgaSave - ok
15:32:40.0203 0776 ViaIde - ok
15:32:40.0265 0776 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:40.0421 0776 VolSnap - ok
15:32:40.0484 0776 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:32:40.0546 0776 VSS - ok
15:32:40.0562 0776 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:32:40.0687 0776 W32Time - ok
15:32:40.0750 0776 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:40.0921 0776 Wanarp - ok
15:32:40.0937 0776 WDICA - ok
15:32:41.0000 0776 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:41.0125 0776 wdmaud - ok
15:32:41.0203 0776 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:32:41.0343 0776 WebClient - ok
15:32:41.0484 0776 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:32:41.0609 0776 winmgmt - ok
15:32:41.0671 0776 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:32:41.0687 0776 WmdmPmSN - ok
15:32:41.0734 0776 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:32:41.0906 0776 WmiApSrv - ok
15:32:42.0015 0776 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:32:42.0078 0776 WMPNetworkSvc - ok
15:32:42.0140 0776 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:32:42.0296 0776 WS2IFSL - ok
15:32:42.0343 0776 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:32:42.0484 0776 wscsvc - ok
15:32:42.0531 0776 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:32:42.0546 0776 WudfPf - ok
15:32:42.0562 0776 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:32:42.0578 0776 WudfRd - ok
15:32:42.0578 0776 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:32:42.0609 0776 WudfSvc - ok
15:32:42.0671 0776 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:32:42.0859 0776 WZCSVC - ok
15:32:42.0906 0776 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:32:43.0046 0776 xmlprov - ok
15:32:43.0046 0776 ================ Scan global ===============================
15:32:43.0093 0776 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:32:43.0140 0776 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:32:43.0187 0776 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:32:43.0203 0776 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:32:43.0218 0776 [Global] - ok
15:32:43.0218 0776 ================ Scan MBR ==================================
15:32:43.0250 0776 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:32:43.0718 0776 \Device\Harddisk0\DR0 - ok
15:32:43.0734 0776 ================ Scan VBR ==================================
15:32:43.0765 0776 [ 05907E6999FDF635157FCC68CE179D4C ] \Device\Harddisk0\DR0\Partition1
15:32:43.0765 0776 \Device\Harddisk0\DR0\Partition1 - ok
15:32:43.0781 0776 ============================================================
15:32:43.0781 0776 Scan finished
15:32:43.0781 0776 ============================================================
15:32:43.0906 1992 Detected object count: 1
15:32:43.0906 1992 Actual detected object count: 1
15:32:47.0500 1992 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:47.0500 1992 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:20.0437 1176 Deinitialize success

#9 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 December 2012 - 03:40 PM

Here is the Security Check Log

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.2004)
CCleaner
Java™ 6 Update 37
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#10 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 December 2012 - 03:43 PM

Here is the FSS log


Farbar Service Scanner Version: 07-12-2012
Ran by Owner (administrator) on 09-12-2012 at 15:41:22
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of wscsvc: ""C:\WINDOWS\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****

#11 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 09 December 2012 - 03:45 PM

And here is the MiniToolBox log

Farbar Service Scanner Version: 07-12-2012
Ran by Owner (administrator) on 09-12-2012 at 15:41:22
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of wscsvc: ""C:\WINDOWS\system32\wscsvc.dll"".


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****

#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 10 December 2012 - 05:29 AM

Hi

This is easier to be dealt with in another forum at BC due to more tools being allowed.
Do the below, and mention that it possible your computer may still be infected by ZeroAccess.

Good luck.

---------------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Edited by dev00790, 10 December 2012 - 05:29 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 peterk422

peterk422
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 10 December 2012 - 11:51 AM

Thanks for your help

#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 10 December 2012 - 02:59 PM

You're welcome :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:11:31 AM

Posted 11 December 2012 - 07:06 PM

As you have successfully opened your new topic, this one is closed. Please follow only the advice of the techs helping you.

Best wishes

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users