Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had to do a restore,comp still acting up


  • This topic is locked This topic is locked
18 replies to this topic

#1 EscEscEsc

EscEscEsc

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 17 December 2012 - 07:54 PM

My comp wouldn't access the net so I had to do a restore. So my last topic was closed. In regards to my last topic, my comp is still acting up in normal mode. it is slow and on start up the sound is dragged out, all messed up, it is also the same with shut down.I've also noticed a lot of svchost.exe This is the link to my previous topic. http://www.bleepingcomputer.com/forums/topic475036.html/page__pid__2916111__st__15#entry2916111


Here are my DSS logs

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Compaq_Administrator at 19:48:54 on 2012-12-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.64 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -
BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -
TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler] <no file>
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d7050v5\Belkinwcui.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352385638312
TCP: NameServer = 97.107.80.10 97.107.80.11
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{EB2DD743-AC68-4A91-B1A7-2F428DAAB333} : DHCPNameServer = 97.107.80.10 97.107.80.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2hpi9tiu.default\
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - ExtSQL: 2012-12-10 20:34; firefox@ghostery.com; c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2hpi9tiu.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-10 20:34; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\2hpi9tiu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-1-16 38144]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-1-16 273280]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 COMServer;COMServer;"c:\documents and settings\all userscomsrvr.exe" s --> c:\documents and settings\All Userscomsrvr.exe [?]
S2 ProtectsStore;RtoAutos;c:\program files\netmeeting\smss.exe --> c:\program files\netmeeting\smss.exe [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\f:\maxtor backup\luna\luna online\gameguard\dump_wmimmc.sys --> f:\maxtor backup\luna\luna online\gameguard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\drivers\capt931a.sys --> c:\windows\system32\drivers\Capt931a.sys [?]
.
=============== Created Last 30 ================
.
2012-12-13 02:07:23 15112160 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-12-13 02:07:22 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-12-13 02:07:22 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-12-13 02:07:22 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-12-13 02:07:21 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-12-13 02:07:20 890048 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-12-13 02:07:19 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-12-13 02:07:19 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-12-13 02:07:19 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-12-13 02:07:16 20960 ----a-w- c:\program files\mozilla firefox\plds4.dll
2012-12-13 02:07:16 16864 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-12-13 02:07:15 21472 ----a-w- c:\program files\mozilla firefox\plc4.dll
2012-12-13 02:05:58 14045800 ----a-w- c:\program files\mozilla firefox\firefox(2).exe
2012-12-13 02:05:27 14045800 ----a-w- c:\program files\mozilla firefox\Firefox Setup 7.0.1.exe
2012-12-13 02:05:10 7499056 ----a-w- c:\program files\mozilla firefox\Firefox Setup 3.0.1.exe
2012-12-13 02:05:03 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-12-13 02:04:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-12-13 02:04:58 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-12-13 02:04:58 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-12-13 02:04:57 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-12-13 02:04:57 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-12-13 00:30:59 -------- d-----w- C:\f9b4f38f9924b111cb29
2012-12-11 00:29:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-11 00:29:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-10 23:56:41 -------- d-----w- c:\windows\LastGood(2)
2012-12-09 22:10:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-25 16:32:43 -------- d-----w- c:\documents and settings\compaq_administrator\application data\CheckPoint
2012-11-25 16:16:25 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-11-21 02:16:02 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\Avg2013
2012-11-21 00:49:29 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 22:22:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 22:22:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dpnet.dll
2012-10-31 11:33:26 81920 ------w- c:\windows\system32\ieencode.dll
2012-10-31 11:33:26 667136 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:33:26 61952 ------w- c:\windows\system32\tdc.ocx
2012-10-31 09:52:14 369664 ------w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ------w- c:\windows\system32\synceng.dll
.
============= FINISH: 19:51:38.60 ===============

Attached File  attach.zip   4.96KB   0 downloads

Edited by EscEscEsc, 17 December 2012 - 07:55 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 19 December 2012 - 11:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 19 December 2012 - 07:09 PM

I'll do this now.

#4 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 19 December 2012 - 09:50 PM

Here is the combofix log.



ComboFix 12-12-19.02 - Compaq_Administrator 12/19/2012 20:38:06.1.1 - x86
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\hp\bin\cloaker.exe
c:\program files\NetMeeting\comsin.ini
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\system32\Cache\1d3487a60afd723f.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSERVER
-------\Legacy_USNJSVC
-------\Service_COMServer
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))
.
.
2012-12-13 00:30 . 2012-12-13 00:48 -------- d-----w- C:\f9b4f38f9924b111cb29
2012-12-11 00:29 . 2012-12-11 00:29 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-11 00:23 . 2012-12-11 00:23 -------- d-----w- c:\program files\Microsoft Works
2012-12-10 23:56 . 2012-12-11 00:09 -------- d-----w- c:\windows\LastGood(2)
2012-12-09 22:10 . 2012-12-11 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-25 16:32 . 2012-11-25 16:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\CheckPoint
2012-11-25 16:16 . 2012-11-25 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-11-21 02:16 . 2012-11-21 02:16 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Avg2013
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 01:25 . 2004-08-10 04:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 22:22 . 2012-10-08 20:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 22:22 . 2012-05-10 19:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-06 00:41 . 2004-08-10 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-10 04:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-10-31 11:33 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2012-10-31 11:33 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:33 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2012-10-31 09:52 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-10 04:00 58368 ------w- c:\windows\system32\synceng.dll
2012-12-13 02:13 . 2012-12-13 02:04 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-1-16 1564672]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-08 22:53 10520 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/16/2008 7:12 PM 38144]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [1/16/2008 7:14 PM 273280]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 ProtectsStore;RtoAutos;c:\program files\NetMeeting\smss.exe --> c:\program files\NetMeeting\smss.exe [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\f:\maxtor backup\luna\Luna Online\GameGuard\dump_wmimmc.sys --> f:\maxtor backup\luna\Luna Online\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 97.107.80.10 97.107.80.11
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\
FF - ExtSQL: 2012-12-10 20:34; firefox@ghostery.com; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-10 20:34; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-IcoSet - c:\hp\bin\cloaker.exe
HKLM-Run-regcmdcons - c:\hp\bin\cloaker.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-LUNA_US_090414 - f:\maxtor backup\luna\Luna Online\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-19 21:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-12-19 21:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-20 02:45
.
Pre-Run: 49,916,620,800 bytes free
Post-Run: 49,839,448,064 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 637872391A530DDBCE6E84EEE185D3C7

#5 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 19 December 2012 - 10:00 PM

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.5.502.110
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 21:58:59
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Compaq_Administrator - YOUR-4DACD0EA75
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Administrator\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [778 octets] - [19/12/2012 21:58:59]

########## EOF - C:\AdwCleaner[R1].txt - [837 octets] ##########


My comp sound is still awful on start up/shut down and when ever in use.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 20 December 2012 - 09:28 AM

Lets check further on this missing file.

c:\windows\System32\spoolsv.exe ... is missing !!


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    spoolsv.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

#7 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 21 December 2012 - 04:18 PM

ok I'm doing this now.

#8 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 21 December 2012 - 04:44 PM

v SystemLook 30.07.11 by jpshortstuff
Log created at 16:16 on 21/12/2012 by Compaq_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "spoolsv.exe"
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --a--c- 57856 bytes [00:17 11/06/2005] [00:17 11/06/2005] AD3D9D191AEA7B5445FE1D82FFBB4788
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe -----c- 57856 bytes [20:09 01/10/2011] [23:53 10/06/2005] DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe -----c- 57856 bytes [07:27 16/06/2007] [04:00 10/08/2004] 7435B108B935E42EA92CA94F59C8E717
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe -----c- 57856 bytes [17:52 19/08/2008] [00:12 14/04/2008] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B

-= EOF =-

My auto updates want me to install the new Microsoft security update. should i do that or wait til we are done?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 22 December 2012 - 10:15 AM

Open notepad and copy/paste the text in the quote box below into it:

FCOPY::
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe | C:\Windows\System32\spoolsv.exe


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

If all is well you can proceed with the Microsoft Updates.

Keep me posted.

#10 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 23 December 2012 - 02:06 PM

ComboFix 12-12-23.01 - Compaq_Administrator 12/23/2012 12:39:48.2.1 - x86
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET158.tmp
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 17:39 . 2008-04-14 00:12 57856 ----a-w- c:\windows\system32\spoolsv.exe
2012-12-23 17:39 . 2008-04-14 00:12 57856 ----a-w- c:\windows\system32\dllcache\spoolsv.exe
2012-12-13 00:30 . 2012-12-13 00:48 -------- d-----w- C:\f9b4f38f9924b111cb29
2012-12-11 00:29 . 2012-12-11 00:29 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-11 00:23 . 2012-12-11 00:23 -------- d-----w- c:\program files\Microsoft Works
2012-12-10 23:56 . 2012-12-11 00:09 -------- d-----w- c:\windows\LastGood(2)
2012-12-09 22:10 . 2012-12-11 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-25 16:32 . 2012-11-25 16:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\CheckPoint
2012-11-25 16:16 . 2012-11-25 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-10 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-10 04:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 22:22 . 2012-10-08 20:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 22:22 . 2012-05-10 19:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-02 02:02 . 2004-08-10 04:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-10-31 11:33 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2012-10-31 11:33 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-10-31 11:33 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2012-10-31 09:52 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-10 04:00 58368 ------w- c:\windows\system32\synceng.dll
2012-12-13 02:13 . 2012-12-13 02:04 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2008-1-16 1564672]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-08 22:53 10520 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
.
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/16/2008 7:12 PM 38144]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [1/16/2008 7:14 PM 273280]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\f:\maxtor backup\luna\Luna Online\GameGuard\dump_wmimmc.sys --> f:\maxtor backup\luna\Luna Online\GameGuard\dump_wmimmc.sys [?]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 97.107.80.10 97.107.80.11
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\
FF - ExtSQL: 2012-12-10 20:34; firefox@ghostery.com; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-10 20:34; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\2hpi9tiu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-23 13:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-12-23 13:30:10
ComboFix-quarantined-files.txt 2012-12-23 18:30
ComboFix2.txt 2012-12-20 02:45
.
Pre-Run: 49,659,211,776 bytes free
Post-Run: 49,663,840,256 bytes free
.
- - End Of File - - 40C7AC385D1E9AF0D3B4EFF210F45209
The sound is still garbled and it takes longer than it should to start up windows and any programs.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 24 December 2012 - 02:28 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#12 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 26 December 2012 - 07:00 PM

I will do this when I get home tonight.

#13 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 28 December 2012 - 01:41 PM

It took quite sometime but here are the results. D:\I386\APPS\APP09588\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
D:\I386\APPS\APP09588\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:49 PM

Posted 29 December 2012 - 08:08 AM

Lets check further.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#15 EscEscEsc

EscEscEsc
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:49 PM

Posted 29 December 2012 - 05:28 PM

17:17:25.0828 0780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:17:26.0656 0780 ============================================================
17:17:26.0656 0780 Current date / time: 2012/12/29 17:17:26.0656
17:17:26.0656 0780 SystemInfo:
17:17:26.0656 0780
17:17:26.0656 0780 OS Version: 5.1.2600 ServicePack: 3.0
17:17:26.0656 0780 Product type: Workstation
17:17:26.0656 0780 ComputerName: YOUR-4DACD0EA75
17:17:26.0656 0780 UserName: Compaq_Administrator
17:17:26.0656 0780 Windows directory: C:\WINDOWS
17:17:26.0656 0780 System windows directory: C:\WINDOWS
17:17:26.0656 0780 Processor architecture: Intel x86
17:17:26.0656 0780 Number of processors: 1
17:17:26.0656 0780 Page size: 0x1000
17:17:26.0656 0780 Boot type: Normal boot
17:17:26.0656 0780 ============================================================
17:17:31.0328 0780 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:17:31.0328 0780 ============================================================
17:17:31.0328 0780 \Device\Harddisk0\DR0:
17:17:31.0328 0780 MBR partitions:
17:17:31.0328 0780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x84E0862
17:17:31.0328 0780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x84E4762, BlocksNum 0x1029D5F
17:17:31.0328 0780 ============================================================
17:17:31.0812 0780 C: <-> \Device\Harddisk0\DR0\Partition1
17:17:31.0843 0780 D: <-> \Device\Harddisk0\DR0\Partition2
17:17:31.0843 0780 ============================================================
17:17:31.0843 0780 Initialize success
17:17:31.0843 0780 ============================================================
17:17:33.0937 1356 ============================================================
17:17:33.0937 1356 Scan started
17:17:33.0937 1356 Mode: Manual;
17:17:33.0937 1356 ============================================================
17:17:37.0140 1356 ================ Scan system memory ========================
17:17:37.0140 1356 System memory - ok
17:17:37.0140 1356 ================ Scan services =============================
17:17:38.0265 1356 Abiosdsk - ok
17:17:38.0281 1356 abp480n5 - ok
17:17:38.0515 1356 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:17:38.0703 1356 ACPI - ok
17:17:38.0750 1356 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:17:38.0765 1356 ACPIEC - ok
17:17:38.0781 1356 adpu160m - ok
17:17:38.0953 1356 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:17:39.0109 1356 aec - ok
17:17:39.0171 1356 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:17:39.0187 1356 AegisP - ok
17:17:39.0375 1356 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:17:39.0515 1356 AFD - ok
17:17:39.0531 1356 Aha154x - ok
17:17:39.0546 1356 aic78u2 - ok
17:17:39.0562 1356 aic78xx - ok
17:17:39.0609 1356 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:17:39.0625 1356 Alerter - ok
17:17:39.0703 1356 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:17:39.0750 1356 ALG - ok
17:17:39.0765 1356 AliIde - ok
17:17:39.0781 1356 amsint - ok
17:17:40.0000 1356 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:17:40.0171 1356 AppMgmt - ok
17:17:40.0265 1356 [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi C:\WINDOWS\system32\DRIVERS\aracpi.sys
17:17:40.0296 1356 aracpi - ok
17:17:40.0328 1356 [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
17:17:40.0343 1356 arhidfltr - ok
17:17:40.0375 1356 [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
17:17:40.0375 1356 arkbcfltr - ok
17:17:40.0390 1356 [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
17:17:40.0406 1356 armoucfltr - ok
17:17:40.0500 1356 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:17:40.0562 1356 Arp1394 - ok
17:17:40.0609 1356 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
17:17:40.0625 1356 ARPolicy - ok
17:17:40.0734 1356 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC C:\WINDOWS\arservice.exe
17:17:41.0968 1356 ARSVC - ok
17:17:41.0984 1356 asc - ok
17:17:42.0000 1356 asc3350p - ok
17:17:42.0015 1356 asc3550 - ok
17:17:42.0265 1356 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:17:42.0312 1356 aspnet_state - ok
17:17:42.0359 1356 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:17:42.0375 1356 AsyncMac - ok
17:17:42.0515 1356 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:17:42.0515 1356 atapi - ok
17:17:42.0531 1356 Atdisk - ok
17:17:42.0984 1356 [ 5784A06FDC2AC7954225A1A79E1A8F00 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:17:43.0390 1356 Ati HotKey Poller - ok
17:17:45.0078 1356 [ DD222CE49E79F15D2312A5E1F42E716E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:17:46.0703 1356 ati2mtag - ok
17:17:46.0796 1356 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:17:46.0859 1356 Atmarpc - ok
17:17:46.0968 1356 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:17:47.0093 1356 AudioSrv - ok
17:17:47.0140 1356 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:17:47.0140 1356 audstub - ok
17:17:47.0296 1356 avg8emc - ok
17:17:47.0312 1356 avg8wd - ok
17:17:47.0343 1356 [ 7270D070173B20AC9487EA16BB08B45F ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
17:17:47.0359 1356 bb-run - ok
17:17:47.0390 1356 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:17:47.0390 1356 Beep - ok
17:17:47.0750 1356 [ BB3EB3535856ADBEAD55A8B932F69D25 ] BELKIN C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
17:17:48.0078 1356 BELKIN - ok
17:17:48.0562 1356 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:17:49.0015 1356 BITS - ok
17:17:49.0296 1356 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:17:49.0546 1356 Bonjour Service - ok
17:17:49.0671 1356 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:17:49.0750 1356 Browser - ok
17:17:50.0046 1356 catchme - ok
17:17:50.0109 1356 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:17:50.0125 1356 cbidf2k - ok
17:17:50.0140 1356 CCCP106 - ok
17:17:50.0187 1356 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:17:50.0203 1356 CCDECODE - ok
17:17:50.0218 1356 cd20xrnt - ok
17:17:50.0265 1356 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:17:50.0296 1356 Cdaudio - ok
17:17:50.0375 1356 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:17:50.0437 1356 Cdfs - ok
17:17:50.0531 1356 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:17:50.0593 1356 Cdrom - ok
17:17:50.0609 1356 Changer - ok
17:17:50.0656 1356 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:17:50.0656 1356 CiSvc - ok
17:17:50.0718 1356 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:17:50.0750 1356 ClipSrv - ok
17:17:50.0890 1356 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:51.0000 1356 clr_optimization_v2.0.50727_32 - ok
17:17:51.0015 1356 CmdIde - ok
17:17:51.0015 1356 COMSysApp - ok
17:17:51.0046 1356 Cpqarray - ok
17:17:51.0156 1356 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:17:51.0218 1356 CryptSvc - ok
17:17:51.0234 1356 dac2w2k - ok
17:17:51.0250 1356 dac960nt - ok
17:17:51.0718 1356 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:17:52.0125 1356 DcomLaunch - ok
17:17:52.0296 1356 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:17:52.0437 1356 Dhcp - ok
17:17:52.0515 1356 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:17:52.0546 1356 Disk - ok
17:17:52.0562 1356 dmadmin - ok
17:17:53.0421 1356 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:17:54.0234 1356 dmboot - ok
17:17:54.0437 1356 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:17:54.0593 1356 dmio - ok
17:17:54.0687 1356 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:17:54.0687 1356 dmload - ok
17:17:54.0765 1356 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:17:54.0781 1356 dmserver - ok
17:17:54.0859 1356 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:17:54.0921 1356 DMusic - ok
17:17:55.0000 1356 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:17:55.0046 1356 Dnscache - ok
17:17:55.0234 1356 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:17:55.0375 1356 Dot3svc - ok
17:17:55.0390 1356 dpti2o - ok
17:17:55.0421 1356 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:17:55.0437 1356 drmkaud - ok
17:17:55.0437 1356 dump_wmimmc - ok
17:17:55.0500 1356 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:17:55.0546 1356 EapHost - ok
17:17:55.0609 1356 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
17:17:55.0656 1356 EAPPkt - ok
17:17:56.0000 1356 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
17:17:56.0250 1356 ehRecvr - ok
17:17:56.0406 1356 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
17:17:56.0500 1356 ehSched - ok
17:17:56.0562 1356 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:17:56.0593 1356 ERSvc - ok
17:17:56.0750 1356 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:17:56.0859 1356 Eventlog - ok
17:17:57.0156 1356 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:17:57.0828 1356 EventSystem - ok
17:17:58.0046 1356 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:17:58.0187 1356 Fastfat - ok
17:17:58.0390 1356 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:17:58.0531 1356 FastUserSwitchingCompatibility - ok
17:17:58.0593 1356 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:17:58.0609 1356 Fdc - ok
17:17:58.0687 1356 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:17:58.0734 1356 Fips - ok
17:17:59.0281 1356 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:59.0750 1356 FLEXnet Licensing Service - ok
17:17:59.0812 1356 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:17:59.0843 1356 Flpydisk - ok
17:18:00.0015 1356 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:18:00.0156 1356 FltMgr - ok
17:18:00.0281 1356 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:00.0328 1356 FontCache3.0.0.0 - ok
17:18:00.0390 1356 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:18:00.0390 1356 Fs_Rec - ok
17:18:00.0531 1356 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:18:00.0640 1356 Ftdisk - ok
17:18:00.0796 1356 [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
17:18:00.0937 1356 ftsata2 - ok
17:18:01.0046 1356 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:18:01.0093 1356 Gpc - ok
17:18:01.0296 1356 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:18:01.0453 1356 HDAudBus - ok
17:18:01.0609 1356 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:01.0656 1356 helpsvc - ok
17:18:01.0671 1356 HidServ - ok
17:18:01.0765 1356 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:18:01.0828 1356 hkmsvc - ok
17:18:01.0843 1356 hpn - ok
17:18:02.0125 1356 [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
17:18:02.0375 1356 HSXHWBS2 - ok
17:18:03.0343 1356 [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
17:18:04.0312 1356 HSX_DP - ok
17:18:04.0687 1356 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:18:04.0953 1356 HTTP - ok
17:18:05.0015 1356 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:18:05.0031 1356 HTTPFilter - ok
17:18:05.0046 1356 i2omgmt - ok
17:18:05.0062 1356 i2omp - ok
17:18:05.0125 1356 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:18:05.0187 1356 i8042prt - ok
17:18:05.0328 1356 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:18:05.0390 1356 IDriverT - ok
17:18:06.0375 1356 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:07.0296 1356 idsvc - ok
17:18:07.0375 1356 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:18:07.0421 1356 Imapi - ok
17:18:07.0625 1356 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:18:07.0781 1356 ImapiService - ok
17:18:07.0796 1356 ini910u - ok
17:18:16.0109 1356 [ 14B48553BE78472D2BD3A518658A1710 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:18:24.0062 1356 IntcAzAudAddService - ok
17:18:24.0093 1356 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:18:24.0093 1356 IntelIde - ok
17:18:24.0609 1356 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:18:24.0640 1356 intelppm - ok
17:18:24.0718 1356 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:18:24.0750 1356 Ip6Fw - ok
17:18:24.0828 1356 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:18:24.0843 1356 IpFilterDriver - ok
17:18:24.0906 1356 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:18:24.0921 1356 IpInIp - ok
17:18:25.0109 1356 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:18:25.0750 1356 IpNat - ok
17:18:25.0859 1356 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:18:25.0937 1356 IPSec - ok
17:18:25.0984 1356 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:18:25.0984 1356 IRENUM - ok
17:18:26.0062 1356 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:18:26.0109 1356 isapnp - ok
17:18:26.0140 1356 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:18:26.0171 1356 Kbdclass - ok
17:18:26.0796 1356 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:18:26.0968 1356 kmixer - ok
17:18:27.0093 1356 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:18:27.0187 1356 KSecDD - ok
17:18:27.0343 1356 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:18:27.0859 1356 lanmanserver - ok
17:18:28.0031 1356 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:18:28.0171 1356 lanmanworkstation - ok
17:18:28.0171 1356 lbrtfdc - ok
17:18:28.0250 1356 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:18:28.0265 1356 LmHosts - ok
17:18:28.0421 1356 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
17:18:28.0515 1356 McrdSvc - ok
17:18:28.0562 1356 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
17:18:28.0828 1356 MCSTRM - ok
17:18:29.0015 1356 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:18:29.0031 1356 mdmxsdk - ok
17:18:29.0093 1356 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:18:29.0140 1356 Messenger - ok
17:18:29.0250 1356 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
17:18:29.0312 1356 MHN - ok
17:18:29.0343 1356 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:18:29.0359 1356 MHNDRV - ok
17:18:29.0390 1356 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:18:29.0390 1356 mnmdd - ok
17:18:29.0468 1356 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:18:29.0500 1356 mnmsrvc - ok
17:18:29.0578 1356 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:18:30.0015 1356 Modem - ok
17:18:30.0062 1356 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:18:30.0093 1356 Mouclass - ok
17:18:30.0156 1356 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:18:30.0203 1356 MountMgr - ok
17:18:30.0390 1356 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:18:30.0531 1356 MozillaMaintenance - ok
17:18:30.0531 1356 mraid35x - ok
17:18:31.0171 1356 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:18:31.0343 1356 MRxDAV - ok
17:18:32.0296 1356 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:18:32.0765 1356 MRxSmb - ok
17:18:32.0812 1356 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:18:32.0843 1356 Msfs - ok
17:18:32.0843 1356 MSIServer - ok
17:18:33.0015 1356 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:18:33.0296 1356 MSKSSRV - ok
17:18:33.0343 1356 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:18:33.0359 1356 MSPCLOCK - ok
17:18:33.0375 1356 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:18:33.0390 1356 MSPQM - ok
17:18:33.0453 1356 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:18:33.0468 1356 mssmbios - ok
17:18:33.0500 1356 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:18:33.0515 1356 MSTEE - ok
17:18:33.0671 1356 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:18:33.0781 1356 Mup - ok
17:18:34.0515 1356 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:18:34.0687 1356 NABTSFEC - ok
17:18:35.0156 1356 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:18:35.0906 1356 napagent - ok
17:18:36.0671 1356 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:18:36.0859 1356 NDIS - ok
17:18:36.0890 1356 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:18:36.0953 1356 NdisIP - ok
17:18:37.0046 1356 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:18:37.0078 1356 NdisTapi - ok
17:18:37.0656 1356 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:18:37.0718 1356 Ndisuio - ok
17:18:37.0843 1356 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:18:37.0984 1356 NdisWan - ok
17:18:38.0203 1356 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:18:38.0234 1356 NDProxy - ok
17:18:38.0703 1356 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:18:38.0781 1356 NetBIOS - ok
17:18:39.0031 1356 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:18:39.0187 1356 NetBT - ok
17:18:39.0750 1356 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:18:39.0859 1356 NetDDE - ok
17:18:39.0984 1356 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:18:40.0000 1356 NetDDEdsdm - ok
17:18:40.0062 1356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:18:40.0078 1356 Netlogon - ok
17:18:40.0312 1356 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:18:40.0921 1356 Netman - ok
17:18:41.0203 1356 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:41.0343 1356 NetTcpPortSharing - ok
17:18:41.0484 1356 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:18:41.0593 1356 NIC1394 - ok
17:18:42.0562 1356 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:18:43.0312 1356 Nla - ok
17:18:43.0375 1356 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:18:43.0421 1356 Npfs - ok
17:18:43.0421 1356 npggsvc - ok
17:18:43.0484 1356 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\WINDOWS\system32\npptNT2.sys
17:18:43.0562 1356 NPPTNT2 - ok
17:18:44.0859 1356 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:18:45.0859 1356 Ntfs - ok
17:18:45.0906 1356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:18:45.0906 1356 NtLmSsp - ok
17:18:46.0906 1356 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:18:47.0812 1356 NtmsSvc - ok
17:18:48.0156 1356 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:18:48.0171 1356 Null - ok
17:18:48.0203 1356 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:18:48.0218 1356 NwlnkFlt - ok
17:18:48.0250 1356 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:18:48.0281 1356 NwlnkFwd - ok
17:18:48.0468 1356 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:18:48.0859 1356 ohci1394 - ok
17:18:48.0984 1356 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:18:49.0093 1356 Parport - ok
17:18:49.0125 1356 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:18:49.0156 1356 PartMgr - ok
17:18:49.0968 1356 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:18:49.0984 1356 ParVdm - ok
17:18:50.0062 1356 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:18:50.0140 1356 PCI - ok
17:18:50.0156 1356 PCIDump - ok
17:18:50.0187 1356 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:18:50.0187 1356 PCIIde - ok
17:18:50.0406 1356 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:18:51.0031 1356 Pcmcia - ok
17:18:51.0046 1356 PDCOMP - ok
17:18:51.0062 1356 PDFRAME - ok
17:18:51.0203 1356 PDRELI - ok
17:18:51.0218 1356 PDRFRAME - ok
17:18:51.0234 1356 perc2 - ok
17:18:51.0250 1356 perc2hib - ok
17:18:51.0375 1356 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
17:18:51.0390 1356 pfc - ok
17:18:51.0531 1356 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:18:51.0531 1356 PlugPlay - ok
17:18:51.0562 1356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:18:51.0562 1356 PolicyAgent - ok
17:18:52.0078 1356 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:18:52.0140 1356 PptpMiniport - ok
17:18:52.0203 1356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:18:52.0203 1356 ProtectedStorage - ok
17:18:52.0375 1356 ProtectsStore - ok
17:18:52.0468 1356 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:18:52.0531 1356 PSched - ok
17:18:53.0265 1356 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:18:53.0281 1356 Ptilink - ok
17:18:53.0593 1356 [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:18:53.0640 1356 PxHelp20 - ok
17:18:53.0656 1356 ql1080 - ok
17:18:54.0078 1356 Ql10wnt - ok
17:18:54.0093 1356 ql12160 - ok
17:18:54.0109 1356 ql1240 - ok
17:18:54.0234 1356 ql1280 - ok
17:18:54.0265 1356 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:18:54.0281 1356 RasAcd - ok
17:18:54.0406 1356 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:18:54.0515 1356 RasAuto - ok
17:18:54.0625 1356 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:18:55.0093 1356 Rasl2tp - ok
17:18:55.0656 1356 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:18:56.0312 1356 RasMan - ok
17:18:56.0375 1356 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:18:56.0421 1356 RasPppoe - ok
17:18:56.0640 1356 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:18:56.0703 1356 Raspti - ok
17:18:57.0718 1356 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:18:58.0312 1356 Rdbss - ok
17:18:58.0390 1356 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:18:58.0390 1356 RDPCDD - ok
17:18:58.0640 1356 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:18:58.0828 1356 rdpdr - ok
17:18:59.0468 1356 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:18:59.0609 1356 RDPWD - ok
17:18:59.0859 1356 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:19:00.0453 1356 RDSessMgr - ok
17:19:00.0562 1356 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:19:00.0625 1356 redbook - ok
17:19:00.0765 1356 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:19:00.0828 1356 RemoteAccess - ok
17:19:00.0953 1356 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:19:01.0484 1356 RemoteRegistry - ok
17:19:01.0656 1356 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:19:01.0765 1356 RpcLocator - ok
17:19:02.0625 1356 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:19:02.0625 1356 RpcSs - ok
17:19:02.0796 1356 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:19:02.0953 1356 RSVP - ok
17:19:03.0437 1356 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:19:03.0640 1356 RTL8023xp - ok
17:19:03.0703 1356 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:19:03.0718 1356 rtl8139 - ok
17:19:03.0765 1356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:19:03.0765 1356 SamSs - ok
17:19:03.0906 1356 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:19:04.0000 1356 SCardSvr - ok
17:19:04.0671 1356 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:19:04.0875 1356 Schedule - ok
17:19:04.0953 1356 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:19:04.0968 1356 Secdrv - ok
17:19:05.0015 1356 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:19:05.0046 1356 seclogon - ok
17:19:05.0109 1356 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:19:05.0156 1356 SENS - ok
17:19:05.0265 1356 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:19:05.0734 1356 Serial - ok
17:19:05.0812 1356 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:19:05.0812 1356 Sfloppy - ok
17:19:06.0218 1356 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:19:06.0968 1356 SharedAccess - ok
17:19:07.0140 1356 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:19:07.0140 1356 ShellHWDetection - ok
17:19:07.0156 1356 Simbad - ok
17:19:07.0187 1356 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:19:07.0203 1356 SLIP - ok
17:19:07.0218 1356 Sparrow - ok
17:19:07.0265 1356 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:19:07.0265 1356 splitter - ok
17:19:07.0375 1356 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:19:07.0421 1356 Spooler - ok
17:19:07.0437 1356 SQ931 - ok
17:19:07.0640 1356 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:19:08.0046 1356 sr - ok
17:19:08.0265 1356 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:19:08.0437 1356 srservice - ok
17:19:09.0312 1356 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:19:10.0078 1356 Srv - ok
17:19:10.0203 1356 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:19:10.0281 1356 SSDPSRV - ok
17:19:10.0671 1356 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:19:11.0406 1356 stisvc - ok
17:19:11.0453 1356 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:19:11.0468 1356 streamip - ok
17:19:11.0515 1356 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:19:11.0515 1356 swenum - ok
17:19:11.0593 1356 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:19:11.0656 1356 swmidi - ok
17:19:11.0671 1356 SwPrv - ok
17:19:11.0687 1356 symc810 - ok
17:19:11.0703 1356 symc8xx - ok
17:19:11.0718 1356 sym_hi - ok
17:19:11.0734 1356 sym_u3 - ok
17:19:11.0906 1356 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:19:12.0281 1356 sysaudio - ok
17:19:12.0421 1356 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:19:12.0515 1356 SysmonLog - ok
17:19:12.0812 1356 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:19:13.0484 1356 TapiSrv - ok
17:19:13.0921 1356 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:19:14.0718 1356 Tcpip - ok
17:19:14.0765 1356 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:19:14.0781 1356 TDPIPE - ok
17:19:14.0828 1356 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:19:14.0859 1356 TDTCP - ok
17:19:14.0937 1356 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:19:14.0968 1356 TermDD - ok
17:19:15.0750 1356 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:19:16.0046 1356 TermService - ok
17:19:16.0203 1356 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:19:16.0203 1356 Themes - ok
17:19:16.0734 1356 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:19:16.0812 1356 TlntSvr - ok
17:19:16.0828 1356 TosIde - ok
17:19:16.0968 1356 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:19:17.0062 1356 TrkWks - ok
17:19:17.0156 1356 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:19:17.0234 1356 Udfs - ok
17:19:17.0234 1356 ultra - ok
17:19:18.0093 1356 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:19:18.0921 1356 Update - ok
17:19:19.0156 1356 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:19:19.0343 1356 upnphost - ok
17:19:19.0390 1356 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:19:19.0421 1356 UPS - ok
17:19:19.0921 1356 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:19:19.0984 1356 usbaudio - ok
17:19:20.0046 1356 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:19:20.0078 1356 usbccgp - ok
17:19:20.0156 1356 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:19:20.0187 1356 usbehci - ok
17:19:20.0265 1356 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:19:20.0328 1356 usbhub - ok
17:19:20.0375 1356 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:19:20.0390 1356 usbohci - ok
17:19:20.0593 1356 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:19:20.0875 1356 usbscan - ok
17:19:20.0921 1356 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:19:20.0953 1356 usbstor - ok
17:19:21.0015 1356 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:19:21.0031 1356 usbuhci - ok
17:19:21.0093 1356 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:19:21.0109 1356 VgaSave - ok
17:19:21.0140 1356 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:19:21.0156 1356 ViaIde - ok
17:19:21.0218 1356 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:19:21.0265 1356 VolSnap - ok
17:19:22.0031 1356 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:19:22.0328 1356 VSS - ok
17:19:22.0531 1356 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:19:23.0109 1356 W32Time - ok
17:19:23.0171 1356 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:19:23.0203 1356 Wanarp - ok
17:19:24.0203 1356 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:19:24.0718 1356 Wdf01000 - ok
17:19:24.0734 1356 WDICA - ok
17:19:24.0859 1356 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:19:24.0953 1356 wdmaud - ok
17:19:25.0468 1356 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:19:25.0531 1356 WebClient - ok
17:19:26.0640 1356 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
17:19:27.0328 1356 winachsx - ok
17:19:27.0609 1356 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:19:27.0781 1356 winmgmt - ok
17:19:28.0171 1356 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
17:19:28.0453 1356 WLSetupSvc - ok
17:19:28.0515 1356 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:19:28.0531 1356 WmdmPmSN - ok
17:19:29.0250 1356 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:19:29.0890 1356 Wmi - ok
17:19:30.0046 1356 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:19:30.0187 1356 WmiApSrv - ok
17:19:30.0265 1356 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:19:30.0296 1356 WpdUsb - ok
17:19:30.0343 1356 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:19:30.0359 1356 WS2IFSL - ok
17:19:30.0484 1356 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:19:30.0578 1356 wscsvc - ok
17:19:30.0625 1356 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:19:30.0640 1356 WSTCODEC - ok
17:19:30.0687 1356 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:19:30.0703 1356 wuauserv - ok
17:19:30.0796 1356 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:19:30.0859 1356 WudfPf - ok
17:19:30.0953 1356 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:19:31.0000 1356 WudfSvc - ok
17:19:31.0546 1356 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:19:32.0046 1356 WZCSVC - ok
17:19:32.0218 1356 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:19:32.0359 1356 xmlprov - ok
17:19:33.0062 1356 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:19:33.0734 1356 YahooAUService - ok
17:19:33.0765 1356 zumbus - ok
17:19:33.0859 1356 ================ Scan global ===============================
17:19:33.0953 1356 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:19:34.0390 1356 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:19:35.0000 1356 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:19:35.0140 1356 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:19:35.0140 1356 [Global] - ok
17:19:35.0140 1356 ================ Scan MBR ==================================
17:19:35.0203 1356 [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0
17:19:35.0734 1356 \Device\Harddisk0\DR0 - ok
17:19:35.0750 1356 ================ Scan VBR ==================================
17:19:35.0781 1356 [ A1E8A38851209868A9E518AFE2603548 ] \Device\Harddisk0\DR0\Partition1
17:19:35.0781 1356 \Device\Harddisk0\DR0\Partition1 - ok
17:19:35.0828 1356 [ F3E83EE95FBFEEBB23FD8B3067B9F2AE ] \Device\Harddisk0\DR0\Partition2
17:19:35.0828 1356 \Device\Harddisk0\DR0\Partition2 - ok
17:19:35.0828 1356 ============================================================
17:19:35.0828 1356 Scan finished
17:19:35.0828 1356 ============================================================
17:19:35.0843 2884 Detected object count: 0
17:19:35.0843 2884 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users