Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CANNOT remove virus from windows xp


  • This topic is locked This topic is locked
23 replies to this topic

#1 take_flight

take_flight

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 01:37 PM

I noticed the other day that I may have some sort of virus when I attempted to go to microsoft dot com for something, and the browser kept returning to google. I then attempted to click a link in a google search for microsoft, and got a 404 error on google chrome. ("The requested URL /surface/was not found on this server. That's all we know." NOTE there is no microsoft.com/surface...just /surface/). I attempted the same thing on firefox, and got the same result. i really want to mention at this point that no matter what search engine I used, the 404 was ALWAYS google, even if I was using firefox and used Bing or Yahoo to search. I ran rkill, 1 process was terminated. (C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 120) [WD-HEUR]). I ran malwarebytes, it found nothing. I then restarted in safe mode, and could access microsoft dot com just fine. I went to microsoft and downloaded the windows malicious software removal tool, ran it and it found nothing. I re-ran malwarebytes AFTER updating it...still nothing.

At this point, I re-started in normal mode and accessed the malicious software removal tool from my downloads and after 3 tries to run it, (each time I attempted to run it, it would say the scan was terminated by the user, I DID NOT cancel it), it FINALLY scanned and found nothing. I re-ran rkill and malwarebytes...malwarebytes found 19 items this time, but none were my problem. I re-ran malwarebytes again and it found 1 more but it was still not my problem.

I also want to add that recently there has been a yellow shield in notification area saying updates are ready for my computer. What makes me suspicious about it is that it gives me no option to exit it or any "remind me later", my ONLY option is to click on the shield to download updates.

My main browser is Chrome, but I do have Firefox, it makes no difference what browser I use, just whether I'm in safe mode or normal mode.

I also attempted to ping microsoft dot com while I was in normal mode and could not, all 4 packets were lost.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:57 AM

Posted 26 December 2012 - 03:11 PM

Hello and welcome..

Reboot into Safe Mode with Networking and see if you can run these.

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

>>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>>
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


Now run MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 04:38 PM

Hi! Thank you...I'm downloading and trying now. I will keep you posted!

#4 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 05:08 PM

O.k., I restarted in safe mode and followed all instructions. RKill found nothing to terminate and TDSS Killer found nothing, MBAM found nothing. There WAS some things in quarantine. The things in quarantine were:

spyware.zbot
antimalware pro (many many of these)
PUP FunWebPro

I rebooted in normal mode and can't go to the link for the ESET online scan. I get 404 not found "the requested URL us/online-scanner-popup/ was not found on this server. That's all we know."

Edited by take_flight, 26 December 2012 - 05:11 PM.


#5 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 05:38 PM

16:41:23.0015 1068 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:41:23.0343 1068 ============================================================
16:41:23.0343 1068 Current date / time: 2012/12/26 16:41:23.0343
16:41:23.0343 1068 SystemInfo:
16:41:23.0343 1068
16:41:23.0343 1068 OS Version: 5.1.2600 ServicePack: 3.0
16:41:23.0343 1068 Product type: Workstation
16:41:23.0343 1068 ComputerName: WITHHELD
16:41:23.0343 1068 UserName: WITHHELD
16:41:23.0343 1068 Windows directory: C:\WINDOWS
16:41:23.0343 1068 System windows directory: C:\WINDOWS
16:41:23.0343 1068 Processor architecture: Intel x86
16:41:23.0343 1068 Number of processors: 1
16:41:23.0343 1068 Page size: 0x1000
16:41:23.0343 1068 Boot type: Safe boot with network
16:41:23.0343 1068 ============================================================
16:41:24.0968 1068 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:41:24.0968 1068 ============================================================
16:41:24.0968 1068 \Device\Harddisk0\DR0:
16:41:24.0968 1068 MBR partitions:
16:41:24.0968 1068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8E9729B
16:41:24.0968 1068 ============================================================
16:41:25.0015 1068 C: <-> \Device\Harddisk0\DR0\Partition1
16:41:25.0015 1068 ============================================================
16:41:25.0015 1068 Initialize success
16:41:25.0015 1068 ============================================================
16:41:26.0578 0892 ============================================================
16:41:26.0578 0892 Scan started
16:41:26.0578 0892 Mode: Manual;
16:41:26.0578 0892 ============================================================
16:41:27.0656 0892 ================ Scan system memory ========================
16:41:27.0656 0892 System memory - ok
16:41:27.0671 0892 ================ Scan services =============================
16:41:27.0796 0892 Abiosdsk - ok
16:41:27.0859 0892 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:41:27.0859 0892 abp480n5 - ok
16:41:27.0921 0892 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:41:27.0921 0892 ACPI - ok
16:41:27.0968 0892 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:41:27.0968 0892 ACPIEC - ok
16:41:28.0062 0892 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:41:28.0062 0892 AdobeFlashPlayerUpdateSvc - ok
16:41:28.0140 0892 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:41:28.0140 0892 adpu160m - ok
16:41:28.0187 0892 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:41:28.0187 0892 aec - ok
16:41:28.0250 0892 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:41:28.0250 0892 AegisP - ok
16:41:28.0312 0892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:41:28.0312 0892 AFD - ok
16:41:28.0375 0892 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:41:28.0375 0892 agp440 - ok
16:41:28.0406 0892 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:41:28.0406 0892 agpCPQ - ok
16:41:28.0468 0892 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:41:28.0468 0892 Aha154x - ok
16:41:28.0500 0892 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:41:28.0500 0892 aic78u2 - ok
16:41:28.0531 0892 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:41:28.0531 0892 aic78xx - ok
16:41:28.0578 0892 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:41:28.0578 0892 Alerter - ok
16:41:28.0625 0892 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:41:28.0625 0892 ALG - ok
16:41:28.0671 0892 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:41:28.0671 0892 AliIde - ok
16:41:28.0703 0892 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:41:28.0703 0892 alim1541 - ok
16:41:28.0734 0892 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:41:28.0734 0892 amdagp - ok
16:41:28.0765 0892 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:41:28.0765 0892 amsint - ok
16:41:28.0796 0892 AppMgmt - ok
16:41:28.0843 0892 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:41:28.0843 0892 asc - ok
16:41:28.0875 0892 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:41:28.0875 0892 asc3350p - ok
16:41:28.0921 0892 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:41:28.0921 0892 asc3550 - ok
16:41:29.0046 0892 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:41:29.0046 0892 aspnet_state - ok
16:41:29.0125 0892 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:41:29.0125 0892 AsyncMac - ok
16:41:29.0171 0892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:41:29.0187 0892 atapi - ok
16:41:29.0187 0892 Atdisk - ok
16:41:29.0250 0892 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:41:29.0250 0892 Atmarpc - ok
16:41:29.0296 0892 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:41:29.0296 0892 AudioSrv - ok
16:41:29.0343 0892 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:41:29.0343 0892 audstub - ok
16:41:29.0421 0892 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:41:29.0421 0892 Beep - ok
16:41:29.0500 0892 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:41:29.0515 0892 BITS - ok
16:41:29.0578 0892 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:41:29.0578 0892 Browser - ok
16:41:29.0609 0892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:41:29.0609 0892 cbidf - ok
16:41:29.0640 0892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:41:29.0640 0892 cbidf2k - ok
16:41:29.0687 0892 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:41:29.0687 0892 cd20xrnt - ok
16:41:29.0703 0892 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:41:29.0703 0892 Cdaudio - ok
16:41:29.0765 0892 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:41:29.0765 0892 Cdfs - ok
16:41:29.0781 0892 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:41:29.0781 0892 Cdrom - ok
16:41:29.0812 0892 Changer - ok
16:41:29.0875 0892 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:41:29.0875 0892 CiSvc - ok
16:41:29.0906 0892 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:41:29.0906 0892 ClipSrv - ok
16:41:29.0968 0892 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:41:29.0968 0892 clr_optimization_v2.0.50727_32 - ok
16:41:30.0000 0892 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:41:30.0000 0892 CmdIde - ok
16:41:30.0031 0892 COMSysApp - ok
16:41:30.0109 0892 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:41:30.0109 0892 Cpqarray - ok
16:41:30.0156 0892 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:41:30.0156 0892 CryptSvc - ok
16:41:30.0187 0892 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:41:30.0203 0892 dac2w2k - ok
16:41:30.0234 0892 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:41:30.0234 0892 dac960nt - ok
16:41:30.0312 0892 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:41:30.0312 0892 DcomLaunch - ok
16:41:30.0375 0892 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:41:30.0390 0892 Dhcp - ok
16:41:30.0453 0892 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:41:30.0453 0892 Disk - ok
16:41:30.0484 0892 dmadmin - ok
16:41:30.0531 0892 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:41:30.0546 0892 dmboot - ok
16:41:30.0593 0892 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:41:30.0593 0892 dmio - ok
16:41:30.0640 0892 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:41:30.0640 0892 dmload - ok
16:41:30.0687 0892 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:41:30.0687 0892 dmserver - ok
16:41:30.0718 0892 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:41:30.0718 0892 DMusic - ok
16:41:30.0765 0892 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:41:30.0765 0892 Dnscache - ok
16:41:30.0875 0892 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:41:30.0875 0892 Dot3svc - ok
16:41:30.0921 0892 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:41:30.0921 0892 Dot4 - ok
16:41:30.0984 0892 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:41:30.0984 0892 Dot4Print - ok
16:41:31.0046 0892 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:41:31.0046 0892 dot4usb - ok
16:41:31.0078 0892 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:41:31.0078 0892 dpti2o - ok
16:41:31.0125 0892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:41:31.0125 0892 drmkaud - ok
16:41:31.0203 0892 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
16:41:31.0203 0892 drvmcdb - ok
16:41:31.0250 0892 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
16:41:31.0250 0892 drvnddm - ok
16:41:31.0375 0892 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
16:41:31.0375 0892 DSBrokerService - ok
16:41:31.0421 0892 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:41:31.0421 0892 DSproct - ok
16:41:31.0468 0892 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
16:41:31.0468 0892 dsunidrv - ok
16:41:31.0500 0892 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:41:31.0500 0892 E100B - ok
16:41:31.0562 0892 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:41:31.0562 0892 EapHost - ok
16:41:31.0609 0892 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:41:31.0609 0892 ERSvc - ok
16:41:31.0656 0892 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:41:31.0656 0892 Eventlog - ok
16:41:31.0734 0892 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:41:31.0734 0892 EventSystem - ok
16:41:31.0796 0892 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:41:31.0796 0892 Fastfat - ok
16:41:31.0859 0892 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:41:31.0859 0892 FastUserSwitchingCompatibility - ok
16:41:31.0937 0892 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:41:31.0937 0892 Fax - ok
16:41:31.0968 0892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:41:31.0968 0892 Fdc - ok
16:41:32.0031 0892 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:41:32.0031 0892 Fips - ok
16:41:32.0062 0892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:41:32.0062 0892 Flpydisk - ok
16:41:32.0109 0892 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:41:32.0109 0892 FltMgr - ok
16:41:32.0187 0892 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:41:32.0187 0892 FontCache3.0.0.0 - ok
16:41:32.0218 0892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:41:32.0218 0892 Fs_Rec - ok
16:41:32.0281 0892 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:41:32.0281 0892 Ftdisk - ok
16:41:32.0328 0892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:41:32.0328 0892 Gpc - ok
16:41:32.0484 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:41:32.0484 0892 gupdate - ok
16:41:32.0515 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:41:32.0515 0892 gupdatem - ok
16:41:32.0593 0892 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:41:32.0593 0892 gusvc - ok
16:41:32.0656 0892 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:41:32.0656 0892 HDAudBus - ok
16:41:32.0750 0892 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:41:32.0750 0892 helpsvc - ok
16:41:32.0796 0892 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:41:32.0796 0892 HidServ - ok
16:41:32.0843 0892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:41:32.0843 0892 HidUsb - ok
16:41:32.0921 0892 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:41:32.0921 0892 hkmsvc - ok
16:41:32.0953 0892 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:41:32.0953 0892 hpn - ok
16:41:33.0000 0892 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:41:33.0015 0892 HTTP - ok
16:41:33.0078 0892 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:41:33.0078 0892 HTTPFilter - ok
16:41:33.0109 0892 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:41:33.0109 0892 i2omgmt - ok
16:41:33.0171 0892 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:41:33.0171 0892 i2omp - ok
16:41:33.0187 0892 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:41:33.0187 0892 i8042prt - ok
16:41:33.0265 0892 [ 5A8E05F1D5C36ABD58CFFA111EB325EA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:41:33.0281 0892 ialm - ok
16:41:33.0390 0892 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:41:33.0390 0892 IDriverT - ok
16:41:33.0500 0892 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:41:33.0500 0892 idsvc - ok
16:41:33.0562 0892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:41:33.0562 0892 Imapi - ok
16:41:33.0625 0892 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:41:33.0625 0892 ImapiService - ok
16:41:33.0687 0892 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:41:33.0687 0892 ini910u - ok
16:41:33.0796 0892 [ BCC7BAA754E74F7588397AF683E01918 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
16:41:33.0796 0892 IntelC51 - ok
16:41:33.0843 0892 [ 3ECE5E32EC28BB28D84EEFC6EE3A76B9 ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
16:41:33.0843 0892 IntelC52 - ok
16:41:33.0875 0892 [ C99B4D61AD43BB324771E753E8F99063 ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
16:41:33.0875 0892 IntelC53 - ok
16:41:33.0906 0892 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:41:33.0906 0892 IntelIde - ok
16:41:33.0984 0892 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:41:33.0984 0892 intelppm - ok
16:41:34.0031 0892 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:41:34.0031 0892 Ip6Fw - ok
16:41:34.0078 0892 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:41:34.0078 0892 IpFilterDriver - ok
16:41:34.0140 0892 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:41:34.0140 0892 IpInIp - ok
16:41:34.0171 0892 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:41:34.0171 0892 IpNat - ok
16:41:34.0218 0892 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:41:34.0218 0892 IPSec - ok
16:41:34.0265 0892 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:41:34.0265 0892 IRENUM - ok
16:41:34.0328 0892 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:41:34.0328 0892 isapnp - ok
16:41:34.0484 0892 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:41:34.0484 0892 JavaQuickStarterService - ok
16:41:34.0515 0892 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:41:34.0515 0892 Kbdclass - ok
16:41:34.0578 0892 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:41:34.0578 0892 kbdhid - ok
16:41:34.0625 0892 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:41:34.0625 0892 kmixer - ok
16:41:34.0687 0892 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:41:34.0687 0892 KSecDD - ok
16:41:34.0734 0892 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:41:34.0734 0892 lanmanserver - ok
16:41:34.0765 0892 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:41:34.0765 0892 lanmanworkstation - ok
16:41:34.0796 0892 lbrtfdc - ok
16:41:34.0875 0892 [ C91206CA84684057118265E8377C77B6 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
16:41:34.0875 0892 LHidFilt - ok
16:41:34.0968 0892 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
16:41:34.0968 0892 LinksysUpdater - ok
16:41:35.0062 0892 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:41:35.0062 0892 LmHosts - ok
16:41:35.0109 0892 [ 9F03720FA5E6D14CD4DFEA610F2C1A7C ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
16:41:35.0109 0892 LMouFilt - ok
16:41:35.0203 0892 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:41:35.0203 0892 MDM - ok
16:41:35.0250 0892 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:41:35.0265 0892 Messenger - ok
16:41:35.0312 0892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:41:35.0312 0892 mnmdd - ok
16:41:35.0359 0892 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:41:35.0359 0892 mnmsrvc - ok
16:41:35.0406 0892 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:41:35.0406 0892 Modem - ok
16:41:35.0468 0892 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
16:41:35.0468 0892 MODEMCSA - ok
16:41:35.0484 0892 [ 0331601D3B151EE760C9206C17506F41 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
16:41:35.0484 0892 mohfilt - ok
16:41:35.0515 0892 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:41:35.0515 0892 Mouclass - ok
16:41:35.0562 0892 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:41:35.0562 0892 mouhid - ok
16:41:35.0625 0892 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:41:35.0625 0892 MountMgr - ok
16:41:35.0718 0892 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:41:35.0718 0892 MozillaMaintenance - ok
16:41:35.0765 0892 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:41:35.0765 0892 mraid35x - ok
16:41:35.0781 0892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:41:35.0781 0892 MRxDAV - ok
16:41:35.0843 0892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:41:35.0843 0892 MRxSmb - ok
16:41:35.0906 0892 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:41:35.0921 0892 MSDTC - ok
16:41:35.0968 0892 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:41:35.0968 0892 Msfs - ok
16:41:36.0000 0892 MSIServer - ok
16:41:36.0046 0892 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:41:36.0046 0892 MSKSSRV - ok
16:41:36.0078 0892 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:41:36.0078 0892 MSPCLOCK - ok
16:41:36.0109 0892 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:41:36.0109 0892 MSPQM - ok
16:41:36.0140 0892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:41:36.0140 0892 mssmbios - ok
16:41:36.0203 0892 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:41:36.0203 0892 Mup - ok
16:41:36.0250 0892 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:41:36.0250 0892 napagent - ok
16:41:36.0312 0892 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:41:36.0312 0892 NDIS - ok
16:41:36.0375 0892 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:41:36.0375 0892 NdisTapi - ok
16:41:36.0421 0892 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:41:36.0421 0892 Ndisuio - ok
16:41:36.0437 0892 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:41:36.0437 0892 NdisWan - ok
16:41:36.0484 0892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:41:36.0484 0892 NDProxy - ok
16:41:36.0531 0892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:41:36.0531 0892 NetBIOS - ok
16:41:36.0562 0892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:41:36.0562 0892 NetBT - ok
16:41:36.0625 0892 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:41:36.0625 0892 NetDDE - ok
16:41:36.0640 0892 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:41:36.0640 0892 NetDDEdsdm - ok
16:41:36.0703 0892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:41:36.0703 0892 Netlogon - ok
16:41:36.0734 0892 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:41:36.0734 0892 Netman - ok
16:41:36.0875 0892 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
16:41:36.0875 0892 NetSvc - ok
16:41:36.0937 0892 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:36.0937 0892 NetTcpPortSharing - ok
16:41:37.0015 0892 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:41:37.0015 0892 Nla - ok
16:41:37.0140 0892 [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
16:41:37.0140 0892 nmservice - ok
16:41:37.0203 0892 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:41:37.0203 0892 Npfs - ok
16:41:37.0250 0892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:41:37.0265 0892 Ntfs - ok
16:41:37.0296 0892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:41:37.0296 0892 NtLmSsp - ok
16:41:37.0437 0892 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:41:37.0453 0892 NtmsSvc - ok
16:41:37.0500 0892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:41:37.0500 0892 Null - ok
16:41:37.0703 0892 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:41:37.0718 0892 nv - ok
16:41:37.0781 0892 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:41:37.0796 0892 NwlnkFlt - ok
16:41:37.0828 0892 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:41:37.0828 0892 NwlnkFwd - ok
16:41:37.0890 0892 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:41:37.0890 0892 ose - ok
16:41:37.0953 0892 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:41:37.0953 0892 Parport - ok
16:41:38.0015 0892 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:41:38.0015 0892 PartMgr - ok
16:41:38.0062 0892 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:41:38.0062 0892 ParVdm - ok
16:41:38.0093 0892 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:41:38.0093 0892 PCI - ok
16:41:38.0109 0892 PCIDump - ok
16:41:38.0140 0892 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:41:38.0140 0892 PCIIde - ok
16:41:38.0203 0892 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:41:38.0203 0892 Pcmcia - ok
16:41:38.0218 0892 PDCOMP - ok
16:41:38.0265 0892 PDFRAME - ok
16:41:38.0296 0892 PDRELI - ok
16:41:38.0312 0892 PDRFRAME - ok
16:41:38.0343 0892 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:41:38.0343 0892 perc2 - ok
16:41:38.0390 0892 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:41:38.0390 0892 perc2hib - ok
16:41:38.0484 0892 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:41:38.0484 0892 PlugPlay - ok
16:41:38.0546 0892 [ DEA06627596015263360097C2608384E ] pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
16:41:38.0546 0892 pnarp - ok
16:41:38.0578 0892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:41:38.0578 0892 PolicyAgent - ok
16:41:38.0625 0892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:41:38.0625 0892 PptpMiniport - ok
16:41:38.0640 0892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:41:38.0656 0892 ProtectedStorage - ok
16:41:38.0671 0892 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:41:38.0671 0892 PSched - ok
16:41:38.0734 0892 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:41:38.0734 0892 PSI_SVC_2 - ok
16:41:38.0796 0892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:41:38.0796 0892 Ptilink - ok
16:41:38.0828 0892 [ C0CDB9F7CE42C3487F0BEA409BF5D153 ] purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
16:41:38.0828 0892 purendis - ok
16:41:38.0875 0892 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:41:38.0875 0892 PxHelp20 - ok
16:41:38.0984 0892 [ F3775745CBEEDC8E4690D822FE669BF5 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:41:38.0984 0892 QBCFMonitorService - ok
16:41:39.0078 0892 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:41:39.0078 0892 QBFCService - ok
16:41:39.0125 0892 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:41:39.0125 0892 ql1080 - ok
16:41:39.0156 0892 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:41:39.0156 0892 Ql10wnt - ok
16:41:39.0187 0892 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:41:39.0187 0892 ql12160 - ok
16:41:39.0234 0892 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:41:39.0234 0892 ql1240 - ok
16:41:39.0281 0892 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:41:39.0281 0892 ql1280 - ok
16:41:39.0328 0892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:41:39.0328 0892 RasAcd - ok
16:41:39.0390 0892 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:41:39.0390 0892 RasAuto - ok
16:41:39.0437 0892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:41:39.0437 0892 Rasl2tp - ok
16:41:39.0500 0892 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:41:39.0500 0892 RasMan - ok
16:41:39.0531 0892 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:41:39.0531 0892 RasPppoe - ok
16:41:39.0562 0892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:41:39.0562 0892 Raspti - ok
16:41:39.0625 0892 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:41:39.0625 0892 Rdbss - ok
16:41:39.0656 0892 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:41:39.0656 0892 RDPCDD - ok
16:41:39.0718 0892 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:41:39.0718 0892 rdpdr - ok
16:41:39.0812 0892 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:41:39.0812 0892 RDPWD - ok
16:41:39.0859 0892 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:41:39.0875 0892 RDSessMgr - ok
16:41:39.0890 0892 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:41:39.0906 0892 redbook - ok
16:41:39.0953 0892 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:41:39.0953 0892 RemoteAccess - ok
16:41:40.0000 0892 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:41:40.0015 0892 RpcLocator - ok
16:41:40.0062 0892 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:41:40.0062 0892 RpcSs - ok
16:41:40.0125 0892 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:41:40.0125 0892 RSVP - ok
16:41:40.0203 0892 [ FE999B16E967C84790BE6DC1B4E78F2D ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
16:41:40.0203 0892 RTL8187B - ok
16:41:40.0250 0892 [ 7FD98E91896CAD23169A84874F145250 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
16:41:40.0250 0892 RTL8192su - ok
16:41:40.0296 0892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:41:40.0296 0892 SamSs - ok
16:41:40.0359 0892 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:41:40.0359 0892 SCardSvr - ok
16:41:40.0406 0892 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:41:40.0421 0892 Schedule - ok
16:41:40.0484 0892 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:41:40.0484 0892 Secdrv - ok
16:41:40.0515 0892 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:41:40.0515 0892 seclogon - ok
16:41:40.0531 0892 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:41:40.0531 0892 SENS - ok
16:41:40.0578 0892 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:41:40.0593 0892 serenum - ok
16:41:40.0640 0892 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:41:40.0640 0892 Serial - ok
16:41:40.0703 0892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:41:40.0703 0892 Sfloppy - ok
16:41:40.0765 0892 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:41:40.0765 0892 SharedAccess - ok
16:41:40.0796 0892 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:41:40.0796 0892 ShellHWDetection - ok
16:41:40.0812 0892 Simbad - ok
16:41:40.0890 0892 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:41:40.0890 0892 sisagp - ok
16:41:40.0937 0892 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:41:40.0937 0892 Sparrow - ok
16:41:40.0984 0892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:41:40.0984 0892 splitter - ok
16:41:41.0062 0892 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:41:41.0062 0892 Spooler - ok
16:41:41.0125 0892 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:41:41.0125 0892 sr - ok
16:41:41.0187 0892 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:41:41.0187 0892 srservice - ok
16:41:41.0265 0892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:41:41.0265 0892 Srv - ok
16:41:41.0296 0892 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
16:41:41.0296 0892 sscdbhk5 - ok
16:41:41.0359 0892 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:41:41.0359 0892 SSDPSRV - ok
16:41:41.0375 0892 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
16:41:41.0375 0892 ssrtln - ok
16:41:41.0468 0892 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:41:41.0468 0892 STHDA - ok
16:41:41.0531 0892 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:41:41.0531 0892 stisvc - ok
16:41:41.0578 0892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:41:41.0578 0892 swenum - ok
16:41:41.0640 0892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:41:41.0640 0892 swmidi - ok
16:41:41.0656 0892 SwPrv - ok
16:41:41.0703 0892 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:41:41.0703 0892 symc810 - ok
16:41:41.0734 0892 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:41:41.0734 0892 symc8xx - ok
16:41:41.0765 0892 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:41:41.0765 0892 sym_hi - ok
16:41:41.0781 0892 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:41:41.0781 0892 sym_u3 - ok
16:41:41.0828 0892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:41:41.0828 0892 sysaudio - ok
16:41:41.0890 0892 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:41:41.0890 0892 SysmonLog - ok
16:41:41.0937 0892 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:41:41.0937 0892 TapiSrv - ok
16:41:42.0015 0892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:41:42.0015 0892 Tcpip - ok
16:41:42.0078 0892 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:41:42.0078 0892 TDPIPE - ok
16:41:42.0140 0892 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:41:42.0140 0892 TDTCP - ok
16:41:42.0187 0892 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:41:42.0187 0892 TermDD - ok
16:41:42.0218 0892 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:41:42.0234 0892 TermService - ok
16:41:42.0328 0892 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
16:41:42.0328 0892 tfsnboio - ok
16:41:42.0343 0892 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
16:41:42.0343 0892 tfsncofs - ok
16:41:42.0375 0892 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
16:41:42.0375 0892 tfsndrct - ok
16:41:42.0390 0892 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
16:41:42.0390 0892 tfsndres - ok
16:41:42.0421 0892 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
16:41:42.0421 0892 tfsnifs - ok
16:41:42.0453 0892 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
16:41:42.0453 0892 tfsnopio - ok
16:41:42.0484 0892 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
16:41:42.0484 0892 tfsnpool - ok
16:41:42.0500 0892 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
16:41:42.0500 0892 tfsnudf - ok
16:41:42.0531 0892 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
16:41:42.0531 0892 tfsnudfa - ok
16:41:42.0562 0892 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:41:42.0562 0892 Themes - ok
16:41:42.0609 0892 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:41:42.0609 0892 TosIde - ok
16:41:42.0656 0892 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:41:42.0656 0892 TrkWks - ok
16:41:42.0718 0892 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:41:42.0718 0892 Udfs - ok
16:41:42.0765 0892 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:41:42.0765 0892 ultra - ok
16:41:42.0843 0892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:41:42.0843 0892 Update - ok
16:41:42.0921 0892 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:41:42.0921 0892 upnphost - ok
16:41:42.0968 0892 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:41:42.0968 0892 UPS - ok
16:41:43.0031 0892 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:41:43.0031 0892 usbccgp - ok
16:41:43.0062 0892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:41:43.0062 0892 usbehci - ok
16:41:43.0125 0892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:41:43.0125 0892 usbhub - ok
16:41:43.0140 0892 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:41:43.0140 0892 usbprint - ok
16:41:43.0187 0892 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:41:43.0187 0892 usbscan - ok
16:41:43.0218 0892 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:41:43.0218 0892 USBSTOR - ok
16:41:43.0234 0892 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:41:43.0234 0892 usbuhci - ok
16:41:43.0265 0892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:41:43.0265 0892 VgaSave - ok
16:41:43.0312 0892 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:41:43.0312 0892 viaagp - ok
16:41:43.0359 0892 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:41:43.0359 0892 ViaIde - ok
16:41:43.0406 0892 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:41:43.0406 0892 VolSnap - ok
16:41:43.0468 0892 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:41:43.0468 0892 VSS - ok
16:41:43.0531 0892 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:41:43.0531 0892 w32time - ok
16:41:43.0593 0892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:41:43.0593 0892 Wanarp - ok
16:41:43.0609 0892 wanatw - ok
16:41:43.0671 0892 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:41:43.0687 0892 Wdf01000 - ok
16:41:43.0703 0892 WDICA - ok
16:41:43.0765 0892 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:41:43.0765 0892 wdmaud - ok
16:41:43.0796 0892 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:41:43.0796 0892 WebClient - ok
16:41:43.0921 0892 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:41:43.0921 0892 winmgmt - ok
16:41:44.0093 0892 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:41:44.0109 0892 wlidsvc - ok
16:41:44.0171 0892 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:41:44.0171 0892 WmdmPmSN - ok
16:41:44.0234 0892 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:41:44.0234 0892 WmiApSrv - ok
16:41:44.0328 0892 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:41:44.0328 0892 WMPNetworkSvc - ok
16:41:44.0390 0892 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:41:44.0390 0892 wscsvc - ok
16:41:44.0421 0892 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:41:44.0421 0892 wuauserv - ok
16:41:44.0484 0892 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:41:44.0484 0892 WudfPf - ok
16:41:44.0515 0892 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:41:44.0515 0892 WudfRd - ok
16:41:44.0546 0892 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:41:44.0546 0892 WudfSvc - ok
16:41:44.0640 0892 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:41:44.0640 0892 WZCSVC - ok
16:41:44.0687 0892 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:41:44.0703 0892 xmlprov - ok
16:41:44.0750 0892 ================ Scan global ===============================
16:41:44.0781 0892 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:41:44.0843 0892 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:41:44.0859 0892 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:41:44.0890 0892 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:41:44.0890 0892 [Global] - ok
16:41:44.0906 0892 ================ Scan MBR ==================================
16:41:44.0937 0892 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
16:41:45.0125 0892 \Device\Harddisk0\DR0 - ok
16:41:45.0140 0892 ================ Scan VBR ==================================
16:41:45.0156 0892 [ CB4897F38AA7102DDCB4FEE996DD7B2D ] \Device\Harddisk0\DR0\Partition1
16:41:45.0156 0892 \Device\Harddisk0\DR0\Partition1 - ok
16:41:45.0171 0892 ============================================================
16:41:45.0171 0892 Scan finished
16:41:45.0171 0892 ============================================================
16:41:45.0203 1944 Detected object count: 0
16:41:45.0203 1944 Actual detected object count: 0
16:41:50.0203 1064 Deinitialize success

#6 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 05:42 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.26.13

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
WITHHELD :: WITHHELD [administrator]

12/26/2012 4:43:25 PM
mbam-log-2012-12-26 (16-43-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238401
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:57 AM

Posted 26 December 2012 - 07:09 PM

And the Minitoolbox log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 07:26 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by WITHHELD (administrator) on 26-12-2012 at 19:18:30
Running from "C:\Documents and Settings\WITHHELD\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost,127.0.0.1"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : WITHHELD

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-D1-8D-8F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Wednesday, December 26, 2012 4:52:13 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 173.194.43.0, 173.194.43.14, 173.194.43.4, 173.194.43.1
173.194.43.3, 173.194.43.7, 173.194.43.9, 173.194.43.2, 173.194.43.5
173.194.43.6, 173.194.43.8



Pinging google.com [173.194.43.4] with 32 bytes of data:



Reply from 173.194.43.4: bytes=32 time=19ms TTL=58

Reply from 173.194.43.4: bytes=32 time=18ms TTL=58



Ping statistics for 173.194.43.4:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 19ms, Average = 18ms

Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=80ms TTL=52

Reply from 98.139.183.24: bytes=32 time=63ms TTL=52



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 80ms, Average = 71ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 d1 8d 8f ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2012 06:59:01 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/22/2012 03:20:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/15/2012 08:30:35 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 23.0.1271.97, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2012 03:11:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/14/2012 08:53:02 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8348.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 03:06:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/04/2012 02:39:42 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 23.0.1271.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/26/2012 04:53:07 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.2.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Error: (12/26/2012 04:51:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/26/2012 04:50:00 PM) (Source: DCOM) (User: SHERI)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/26/2012 04:49:51 PM) (Source: DCOM) (User: SHERI)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/26/2012 04:48:32 PM) (Source: DCOM) (User: SHERI)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (12/26/2012 04:37:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (12/26/2012 04:36:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/26/2012 04:36:21 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.2.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Error: (12/26/2012 04:36:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service ALG with arguments ""
in order to run the server:
{D6015EC3-FA16-4813-9CA1-DA204574F5DA}

Error: (12/26/2012 04:36:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office Sessions:
=========================
Error: (12/26/2012 06:59:01 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe17.0.1.4715hungapp0.0.0.000000000

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe17.0.1.4715hungapp0.0.0.000000000

Error: (12/23/2012 07:12:56 AM) (Source: Application Hang)(User: )
Description: firefox.exe17.0.1.4715hungapp0.0.0.000000000

Error: (12/22/2012 03:20:50 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/15/2012 08:30:35 PM) (Source: Application Hang)(User: )
Description: chrome.exe23.0.1271.97hungapp0.0.0.000000000

Error: (12/15/2012 03:11:55 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/14/2012 08:53:02 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8348.0hungapp0.0.0.000000000

Error: (12/08/2012 03:06:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/04/2012 02:39:42 PM) (Source: Application Hang)(User: )
Description: chrome.exe23.0.1271.95hungapp0.0.0.000000000


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AOL Messaging Toolbar
Belkin USB Wireless Adaptor (Version: 1.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel PaintShop Pro X5 (Version: 15.0.0.183)
Corel Photo Album 6 (Version: 6.00)
Coupon Printer for Windows (Version: 5.0.0.1)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Digital Content Portal (Version: 1.00.0000)
Download Updater (AOL LLC)
Driver Detective (Version: 7.0.0)
Epson Event Manager (Version: 2.40.0000)
EPSON NX125 NX127 Series Printer Uninstall
EPSON Scan
Form Fill (Windows Live Toolbar) (Version: 03.01.0130)
Google AFE
Google Chrome (Version: 23.0.1271.97)
Google Desktop (Version: -)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
ICA (Version: 15.0.0.183)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
IPM_PSP_COM (Version: 15.0.0.183)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
KhalSetup (Version: 3.30.165)
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor (Version: 3.0.8122.29)
Live Search Maps Add-In for Microsoft Office Outlook (Version: 3.0.1526.1)
Logitech SetPoint (Version: 3.3)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Map Button (Windows Live Toolbar) (Version: 03.01.0130)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Streets & Trips 2008 (Version: 15.0.17.1600)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 10.10.0097)
NetZeroInstallers (Version: 1.0.0)
Norton Security Scan (Version: 3.1.2.9)
OneCare Advisor (Windows Live Toolbar) (Version: 03.01.0159.04)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0130)
PowerDVD 5.5
PSPPContent (Version: 15.0.0.183)
PSPPHelp (Version: 15.0.0.183)
Pure Networks Platform (Version: 10.1.8116.1)
Qualxserve Service Agreement (Version: 1.11.0000)
QuickBooks (Version: 19.0.4012.705)
QuickBooks Premier: Contractor Edition 2009 (Version: 19.0.4012.705)
QuickBooks Simple Start Special Edition (Version: )
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
SAPI Wrapper (Version: 1.0.0.0)
Setup (Version: 15.0.0.183)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0130)
Sonic DLA (Version: 4.95)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
SupportSoft Assisted Service (Version: 15)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0130)
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility (Version: 1.00.0000)
TTS Wrapper (Version: 1.0.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
WebCyberCoach 3.2 Dell
WebEx
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0130)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0130)
Windows Live Toolbar (Version: 03.01.0130)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0130)
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0130)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 502.07 MB
Available physical RAM: 111.36 MB
Total Pagefile: 1226.62 MB
Available Pagefile: 629.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.14 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:71.3 GB) (Free:48.32 GB) NTFS

========================= Users: ========================================

User accounts for \\WITHHELD

Administrator Guest HelpAssistant
WITHHELD SUPPORT_388945a0


**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:57 AM

Posted 26 December 2012 - 08:20 PM

Hello, were the items quarantined by MBAM?
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply.


It is possible that this >>Popup Blocker Windows Live<< is stopping the EAET scan. Can you turn it off sndtry again.


I did not see an Antivirus,is that correct?

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe (or jre-7u10-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 08:54 PM

I can't download the Java update for some reason, it gets about 3/4 of the way and then says it's a corrupted file. I'm weary of Java updates in Chrome because it always seems to interfere with something. I can't find the pop up blocker, this was my husbands secretary's computer at work, and when she got a new one I took this one. She has all sorts of things on this one, but I did disable the pop up blocker that was active in Chrome. I tried again, no dice, it said the same thing...404. This was the only MBAM log that I could find with the quarantined items.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.26.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
WITHHELD :: WITHHELD [administrator]

12/25/2012 10:18:27 PM
mbam-log-2012-12-25 (22-18-27).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324199
Time elapsed: 1 hour(s), 18 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiMalwarePro_is1 (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware Pro (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\definitions (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.

Files Detected: 15
C:\Program Files\Internet Explorer\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1688\A0172839.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1689\A0172880.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1690\A0172917.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1692\A0173088.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\EngineAP.dll (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\WITHHELD\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwarePro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware Pro\Uninstall AntiMalwarePro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware Pro\AntiMalwarePro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\ScheduleAP.txt (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\FolderPaths.txt (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\Task.dat (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\unins000.dat (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\unins000.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware Pro\definitions\200812.cab (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.

(end)

#11 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 09:36 PM

FINALLY was able to download Java and removed previous versions. After restarting, I was able to access microsoft dot com AND the ESET online scanner...scanning now...

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:57 AM

Posted 26 December 2012 - 10:05 PM

Excellent!! You did really good there. We will still have a couple things to do after ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 26 December 2012 - 11:02 PM

This is the ESET log...I am currently in the middle of a snow storm, so I may lose power. If I do it's not usually not for long.

C:\Documents and Settings\WITHHELD\Application Data\Mozilla\Firefox\Profiles\xgd29v5b.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\WITHHELD\My Documents\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
Operating memory a variant of Win32/Spy.Zbot.ZR trojan

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:57 AM

Posted 27 December 2012 - 12:14 AM

H

The Zbot-trojan starts its main information-stealing function by opening a connection to a remote server and downloading an encrypted configuration file. This file contains the address where the trojan will later upload the information it has stolen; an address where it can download a new version of itself; and the address of another configuration file. This file also defines what websites the trojan will target for information theft.

Once the configuration file is downloaded, any confidential banking data the victim types in is compromised. If the victim enters account information on an online banking site, the trojan intercepts the data in the webform and uploads it to the server defined in the trojan's configuration file. To gather more information, the malware author can even create additional fields, which are then injected into a targeted webpage for the unsuspecting victim to fill in.

Zbot-trojans are also capable of presenting the victim with a fake version of a webpage. Victims trying to browse specific webpages will be presented with a modified copy of the website from a server controlled by the attacker, rather than the correct webpage from the legitimate server. Again, any information entered is captured by the attacker.

Keylogging, stealing data from the clipboard and taking screenshots of the desktop are also in Zbot arsenal. Zbot trojans steal the content of the Windows Protected Storage, as well as certificates stored on the infected system. Username and password information for POP3 and FTP protocols are also stolen.

F-Secure



This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 take_flight

take_flight
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 27 December 2012 - 07:46 AM

I want to clean the computer. I have access to 2 laptops. I don't need this computer for shopping, but I do need it for other things. One of the first things I noticed was that the certificates weren't right, I haven't used any sensitive information on this computer ever since then.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users