Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacker


  • Please log in to reply
14 replies to this topic

#1 MysticalFire

MysticalFire

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 16 January 2013 - 04:10 PM

I have a browser hijacker that I can't seem to get rid of. I have run MBAM, MSE, SAS and I cleaned out everything that was found yet it still redirects. Any suggestions?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 16 January 2013 - 04:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 16 January 2013 - 07:14 PM

The TDSSkiller and aswMBR would NOT run on my machine for some reason. I even tried in safe mode. The ESET scanner picked up only one object: Operating memory a variant of Win32/Olmasco.AD trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 16 January 2013 - 07:32 PM

System will restart.Launch TDSSfix again.click on SCAN,it should find rootkit>>select CURE

Restart the PC and run the tools mentioned in initial post.

Edited by narenxp, 16 January 2013 - 08:57 PM.


#5 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 16 January 2013 - 08:54 PM

TDSSkiller log:

20:18:35.0125 3744 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
20:18:49.0328 3744 ============================================================
20:18:49.0328 3744 Current date / time: 2013/01/16 20:18:49.0328
20:18:49.0328 3744 SystemInfo:
20:18:49.0328 3744
20:18:49.0328 3744 OS Version: 5.1.2600 ServicePack: 3.0
20:18:49.0328 3744 Product type: Workstation
20:18:49.0328 3744 ComputerName: BELIEVE
20:18:49.0328 3744 UserName: Liz
20:18:49.0328 3744 Windows directory: C:\WINDOWS
20:18:49.0328 3744 System windows directory: C:\WINDOWS
20:18:49.0328 3744 Processor architecture: Intel x86
20:18:49.0390 3744 Number of processors: 1
20:18:49.0390 3744 Page size: 0x1000
20:18:49.0390 3744 Boot type: Normal boot
20:18:49.0390 3744 ============================================================
20:19:05.0593 3744 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:19:05.0687 3744 ============================================================
20:19:05.0687 3744 \Device\Harddisk0\DR0:
20:19:05.0687 3744 MBR partitions:
20:19:05.0687 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
20:19:05.0687 3744 ============================================================
20:19:05.0734 3744 C: <-> \Device\Harddisk0\DR0\Partition1
20:19:05.0734 3744 ============================================================
20:19:05.0734 3744 Initialize success
20:19:05.0734 3744 ============================================================
20:19:46.0859 1156 ============================================================
20:19:46.0859 1156 Scan started
20:19:46.0859 1156 Mode: Manual;
20:19:46.0859 1156 ============================================================
20:19:47.0343 1156 ================ Scan system memory ========================
20:19:50.0640 1156 System memory - ok
20:19:50.0656 1156 ================ Scan services =============================
20:19:50.0765 1156 5762 - ok
20:19:50.0843 1156 Abiosdsk - ok
20:19:50.0859 1156 abp480n5 - ok
20:19:50.0906 1156 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:19:50.0921 1156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
20:19:50.0921 1156 ACPI ( Virus.Win32.Rloader.a ) - infected
20:19:50.0921 1156 ACPI - detected Virus.Win32.Rloader.a (0)
20:19:50.0968 1156 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:19:51.0000 1156 ACPIEC - ok
20:19:51.0109 1156 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:19:51.0125 1156 AdobeFlashPlayerUpdateSvc - ok
20:19:51.0125 1156 adpu160m - ok
20:19:51.0156 1156 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:19:51.0265 1156 aec - ok
20:19:51.0312 1156 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:19:51.0406 1156 AFD - ok
20:19:51.0421 1156 Aha154x - ok
20:19:51.0453 1156 aic78u2 - ok
20:19:51.0453 1156 aic78xx - ok
20:19:51.0500 1156 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:19:51.0546 1156 Alerter - ok
20:19:51.0562 1156 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:19:51.0625 1156 ALG - ok
20:19:51.0640 1156 AliIde - ok
20:19:51.0656 1156 amsint - ok
20:19:51.0687 1156 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:19:51.0781 1156 AppMgmt - ok
20:19:51.0796 1156 asc - ok
20:19:51.0812 1156 asc3350p - ok
20:19:51.0828 1156 asc3550 - ok
20:19:51.0968 1156 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:19:52.0046 1156 aspnet_state - ok
20:19:52.0109 1156 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:19:52.0171 1156 AsyncMac - ok
20:19:52.0203 1156 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:19:52.0203 1156 atapi - ok
20:19:52.0234 1156 Atdisk - ok
20:19:52.0281 1156 [ 17EA1C7671DDE20E32E7C9FFE842F46E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:19:52.0890 1156 Ati HotKey Poller - ok
20:19:52.0953 1156 [ 8EB17CF829DF300CC885651CFEAF931C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:19:53.0093 1156 ati2mtag - ok
20:19:53.0140 1156 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:19:53.0234 1156 Atmarpc - ok
20:19:53.0281 1156 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:19:53.0328 1156 AudioSrv - ok
20:19:53.0359 1156 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:19:53.0421 1156 audstub - ok
20:19:53.0453 1156 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:19:53.0562 1156 b57w2k - ok
20:19:53.0625 1156 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:19:53.0687 1156 Beep - ok
20:19:53.0750 1156 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
20:19:53.0781 1156 BITS - ok
20:19:53.0828 1156 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:19:53.0875 1156 Browser - ok
20:19:53.0921 1156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:19:53.0953 1156 cbidf2k - ok
20:19:53.0968 1156 cd20xrnt - ok
20:19:53.0984 1156 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:19:54.0046 1156 Cdaudio - ok
20:19:54.0125 1156 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:19:54.0203 1156 Cdfs - ok
20:19:54.0234 1156 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:19:54.0359 1156 Cdrom - ok
20:19:54.0359 1156 Changer - ok
20:19:54.0406 1156 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:19:54.0640 1156 CiSvc - ok
20:19:54.0671 1156 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:19:54.0968 1156 ClipSrv - ok
20:19:55.0046 1156 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:19:55.0468 1156 clr_optimization_v2.0.50727_32 - ok
20:19:55.0500 1156 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:19:55.0609 1156 CmBatt - ok
20:19:55.0656 1156 CmdIde - ok
20:19:55.0671 1156 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:19:55.0812 1156 Compbatt - ok
20:19:55.0812 1156 COMSysApp - ok
20:19:55.0875 1156 Cpqarray - ok
20:19:55.0921 1156 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:19:56.0171 1156 CryptSvc - ok
20:19:56.0187 1156 dac2w2k - ok
20:19:56.0203 1156 dac960nt - ok
20:19:56.0281 1156 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:19:56.0328 1156 DcomLaunch - ok
20:19:56.0390 1156 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:19:56.0390 1156 Dhcp - ok
20:19:56.0406 1156 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:19:56.0625 1156 Disk - ok
20:19:56.0640 1156 dmadmin - ok
20:19:56.0734 1156 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:19:57.0218 1156 dmboot - ok
20:19:57.0234 1156 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:19:57.0437 1156 dmio - ok
20:19:57.0484 1156 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:19:57.0625 1156 dmload - ok
20:19:57.0656 1156 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:19:57.0812 1156 dmserver - ok
20:19:57.0843 1156 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:19:58.0093 1156 DMusic - ok
20:19:58.0125 1156 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:19:58.0218 1156 Dnscache - ok
20:19:58.0484 1156 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:19:58.0796 1156 Dot3svc - ok
20:19:58.0812 1156 dpti2o - ok
20:19:58.0843 1156 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:19:58.0968 1156 drmkaud - ok
20:19:59.0015 1156 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:19:59.0296 1156 EapHost - ok
20:19:59.0328 1156 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:19:59.0468 1156 ERSvc - ok
20:19:59.0562 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:19:59.0921 1156 Eventlog - ok
20:19:59.0968 1156 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:20:00.0437 1156 EventSystem - ok
20:20:00.0578 1156 [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:20:01.0093 1156 EvtEng - ok
20:20:01.0125 1156 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:20:01.0343 1156 Fastfat - ok
20:20:01.0390 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:20:01.0687 1156 FastUserSwitchingCompatibility - ok
20:20:01.0718 1156 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:20:01.0859 1156 Fdc - ok
20:20:01.0890 1156 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:20:02.0093 1156 Fips - ok
20:20:02.0140 1156 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:20:02.0312 1156 Flpydisk - ok
20:20:02.0359 1156 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:20:02.0609 1156 FltMgr - ok
20:20:02.0718 1156 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:20:03.0000 1156 FontCache3.0.0.0 - ok
20:20:03.0000 1156 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:20:03.0125 1156 Fs_Rec - ok
20:20:03.0140 1156 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:20:03.0312 1156 Ftdisk - ok
20:20:03.0328 1156 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:20:03.0531 1156 Gpc - ok
20:20:03.0609 1156 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
20:20:03.0796 1156 GTIPCI21 - ok
20:20:03.0906 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:20:03.0906 1156 gupdate - ok
20:20:03.0921 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:20:03.0921 1156 gupdatem - ok
20:20:04.0000 1156 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:20:04.0609 1156 gusvc - ok
20:20:04.0703 1156 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:20:04.0921 1156 helpsvc - ok
20:20:04.0921 1156 HidServ - ok
20:20:04.0968 1156 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:20:05.0093 1156 HidUsb - ok
20:20:05.0140 1156 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:20:05.0484 1156 hkmsvc - ok
20:20:05.0500 1156 hpn - ok
20:20:05.0578 1156 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:20:05.0859 1156 HSFHWICH - ok
20:20:05.0937 1156 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
20:20:06.0343 1156 HSF_DPV - ok
20:20:06.0406 1156 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:20:06.0421 1156 HTTP - ok
20:20:06.0437 1156 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:20:06.0546 1156 HTTPFilter - ok
20:20:06.0562 1156 i2omgmt - ok
20:20:06.0578 1156 i2omp - ok
20:20:06.0656 1156 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:20:06.0921 1156 i8042prt - ok
20:20:07.0015 1156 [ 643162FBC619E35D3F1A90A095A5BB42 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:20:07.0453 1156 ialm - ok
20:20:07.0656 1156 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:20:08.0750 1156 idsvc - ok
20:20:08.0796 1156 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:20:09.0015 1156 Imapi - ok
20:20:09.0062 1156 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:20:09.0562 1156 ImapiService - ok
20:20:09.0578 1156 ini910u - ok
20:20:09.0656 1156 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:20:09.0750 1156 IntelIde - ok
20:20:09.0796 1156 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:20:09.0843 1156 intelppm - ok
20:20:09.0859 1156 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:20:10.0171 1156 Ip6Fw - ok
20:20:10.0218 1156 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:20:10.0484 1156 IpFilterDriver - ok
20:20:10.0500 1156 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:20:10.0671 1156 IpInIp - ok
20:20:10.0734 1156 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:20:10.0734 1156 IpNat - ok
20:20:10.0765 1156 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:20:11.0078 1156 IPSec - ok
20:20:11.0109 1156 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:20:11.0250 1156 IRENUM - ok
20:20:11.0265 1156 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:20:11.0484 1156 isapnp - ok
20:20:11.0578 1156 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:20:12.0015 1156 JavaQuickStarterService - ok
20:20:12.0062 1156 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:20:12.0250 1156 Kbdclass - ok
20:20:12.0296 1156 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:20:12.0312 1156 kmixer - ok
20:20:12.0375 1156 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:20:12.0703 1156 KSecDD - ok
20:20:12.0750 1156 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:20:13.0015 1156 lanmanserver - ok
20:20:13.0062 1156 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:20:13.0328 1156 lanmanworkstation - ok
20:20:13.0343 1156 lbrtfdc - ok
20:20:13.0421 1156 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:20:13.0546 1156 LmHosts - ok
20:20:13.0671 1156 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:20:14.0296 1156 McComponentHostService - ok
20:20:14.0312 1156 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:20:14.0437 1156 mdmxsdk - ok
20:20:14.0468 1156 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:20:14.0703 1156 Messenger - ok
20:20:14.0796 1156 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:20:15.0062 1156 Microsoft Office Groove Audit Service - ok
20:20:15.0093 1156 mlaopttm - ok
20:20:15.0140 1156 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:20:15.0281 1156 mnmdd - ok
20:20:15.0328 1156 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:20:15.0515 1156 mnmsrvc - ok
20:20:15.0609 1156 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:20:15.0609 1156 Modem - ok
20:20:15.0656 1156 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:20:15.0828 1156 Mouclass - ok
20:20:15.0890 1156 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:20:16.0078 1156 mouhid - ok
20:20:16.0109 1156 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:20:16.0343 1156 MountMgr - ok
20:20:16.0421 1156 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:20:16.0906 1156 MozillaMaintenance - ok
20:20:16.0968 1156 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:20:17.0453 1156 MpFilter - ok
20:20:17.0468 1156 mraid35x - ok
20:20:17.0562 1156 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:20:17.0812 1156 MRxDAV - ok
20:20:17.0937 1156 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:20:18.0718 1156 MRxSmb - ok
20:20:18.0812 1156 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:20:19.0000 1156 MSDTC - ok
20:20:19.0015 1156 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:20:19.0453 1156 Msfs - ok
20:20:19.0453 1156 MSIServer - ok
20:20:19.0562 1156 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:20:19.0750 1156 MSKSSRV - ok
20:20:19.0828 1156 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:20:19.0984 1156 MsMpSvc - ok
20:20:20.0000 1156 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:20:20.0109 1156 MSPCLOCK - ok
20:20:20.0125 1156 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:20:20.0218 1156 MSPQM - ok
20:20:20.0234 1156 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:20:20.0250 1156 mssmbios - ok
20:20:20.0281 1156 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:20:20.0625 1156 Mup - ok
20:20:20.0703 1156 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:20:21.0250 1156 napagent - ok
20:20:21.0281 1156 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:20:21.0671 1156 NDIS - ok
20:20:21.0718 1156 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:20:21.0843 1156 NdisTapi - ok
20:20:21.0859 1156 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:20:22.0000 1156 Ndisuio - ok
20:20:22.0015 1156 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:20:22.0421 1156 NdisWan - ok
20:20:22.0453 1156 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:20:22.0671 1156 NDProxy - ok
20:20:22.0687 1156 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:20:22.0921 1156 NetBIOS - ok
20:20:22.0968 1156 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:20:23.0359 1156 NetBT - ok
20:20:23.0406 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:20:23.0953 1156 NetDDE - ok
20:20:23.0968 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:20:23.0984 1156 NetDDEdsdm - ok
20:20:24.0031 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:20:24.0187 1156 Netlogon - ok
20:20:24.0218 1156 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:20:24.0218 1156 Netman - ok
20:20:24.0312 1156 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:20:24.0750 1156 NetTcpPortSharing - ok
20:20:24.0828 1156 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:20:24.0843 1156 Nla - ok
20:20:24.0937 1156 NMIndexingService - ok
20:20:24.0968 1156 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:20:25.0156 1156 Npfs - ok
20:20:25.0203 1156 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:20:25.0671 1156 Ntfs - ok
20:20:25.0718 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:20:25.0718 1156 NtLmSsp - ok
20:20:25.0796 1156 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:20:26.0203 1156 NtmsSvc - ok
20:20:26.0265 1156 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:20:26.0421 1156 Null - ok
20:20:26.0500 1156 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:20:26.0625 1156 NwlnkFlt - ok
20:20:26.0640 1156 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:20:26.0859 1156 NwlnkFwd - ok
20:20:26.0937 1156 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:20:27.0875 1156 odserv - ok
20:20:27.0937 1156 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:20:28.0421 1156 ose - ok
20:20:28.0484 1156 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:20:28.0828 1156 Parport - ok
20:20:28.0843 1156 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:20:29.0015 1156 PartMgr - ok
20:20:29.0031 1156 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:20:29.0156 1156 ParVdm - ok
20:20:29.0171 1156 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:20:29.0562 1156 PCI - ok
20:20:29.0578 1156 PCIDump - ok
20:20:29.0625 1156 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
20:20:29.0750 1156 PCIIde - ok
20:20:29.0765 1156 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:20:30.0062 1156 Pcmcia - ok
20:20:30.0062 1156 PDCOMP - ok
20:20:30.0109 1156 PDFRAME - ok
20:20:30.0125 1156 PDRELI - ok
20:20:30.0140 1156 PDRFRAME - ok
20:20:30.0140 1156 perc2 - ok
20:20:30.0187 1156 perc2hib - ok
20:20:30.0250 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:20:30.0265 1156 PlugPlay - ok
20:20:30.0265 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:20:30.0281 1156 PolicyAgent - ok
20:20:30.0296 1156 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:20:30.0546 1156 PptpMiniport - ok
20:20:30.0578 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:20:30.0578 1156 ProtectedStorage - ok
20:20:30.0593 1156 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:20:30.0968 1156 PSched - ok
20:20:30.0968 1156 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:20:31.0156 1156 Ptilink - ok
20:20:31.0203 1156 ql1080 - ok
20:20:31.0203 1156 Ql10wnt - ok
20:20:31.0218 1156 ql12160 - ok
20:20:31.0265 1156 ql1240 - ok
20:20:31.0281 1156 ql1280 - ok
20:20:31.0312 1156 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:20:31.0453 1156 RasAcd - ok
20:20:31.0546 1156 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:20:31.0796 1156 RasAuto - ok
20:20:31.0812 1156 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:20:32.0062 1156 Rasl2tp - ok
20:20:32.0093 1156 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:20:32.0328 1156 RasMan - ok
20:20:32.0359 1156 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:20:32.0609 1156 RasPppoe - ok
20:20:32.0625 1156 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:20:32.0750 1156 Raspti - ok
20:20:32.0796 1156 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:20:33.0078 1156 Rdbss - ok
20:20:33.0093 1156 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:20:33.0250 1156 RDPCDD - ok
20:20:33.0328 1156 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:20:33.0593 1156 rdpdr - ok
20:20:33.0640 1156 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:20:34.0125 1156 RDPWD - ok
20:20:34.0203 1156 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:20:34.0765 1156 RDSessMgr - ok
20:20:34.0828 1156 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:20:35.0187 1156 redbook - ok
20:20:35.0296 1156 [ C96980CCCF84329824623B0B50383703 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:20:35.0906 1156 RegSrvc - ok
20:20:35.0953 1156 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:20:36.0390 1156 RemoteAccess - ok
20:20:36.0453 1156 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:20:36.0593 1156 RemoteRegistry - ok
20:20:36.0671 1156 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:20:36.0921 1156 RichVideo - ok
20:20:36.0968 1156 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:20:37.0359 1156 RpcLocator - ok
20:20:37.0468 1156 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:20:37.0484 1156 RpcSs - ok
20:20:37.0578 1156 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:20:38.0140 1156 RSVP - ok
20:20:38.0203 1156 [ 7FD98E91896CAD23169A84874F145250 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
20:20:38.0750 1156 RTL8192su - ok
20:20:38.0859 1156 [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
20:20:39.0921 1156 S24EventMonitor - ok
20:20:39.0953 1156 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:20:40.0156 1156 s24trans - ok
20:20:40.0203 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:20:40.0218 1156 SamSs - ok
20:20:40.0281 1156 SASDIFSV - ok
20:20:40.0296 1156 SASKUTIL - ok
20:20:40.0343 1156 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:20:40.0562 1156 SCardSvr - ok
20:20:40.0640 1156 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:20:41.0031 1156 Schedule - ok
20:20:41.0109 1156 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:20:41.0343 1156 Secdrv - ok
20:20:41.0375 1156 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:20:41.0468 1156 seclogon - ok
20:20:41.0484 1156 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:20:41.0484 1156 SENS - ok
20:20:41.0531 1156 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:20:41.0718 1156 serenum - ok
20:20:41.0750 1156 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:20:42.0187 1156 Serial - ok
20:20:42.0312 1156 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:20:42.0468 1156 Sfloppy - ok
20:20:42.0515 1156 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:20:43.0031 1156 SharedAccess - ok
20:20:43.0078 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:20:43.0078 1156 ShellHWDetection - ok
20:20:43.0109 1156 Simbad - ok
20:20:43.0125 1156 Sparrow - ok
20:20:43.0156 1156 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:20:43.0265 1156 splitter - ok
20:20:43.0328 1156 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:20:46.0156 1156 Spooler - ok
20:20:46.0234 1156 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:20:46.0593 1156 sr - ok
20:20:46.0640 1156 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:20:47.0093 1156 srservice - ok
20:20:47.0156 1156 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:20:47.0609 1156 Srv - ok
20:20:47.0640 1156 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:20:47.0875 1156 SSDPSRV - ok
20:20:47.0937 1156 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
20:20:48.0578 1156 STAC97 - ok
20:20:48.0609 1156 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:20:49.0218 1156 stisvc - ok
20:20:49.0281 1156 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:20:49.0390 1156 swenum - ok
20:20:49.0546 1156 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:20:49.0765 1156 swmidi - ok
20:20:49.0781 1156 SwPrv - ok
20:20:49.0843 1156 symc810 - ok
20:20:49.0906 1156 symc8xx - ok
20:20:49.0953 1156 sym_hi - ok
20:20:50.0062 1156 sym_u3 - ok
20:20:50.0140 1156 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:20:50.0421 1156 sysaudio - ok
20:20:50.0468 1156 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:20:50.0875 1156 SysmonLog - ok
20:20:50.0921 1156 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:20:51.0046 1156 TapiSrv - ok
20:20:51.0078 1156 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:20:51.0406 1156 Tcpip - ok
20:20:51.0484 1156 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:20:51.0609 1156 TDPIPE - ok
20:20:51.0609 1156 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:20:51.0750 1156 TDTCP - ok
20:20:51.0750 1156 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:20:51.0984 1156 TermDD - ok
20:20:52.0031 1156 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:20:52.0359 1156 TermService - ok
20:20:52.0390 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:20:52.0406 1156 Themes - ok
20:20:52.0437 1156 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:20:52.0781 1156 TlntSvr - ok
20:20:52.0796 1156 TosIde - ok
20:20:52.0843 1156 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:20:53.0078 1156 TrkWks - ok
20:20:53.0140 1156 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:20:53.0406 1156 Udfs - ok
20:20:53.0437 1156 UIUSys - ok
20:20:53.0453 1156 ultra - ok
20:20:53.0468 1156 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:20:53.0687 1156 UMWdf - ok
20:20:53.0734 1156 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:20:54.0000 1156 Update - ok
20:20:54.0046 1156 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:20:54.0265 1156 upnphost - ok
20:20:54.0296 1156 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:20:54.0546 1156 UPS - ok
20:20:54.0625 1156 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:20:54.0718 1156 usbccgp - ok
20:20:54.0750 1156 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:20:54.0812 1156 usbehci - ok
20:20:54.0828 1156 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:20:54.0906 1156 usbhub - ok
20:20:54.0953 1156 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:20:55.0015 1156 usbprint - ok
20:20:55.0046 1156 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:20:55.0109 1156 usbscan - ok
20:20:55.0140 1156 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:20:55.0187 1156 USBSTOR - ok
20:20:55.0250 1156 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:20:55.0328 1156 usbuhci - ok
20:20:55.0375 1156 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:20:55.0421 1156 VgaSave - ok
20:20:55.0437 1156 ViaIde - ok
20:20:55.0453 1156 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:20:55.0531 1156 VolSnap - ok
20:20:55.0593 1156 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:20:55.0781 1156 VSS - ok
20:20:56.0109 1156 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:20:57.0171 1156 w29n51 - ok
20:20:57.0812 1156 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:20:57.0843 1156 w29n51 - ok
20:20:57.0953 1156 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:20:58.0078 1156 W32Time - ok
20:20:58.0140 1156 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:20:58.0234 1156 Wanarp - ok
20:20:58.0250 1156 WDICA - ok
20:20:58.0265 1156 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:20:58.0375 1156 wdmaud - ok
20:20:58.0390 1156 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:20:58.0453 1156 WebClient - ok
20:20:58.0531 1156 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:20:58.0984 1156 winachsf - ok
20:20:59.0078 1156 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:20:59.0468 1156 winmgmt - ok
20:20:59.0578 1156 [ C9B9942EECA0B82E35D60627E365510A ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
20:21:00.0140 1156 WLANKEEPER - ok
20:21:00.0140 1156 wltrysvc - ok
20:21:00.0187 1156 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
20:21:00.0421 1156 WmdmPmSN - ok
20:21:00.0468 1156 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:21:00.0515 1156 Wmi - ok
20:21:00.0578 1156 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:21:01.0031 1156 WmiApSrv - ok
20:21:01.0140 1156 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:21:01.0140 1156 wuauserv - ok
20:21:01.0234 1156 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:21:01.0265 1156 WZCSVC - ok
20:21:01.0359 1156 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:21:01.0671 1156 xmlprov - ok
20:21:01.0765 1156 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:21:03.0250 1156 YahooAUService - ok
20:21:03.0312 1156 ================ Scan global ===============================
20:21:03.0343 1156 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:21:03.0656 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:21:04.0093 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:21:04.0140 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:21:04.0140 1156 [Global] - ok
20:21:04.0140 1156 ================ Scan MBR ==================================
20:21:04.0187 1156 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:21:04.0187 1156 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:21:04.0265 1156 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:21:04.0265 1156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:21:04.0265 1156 ================ Scan VBR ==================================
20:21:04.0281 1156 [ D99E23066078C49E62D965AFC8E09308 ] \Device\Harddisk0\DR0\Partition1
20:21:04.0328 1156 \Device\Harddisk0\DR0\Partition1 - ok
20:21:04.0328 1156 ============================================================
20:21:04.0328 1156 Scan finished
20:21:04.0328 1156 ============================================================
20:21:04.0375 3964 Detected object count: 2
20:21:04.0375 3964 Actual detected object count: 2
20:21:17.0343 3964 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:21:33.0906 3964 Backup copy found, using it..
20:21:34.0515 3964 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:21:34.0515 3964 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:21:37.0109 3964 \Device\Harddisk0\DR0\# - copied to quarantine
20:21:37.0234 3964 \Device\Harddisk0\DR0 - copied to quarantine
20:21:37.0968 3964 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:21:38.0093 3964 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:21:38.0359 3964 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:21:38.0515 3964 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:21:38.0609 3964 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:21:38.0781 3964 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:21:39.0156 3964 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:21:40.0500 3964 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:21:40.0734 3964 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:21:41.0218 3964 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:21:41.0718 3964 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:21:41.0906 3964 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:21:42.0171 3964 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:21:42.0640 3964 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:21:42.0843 3964 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
20:21:43.0171 3964 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
20:21:43.0312 3964 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
20:21:43.0500 3964 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:21:43.0656 3964 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:21:43.0859 3964 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
20:21:44.0187 3964 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
20:21:44.0578 3964 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
20:21:46.0343 3964 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
20:21:46.0625 3964 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
20:21:47.0453 3964 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
20:21:47.0703 3964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:21:47.0718 3964 \Device\Harddisk0\DR0 - ok
20:21:49.0359 3964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
20:22:09.0187 0792 Deinitialize success


aswMBR Log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-16 20:34:12
-----------------------------
20:34:12.078 OS Version: Windows 5.1.2600 Service Pack 3
20:34:12.078 Number of processors: 1 586 0xD08
20:34:12.078 ComputerName: BELIEVE UserName: Liz
20:34:12.859 Initialize success
20:37:39.031 AVAST engine defs: 13011601
20:37:57.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:37:57.531 Disk 0 Vendor: FUJITSU_MHV2060AS 00000096 Size: 57231MB BusType: 3
20:37:57.531 Disk 0 MBR read successfully
20:37:57.531 Disk 0 MBR scan
20:37:57.578 Disk 0 Windows XP default MBR code
20:37:57.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
20:37:57.625 Disk 0 scanning sectors +117194175
20:37:57.718 Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:31.875 Service scanning
20:38:46.687 Service MpKsl8bf19ff9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA512B09-EFD9-4636-833F-00F1DDB3E0DB}\MpKsl8bf19ff9.sys **LOCKED** 32
20:39:06.453 Modules scanning
20:39:11.687 Disk 0 trace - called modules:
20:39:11.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:39:12.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8679dab8]
20:39:12.218 3 CLASSPNP.SYS[f761bfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x867a0d98]
20:39:12.671 AVAST engine scan C:\WINDOWS
20:39:20.843 AVAST engine scan C:\WINDOWS\system32
20:46:41.781 AVAST engine scan C:\WINDOWS\system32\drivers
20:47:10.968 AVAST engine scan C:\Documents and Settings\Liz
20:49:41.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Liz\My Documents\MBR.dat"
20:49:41.375 The log file has been saved successfully to "C:\Documents and Settings\Liz\My Documents\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 17 January 2013 - 04:54 AM

ESET log?

Please run the new version of TDSSkiller and post the log

#7 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 08:13 AM

The only text on the ESET log was :

Operating memory a variant of Win32/Olmasco.AD trojan

I have to go to work. I will run the TDSSkiller again while I am gone and post it.

#8 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 03:06 PM

New log:

14:57:46.0718 2020 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:57:47.0718 2020 ============================================================
14:57:47.0718 2020 Current date / time: 2013/01/17 14:57:47.0718
14:57:47.0718 2020 SystemInfo:
14:57:47.0718 2020
14:57:47.0718 2020 OS Version: 5.1.2600 ServicePack: 3.0
14:57:47.0718 2020 Product type: Workstation
14:57:47.0718 2020 ComputerName: BELIEVE
14:57:47.0718 2020 UserName: Liz
14:57:47.0718 2020 Windows directory: C:\WINDOWS
14:57:47.0718 2020 System windows directory: C:\WINDOWS
14:57:47.0718 2020 Processor architecture: Intel x86
14:57:47.0750 2020 Number of processors: 1
14:57:47.0750 2020 Page size: 0x1000
14:57:47.0750 2020 Boot type: Normal boot
14:57:47.0750 2020 ============================================================
14:57:58.0031 2020 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:57:58.0156 2020 ============================================================
14:57:58.0156 2020 \Device\Harddisk0\DR0:
14:57:58.0156 2020 MBR partitions:
14:57:58.0156 2020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
14:57:58.0156 2020 ============================================================
14:57:58.0203 2020 C: <-> \Device\Harddisk0\DR0\Partition1
14:57:58.0203 2020 ============================================================
14:57:58.0203 2020 Initialize success
14:57:58.0203 2020 ============================================================
14:58:15.0375 0708 ============================================================
14:58:15.0375 0708 Scan started
14:58:15.0375 0708 Mode: Manual; TDLFS;
14:58:15.0375 0708 ============================================================
14:58:15.0671 0708 ================ Scan system memory ========================
14:58:20.0562 0708 System memory - ok
14:58:20.0562 0708 ================ Scan services =============================
14:58:20.0671 0708 5762 - ok
14:58:21.0015 0708 Abiosdsk - ok
14:58:21.0015 0708 abp480n5 - ok
14:58:21.0093 0708 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:58:21.0125 0708 ACPI - ok
14:58:21.0171 0708 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:58:21.0265 0708 ACPIEC - ok
14:58:21.0328 0708 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:58:21.0343 0708 AdobeFlashPlayerUpdateSvc - ok
14:58:21.0375 0708 adpu160m - ok
14:58:21.0390 0708 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:58:21.0578 0708 aec - ok
14:58:21.0625 0708 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:58:21.0625 0708 AFD - ok
14:58:21.0640 0708 Aha154x - ok
14:58:21.0656 0708 aic78u2 - ok
14:58:21.0656 0708 aic78xx - ok
14:58:21.0703 0708 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:58:21.0781 0708 Alerter - ok
14:58:21.0843 0708 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:58:22.0000 0708 ALG - ok
14:58:22.0000 0708 AliIde - ok
14:58:22.0015 0708 amsint - ok
14:58:22.0046 0708 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:58:22.0171 0708 AppMgmt - ok
14:58:22.0187 0708 asc - ok
14:58:22.0203 0708 asc3350p - ok
14:58:22.0218 0708 asc3550 - ok
14:58:22.0390 0708 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:58:22.0531 0708 aspnet_state - ok
14:58:22.0578 0708 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:58:22.0671 0708 AsyncMac - ok
14:58:22.0703 0708 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:58:22.0703 0708 atapi - ok
14:58:22.0718 0708 Atdisk - ok
14:58:22.0781 0708 [ 17EA1C7671DDE20E32E7C9FFE842F46E ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:58:23.0671 0708 Ati HotKey Poller - ok
14:58:23.0750 0708 [ 8EB17CF829DF300CC885651CFEAF931C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:58:24.0125 0708 ati2mtag - ok
14:58:24.0156 0708 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:58:24.0296 0708 Atmarpc - ok
14:58:24.0343 0708 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:58:24.0437 0708 AudioSrv - ok
14:58:24.0500 0708 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:58:24.0562 0708 audstub - ok
14:58:24.0593 0708 [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:58:24.0765 0708 b57w2k - ok
14:58:24.0921 0708 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:58:25.0000 0708 Beep - ok
14:58:25.0062 0708 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
14:58:25.0218 0708 BITS - ok
14:58:25.0265 0708 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:58:25.0265 0708 Browser - ok
14:58:25.0296 0708 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:58:25.0375 0708 cbidf2k - ok
14:58:25.0375 0708 cd20xrnt - ok
14:58:25.0437 0708 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:58:25.0515 0708 Cdaudio - ok
14:58:25.0546 0708 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:58:25.0687 0708 Cdfs - ok
14:58:25.0703 0708 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:58:25.0828 0708 Cdrom - ok
14:58:25.0843 0708 Changer - ok
14:58:25.0890 0708 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:58:26.0015 0708 CiSvc - ok
14:58:26.0046 0708 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:58:26.0187 0708 ClipSrv - ok
14:58:26.0250 0708 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:26.0500 0708 clr_optimization_v2.0.50727_32 - ok
14:58:26.0531 0708 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:58:26.0609 0708 CmBatt - ok
14:58:26.0625 0708 CmdIde - ok
14:58:26.0656 0708 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:58:26.0656 0708 Compbatt - ok
14:58:26.0671 0708 COMSysApp - ok
14:58:26.0687 0708 Cpqarray - ok
14:58:26.0734 0708 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:58:26.0812 0708 CryptSvc - ok
14:58:26.0859 0708 dac2w2k - ok
14:58:26.0875 0708 dac960nt - ok
14:58:26.0953 0708 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:58:26.0968 0708 DcomLaunch - ok
14:58:27.0000 0708 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:58:27.0109 0708 Dhcp - ok
14:58:27.0125 0708 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:58:27.0125 0708 Disk - ok
14:58:27.0171 0708 dmadmin - ok
14:58:27.0234 0708 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:58:27.0609 0708 dmboot - ok
14:58:27.0625 0708 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:58:27.0750 0708 dmio - ok
14:58:27.0781 0708 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:58:27.0859 0708 dmload - ok
14:58:27.0890 0708 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:58:27.0968 0708 dmserver - ok
14:58:28.0000 0708 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:58:28.0093 0708 DMusic - ok
14:58:28.0125 0708 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:58:28.0125 0708 Dnscache - ok
14:58:28.0171 0708 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:58:28.0312 0708 Dot3svc - ok
14:58:28.0328 0708 dpti2o - ok
14:58:28.0343 0708 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:58:28.0421 0708 drmkaud - ok
14:58:28.0453 0708 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:58:28.0593 0708 EapHost - ok
14:58:28.0593 0708 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:58:28.0703 0708 ERSvc - ok
14:58:28.0734 0708 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:58:28.0734 0708 Eventlog - ok
14:58:28.0781 0708 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:58:28.0796 0708 EventSystem - ok
14:58:28.0906 0708 [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:58:29.0312 0708 EvtEng - ok
14:58:29.0359 0708 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:58:29.0453 0708 Fastfat - ok
14:58:29.0500 0708 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:58:29.0515 0708 FastUserSwitchingCompatibility - ok
14:58:29.0531 0708 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:58:29.0703 0708 Fdc - ok
14:58:29.0734 0708 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:58:29.0906 0708 Fips - ok
14:58:29.0906 0708 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:58:30.0000 0708 Flpydisk - ok
14:58:30.0031 0708 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:58:30.0031 0708 FltMgr - ok
14:58:30.0140 0708 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:58:30.0234 0708 FontCache3.0.0.0 - ok
14:58:30.0265 0708 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:58:30.0375 0708 Fs_Rec - ok
14:58:30.0390 0708 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:58:30.0406 0708 Ftdisk - ok
14:58:30.0437 0708 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:58:30.0531 0708 Gpc - ok
14:58:30.0562 0708 [ B6B1F53F585B41091EB3586F8297A379 ] GTIPCI21 C:\WINDOWS\system32\DRIVERS\gtipci21.sys
14:58:30.0640 0708 GTIPCI21 - ok
14:58:30.0734 0708 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:30.0734 0708 gupdate - ok
14:58:30.0750 0708 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:30.0750 0708 gupdatem - ok
14:58:30.0812 0708 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:58:31.0093 0708 gusvc - ok
14:58:31.0156 0708 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:58:31.0234 0708 helpsvc - ok
14:58:31.0250 0708 HidServ - ok
14:58:31.0312 0708 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:58:31.0375 0708 HidUsb - ok
14:58:31.0421 0708 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:58:31.0578 0708 hkmsvc - ok
14:58:31.0593 0708 hpn - ok
14:58:31.0640 0708 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
14:58:31.0750 0708 HSFHWICH - ok
14:58:31.0828 0708 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
14:58:32.0218 0708 HSF_DPV - ok
14:58:32.0265 0708 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:58:32.0265 0708 HTTP - ok
14:58:32.0296 0708 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:58:32.0406 0708 HTTPFilter - ok
14:58:32.0421 0708 i2omgmt - ok
14:58:32.0437 0708 i2omp - ok
14:58:32.0500 0708 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:58:32.0625 0708 i8042prt - ok
14:58:32.0750 0708 [ 643162FBC619E35D3F1A90A095A5BB42 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:58:33.0218 0708 ialm - ok
14:58:33.0375 0708 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:58:34.0296 0708 idsvc - ok
14:58:34.0312 0708 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:58:34.0468 0708 Imapi - ok
14:58:34.0515 0708 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:58:34.0765 0708 ImapiService - ok
14:58:34.0781 0708 ini910u - ok
14:58:34.0812 0708 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:58:34.0812 0708 IntelIde - ok
14:58:34.0906 0708 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:58:35.0015 0708 intelppm - ok
14:58:35.0046 0708 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:58:35.0312 0708 Ip6Fw - ok
14:58:35.0359 0708 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:58:35.0453 0708 IpFilterDriver - ok
14:58:35.0468 0708 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:58:35.0546 0708 IpInIp - ok
14:58:35.0578 0708 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:58:35.0718 0708 IpNat - ok
14:58:35.0734 0708 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:58:35.0968 0708 IPSec - ok
14:58:35.0984 0708 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:58:36.0046 0708 IRENUM - ok
14:58:36.0062 0708 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:58:36.0062 0708 isapnp - ok
14:58:36.0156 0708 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:58:36.0609 0708 JavaQuickStarterService - ok
14:58:36.0640 0708 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:58:36.0750 0708 Kbdclass - ok
14:58:36.0765 0708 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:58:36.0781 0708 kmixer - ok
14:58:36.0812 0708 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:58:36.0812 0708 KSecDD - ok
14:58:36.0859 0708 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:58:36.0859 0708 lanmanserver - ok
14:58:36.0921 0708 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:58:36.0937 0708 lanmanworkstation - ok
14:58:36.0968 0708 lbrtfdc - ok
14:58:37.0031 0708 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:58:37.0109 0708 LmHosts - ok
14:58:37.0125 0708 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:58:37.0218 0708 mdmxsdk - ok
14:58:37.0250 0708 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:58:37.0328 0708 Messenger - ok
14:58:37.0421 0708 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:58:37.0531 0708 Microsoft Office Groove Audit Service - ok
14:58:37.0562 0708 mlaopttm - ok
14:58:37.0593 0708 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:58:37.0656 0708 mnmdd - ok
14:58:37.0718 0708 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:58:37.0875 0708 mnmsrvc - ok
14:58:37.0906 0708 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:58:38.0000 0708 Modem - ok
14:58:38.0000 0708 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:58:38.0109 0708 Mouclass - ok
14:58:38.0125 0708 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:58:38.0187 0708 mouhid - ok
14:58:38.0218 0708 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:58:38.0218 0708 MountMgr - ok
14:58:38.0281 0708 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:58:38.0546 0708 MozillaMaintenance - ok
14:58:38.0578 0708 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:58:38.0593 0708 MpFilter - ok
14:58:38.0609 0708 mraid35x - ok
14:58:38.0656 0708 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:58:38.0656 0708 MRxDAV - ok
14:58:38.0734 0708 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:58:38.0765 0708 MRxSmb - ok
14:58:38.0781 0708 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:58:38.0828 0708 MSDTC - ok
14:58:38.0843 0708 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:58:38.0843 0708 Msfs - ok
14:58:38.0859 0708 MSIServer - ok
14:58:38.0921 0708 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:58:38.0984 0708 MSKSSRV - ok
14:58:39.0046 0708 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:58:39.0140 0708 MsMpSvc - ok
14:58:39.0156 0708 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:58:39.0234 0708 MSPCLOCK - ok
14:58:39.0234 0708 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:58:39.0312 0708 MSPQM - ok
14:58:39.0343 0708 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:58:39.0421 0708 mssmbios - ok
14:58:39.0468 0708 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:58:39.0468 0708 Mup - ok
14:58:39.0515 0708 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:58:39.0734 0708 napagent - ok
14:58:39.0765 0708 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:58:39.0765 0708 NDIS - ok
14:58:39.0812 0708 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:58:39.0812 0708 NdisTapi - ok
14:58:39.0828 0708 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:58:39.0921 0708 Ndisuio - ok
14:58:39.0937 0708 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:58:40.0125 0708 NdisWan - ok
14:58:40.0187 0708 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:58:40.0187 0708 NDProxy - ok
14:58:40.0203 0708 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:58:40.0203 0708 NetBIOS - ok
14:58:40.0234 0708 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:58:40.0390 0708 NetBT - ok
14:58:40.0468 0708 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:58:40.0718 0708 NetDDE - ok
14:58:40.0734 0708 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:58:40.0750 0708 NetDDEdsdm - ok
14:58:40.0781 0708 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:58:40.0781 0708 Netlogon - ok
14:58:40.0828 0708 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:58:40.0984 0708 Netman - ok
14:58:41.0046 0708 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:58:41.0140 0708 NetTcpPortSharing - ok
14:58:41.0171 0708 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:58:41.0203 0708 Nla - ok
14:58:41.0265 0708 NMIndexingService - ok
14:58:41.0296 0708 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:58:41.0296 0708 Npfs - ok
14:58:41.0359 0708 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:58:41.0390 0708 Ntfs - ok
14:58:41.0406 0708 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:58:41.0406 0708 NtLmSsp - ok
14:58:41.0484 0708 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:58:41.0656 0708 NtmsSvc - ok
14:58:41.0687 0708 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:58:41.0765 0708 Null - ok
14:58:41.0812 0708 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:58:41.0859 0708 NwlnkFlt - ok
14:58:41.0875 0708 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:58:41.0984 0708 NwlnkFwd - ok
14:58:42.0109 0708 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:58:42.0484 0708 odserv - ok
14:58:42.0531 0708 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:58:42.0718 0708 ose - ok
14:58:42.0796 0708 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:58:43.0015 0708 Parport - ok
14:58:43.0031 0708 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:58:43.0031 0708 PartMgr - ok
14:58:43.0093 0708 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:58:43.0171 0708 ParVdm - ok
14:58:43.0187 0708 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:58:43.0203 0708 PCI - ok
14:58:43.0203 0708 PCIDump - ok
14:58:43.0250 0708 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
14:58:43.0250 0708 PCIIde - ok
14:58:43.0265 0708 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:58:43.0265 0708 Pcmcia - ok
14:58:43.0281 0708 PDCOMP - ok
14:58:43.0296 0708 PDFRAME - ok
14:58:43.0312 0708 PDRELI - ok
14:58:43.0312 0708 PDRFRAME - ok
14:58:43.0328 0708 perc2 - ok
14:58:43.0375 0708 perc2hib - ok
14:58:43.0437 0708 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:58:43.0437 0708 PlugPlay - ok
14:58:43.0453 0708 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:58:43.0453 0708 PolicyAgent - ok
14:58:43.0484 0708 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:58:43.0656 0708 PptpMiniport - ok
14:58:43.0656 0708 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:58:43.0671 0708 ProtectedStorage - ok
14:58:43.0687 0708 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:58:43.0890 0708 PSched - ok
14:58:43.0906 0708 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:58:44.0015 0708 Ptilink - ok
14:58:44.0015 0708 ql1080 - ok
14:58:44.0031 0708 Ql10wnt - ok
14:58:44.0078 0708 ql12160 - ok
14:58:44.0093 0708 ql1240 - ok
14:58:44.0093 0708 ql1280 - ok
14:58:44.0125 0708 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:58:44.0156 0708 RasAcd - ok
14:58:44.0187 0708 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:58:44.0296 0708 RasAuto - ok
14:58:44.0312 0708 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:58:44.0421 0708 Rasl2tp - ok
14:58:44.0468 0708 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:58:44.0609 0708 RasMan - ok
14:58:44.0609 0708 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:58:44.0703 0708 RasPppoe - ok
14:58:44.0718 0708 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:58:44.0812 0708 Raspti - ok
14:58:44.0875 0708 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:58:44.0875 0708 Rdbss - ok
14:58:44.0890 0708 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:58:44.0953 0708 RDPCDD - ok
14:58:44.0968 0708 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:58:45.0000 0708 rdpdr - ok
14:58:45.0062 0708 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:58:45.0062 0708 RDPWD - ok
14:58:45.0125 0708 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:58:45.0281 0708 RDSessMgr - ok
14:58:45.0296 0708 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:58:45.0437 0708 redbook - ok
14:58:45.0515 0708 [ C96980CCCF84329824623B0B50383703 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:58:46.0031 0708 RegSrvc - ok
14:58:46.0109 0708 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:58:46.0265 0708 RemoteAccess - ok
14:58:46.0281 0708 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:58:46.0375 0708 RemoteRegistry - ok
14:58:46.0437 0708 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:58:46.0546 0708 RichVideo - ok
14:58:46.0593 0708 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:58:46.0687 0708 RpcLocator - ok
14:58:46.0718 0708 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:58:46.0734 0708 RpcSs - ok
14:58:46.0796 0708 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:58:46.0906 0708 RSVP - ok
14:58:46.0984 0708 [ 7FD98E91896CAD23169A84874F145250 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
14:58:47.0062 0708 RTL8192su - ok
14:58:47.0140 0708 [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
14:58:47.0609 0708 S24EventMonitor - ok
14:58:47.0640 0708 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:58:47.0687 0708 s24trans - ok
14:58:47.0703 0708 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:58:47.0703 0708 SamSs - ok
14:58:47.0750 0708 SASDIFSV - ok
14:58:47.0765 0708 SASKUTIL - ok
14:58:47.0796 0708 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:58:47.0890 0708 SCardSvr - ok
14:58:47.0937 0708 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:58:47.0953 0708 Schedule - ok
14:58:47.0984 0708 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:58:48.0031 0708 Secdrv - ok
14:58:48.0062 0708 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:58:48.0109 0708 seclogon - ok
14:58:48.0125 0708 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:58:48.0125 0708 SENS - ok
14:58:48.0140 0708 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:58:48.0187 0708 serenum - ok
14:58:48.0187 0708 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:58:48.0359 0708 Serial - ok
14:58:48.0390 0708 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:58:48.0421 0708 Sfloppy - ok
14:58:48.0468 0708 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:58:48.0593 0708 SharedAccess - ok
14:58:48.0625 0708 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:58:48.0625 0708 ShellHWDetection - ok
14:58:48.0640 0708 Simbad - ok
14:58:48.0656 0708 Sparrow - ok
14:58:48.0687 0708 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:58:48.0703 0708 splitter - ok
14:58:48.0750 0708 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:58:48.0750 0708 Spooler - ok
14:58:48.0765 0708 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:58:48.0781 0708 sr - ok
14:58:48.0796 0708 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:58:48.0859 0708 srservice - ok
14:58:48.0906 0708 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:58:48.0921 0708 Srv - ok
14:58:48.0953 0708 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:58:49.0015 0708 SSDPSRV - ok
14:58:49.0062 0708 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
14:58:49.0140 0708 STAC97 - ok
14:58:49.0171 0708 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:58:49.0296 0708 stisvc - ok
14:58:49.0328 0708 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:58:49.0359 0708 swenum - ok
14:58:49.0375 0708 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:58:49.0421 0708 swmidi - ok
14:58:49.0437 0708 SwPrv - ok
14:58:49.0453 0708 symc810 - ok
14:58:49.0468 0708 symc8xx - ok
14:58:49.0484 0708 sym_hi - ok
14:58:49.0500 0708 sym_u3 - ok
14:58:49.0515 0708 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:58:49.0578 0708 sysaudio - ok
14:58:49.0609 0708 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:58:49.0718 0708 SysmonLog - ok
14:58:49.0765 0708 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:58:49.0828 0708 TapiSrv - ok
14:58:49.0859 0708 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:58:49.0875 0708 Tcpip - ok
14:58:49.0906 0708 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:58:49.0937 0708 TDPIPE - ok
14:58:49.0953 0708 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:58:50.0000 0708 TDTCP - ok
14:58:50.0015 0708 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:58:50.0078 0708 TermDD - ok
14:58:50.0125 0708 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:58:50.0218 0708 TermService - ok
14:58:50.0250 0708 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:58:50.0250 0708 Themes - ok
14:58:50.0281 0708 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:58:50.0359 0708 TlntSvr - ok
14:58:50.0375 0708 TosIde - ok
14:58:50.0406 0708 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:58:50.0468 0708 TrkWks - ok
14:58:50.0500 0708 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:58:50.0500 0708 Udfs - ok
14:58:50.0515 0708 UIUSys - ok
14:58:50.0531 0708 ultra - ok
14:58:50.0546 0708 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
14:58:50.0625 0708 UMWdf - ok
14:58:50.0671 0708 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:58:50.0734 0708 Update - ok
14:58:50.0765 0708 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:58:50.0843 0708 upnphost - ok
14:58:50.0859 0708 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:58:51.0000 0708 UPS - ok
14:58:51.0031 0708 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:58:51.0093 0708 usbccgp - ok
14:58:51.0125 0708 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:58:51.0171 0708 usbehci - ok
14:58:51.0203 0708 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:58:51.0296 0708 usbhub - ok
14:58:51.0312 0708 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:58:51.0359 0708 usbprint - ok
14:58:51.0406 0708 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:58:51.0437 0708 usbscan - ok
14:58:51.0468 0708 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:58:51.0515 0708 USBSTOR - ok
14:58:51.0546 0708 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:58:51.0593 0708 usbuhci - ok
14:58:51.0609 0708 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:58:51.0640 0708 VgaSave - ok
14:58:51.0656 0708 ViaIde - ok
14:58:51.0671 0708 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:58:51.0671 0708 VolSnap - ok
14:58:51.0718 0708 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:58:51.0843 0708 VSS - ok
14:58:51.0984 0708 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
14:58:52.0187 0708 w29n51 - ok
14:58:52.0203 0708 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:58:52.0265 0708 W32Time - ok
14:58:52.0296 0708 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:58:52.0375 0708 Wanarp - ok
14:58:52.0375 0708 WDICA - ok
14:58:52.0406 0708 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:58:52.0515 0708 wdmaud - ok
14:58:52.0546 0708 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:58:52.0593 0708 WebClient - ok
14:58:52.0656 0708 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:58:52.0750 0708 winachsf - ok
14:58:52.0828 0708 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:58:52.0906 0708 winmgmt - ok
14:58:52.0984 0708 [ C9B9942EECA0B82E35D60627E365510A ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
14:58:53.0218 0708 WLANKEEPER - ok
14:58:53.0218 0708 wltrysvc - ok
14:58:53.0265 0708 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:58:53.0312 0708 WmdmPmSN - ok
14:58:53.0359 0708 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:58:53.0375 0708 Wmi - ok
14:58:53.0406 0708 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:58:53.0500 0708 WmiApSrv - ok
14:58:53.0562 0708 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:58:53.0593 0708 wuauserv - ok
14:58:53.0656 0708 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:58:53.0765 0708 WZCSVC - ok
14:58:53.0796 0708 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:58:53.0859 0708 xmlprov - ok
14:58:53.0953 0708 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:58:54.0546 0708 YahooAUService - ok
14:58:54.0578 0708 ================ Scan global ===============================
14:58:54.0625 0708 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:58:54.0687 0708 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:58:54.0718 0708 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:58:54.0750 0708 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:58:54.0765 0708 [Global] - ok
14:58:54.0765 0708 ================ Scan MBR ==================================
14:58:54.0781 0708 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:58:55.0062 0708 \Device\Harddisk0\DR0 - ok
14:58:55.0062 0708 ================ Scan VBR ==================================
14:58:55.0062 0708 [ D99E23066078C49E62D965AFC8E09308 ] \Device\Harddisk0\DR0\Partition1
14:58:55.0062 0708 \Device\Harddisk0\DR0\Partition1 - ok
14:58:55.0062 0708 ============================================================
14:58:55.0062 0708 Scan finished
14:58:55.0062 0708 ============================================================
14:58:55.0093 3536 Detected object count: 0
14:58:55.0093 3536 Actual detected object count: 0
15:03:14.0171 3092 Deinitialize success

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 17 January 2013 - 03:23 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 07:15 PM

Malwarebytes:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.14.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Liz :: BELIEVE [administrator]

1/17/2013 4:53:17 PM
MBAM-log-2013-01-17 (18-04-34).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294048
Time elapsed: 1 hour(s), 11 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Liz\Local Settings\Temp\0A151C47-8FB0-418F-8C44-B18DDD0B04FD.exe (Heuristics.Shuriken) -> No action taken.
C:\Documents and Settings\Liz\My Documents\Downloads\tdssfix.exe (Heuristics.Shuriken) -> No action taken.

(end)


Minitoolbox:

MiniToolBox by Farbar Version:10-01-2013
Ran by Liz (administrator) on 17-01-2013 at 18:19:00
Running from "C:\Documents and Settings\Liz\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 0.0.0.0:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : BELIEVE Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : zoominternet.netEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-12-3F-14-CE-03Ethernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : zoominternet.net Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection Physical Address. . . . . . . . . : 00-12-F0-44-4C-BC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.116 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 24.154.1.67 Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 6:15:05 PM Lease Expires . . . . . . . . . . : Friday, January 18, 2013 6:15:05 PMServer: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com.zoominternet.net
Address: 67.215.65.132

Pinging google.com [74.125.228.78] with 32 bytes of data:Reply from 74.125.228.78: bytes=32 time=19ms TTL=52Reply from 74.125.228.78: bytes=32 time=36ms TTL=52Ping statistics for 74.125.228.78: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 19ms, Maximum = 36ms, Average = 27msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com.zoominternet.net
Address: 67.215.65.132

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=101ms TTL=47Reply from 206.190.36.45: bytes=32 time=199ms TTL=47Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 101ms, Maximum = 199ms, Average = 150msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 14 ce 03 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 12 f0 44 4c bc ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.116 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.116 192.168.1.116 25
192.168.1.116 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.116 192.168.1.116 25
224.0.0.0 240.0.0.0 192.168.1.116 192.168.1.116 25
255.255.255.255 255.255.255.255 192.168.1.116 2 1
255.255.255.255 255.255.255.255 192.168.1.116 192.168.1.116 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2013 07:01:07 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (01/16/2013 06:18:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/15/2013 09:23:15 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/15/2013 07:18:09 AM) (Source: Application Error) (User: )
Description: Fault bucket -991973630.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (01/15/2013 05:40:30 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module urlmon.dll, version 8.0.6001.19389, fault address 0x0003e542.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/14/2013 06:52:56 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (01/14/2013 06:52:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/14/2013 06:35:42 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/14/2013 06:35:42 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/14/2013 06:35:41 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (01/17/2013 06:19:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2013 06:14:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2013 06:14:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2013 06:14:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2013 06:14:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde
SASDIFSV
SASKUTIL

Error: (01/17/2013 06:14:54 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (01/17/2013 06:14:54 PM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (01/17/2013 06:00:00 PM) (Source: Schedule) (User: )
Description: The At43.job command failed to start due to the following error:
%%2147942402

Error: (01/17/2013 05:00:01 PM) (Source: Schedule) (User: )
Description: The At42.job command failed to start due to the following error:
%%2147942402

Error: (01/17/2013 04:00:00 PM) (Source: Schedule) (User: )
Description: The At41.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Belkin USB Wireless Adaptor (Version: 1.0.0.10)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Broadcom Gigabit Integrated Controller (Version: 9.02.06)
CCleaner (Version: 3.25)
Conexant D110 MDC V.92 Modem
Dell Wireless WLAN Card (Version: 4.100.15.8)
ESET Online Scanner v3
Google Chrome (Version: 24.0.1312.52)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
HijackThis 1.99.1 (Version: 1.99.1)
House of 1000 Doors: The Palm of Zoroaster (Version: 32.0.0.0)
InstallIQ Updater (Version: 1.4.3.0)
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
InterActual Player
inTuneMP3 (Version: 1.5.0)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 18.0 (x86 en-US) (Version: 18.0)
Mozilla Maintenance Service (Version: 18.0)
Mystery Case Files &reg;: Dire Grove ™
NetAssistant (Version: 3.8.3)
Spotify (Version: 0.8.5.1333.g822e0de8)
TeamViewer 7 (Version: 7.0.15723)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.16.0000)
TIPCI (Version: 1.16.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 1023.36 MB
Available physical RAM: 572.95 MB
Total Pagefile: 1680.47 MB
Available Pagefile: 1344.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:37.92 GB) NTFS
2 Drive d: (ELMOS MAGIC NUMBERS) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\BELIEVE

Administrator Guest HelpAssistant
Liz SUPPORT_388945a0

========================= Restore Points ==================================

01-12-2012 15:01:42 Software Distribution Service 3.0
01-12-2012 16:37:30 Installed TIPCI
02-12-2012 02:25:37 Software Distribution Service 3.0
02-12-2012 12:17:10 Software Distribution Service 3.0
02-12-2012 13:55:09 Software Distribution Service 3.0
02-12-2012 15:40:50 Software Distribution Service 3.0
03-12-2012 16:25:03 System Checkpoint
04-12-2012 01:15:08 Software Distribution Service 3.0
05-12-2012 00:46:37 Software Distribution Service 3.0
06-12-2012 08:52:07 System Checkpoint
06-12-2012 18:23:10 Software Distribution Service 3.0
07-12-2012 20:29:32 System Checkpoint
08-12-2012 02:15:00 Software Distribution Service 3.0
09-12-2012 04:27:31 System Checkpoint
09-12-2012 07:07:26 Software Distribution Service 3.0
09-12-2012 22:43:34 Software Distribution Service 3.0
11-12-2012 04:23:32 System Checkpoint
11-12-2012 13:20:10 Software Distribution Service 3.0
12-12-2012 13:27:39 Software Distribution Service 3.0
13-12-2012 05:01:32 Software Distribution Service 3.0
14-12-2012 05:06:52 System Checkpoint
14-12-2012 06:49:06 Software Distribution Service 3.0
15-12-2012 06:50:00 Software Distribution Service 3.0
16-12-2012 06:50:25 Software Distribution Service 3.0
17-12-2012 07:35:26 System Checkpoint
18-12-2012 01:46:06 Software Distribution Service 3.0
19-12-2012 04:56:24 System Checkpoint
19-12-2012 23:23:15 Software Distribution Service 3.0
20-12-2012 23:21:14 Software Distribution Service 3.0
21-12-2012 23:24:21 Software Distribution Service 3.0
22-12-2012 08:00:27 Software Distribution Service 3.0
23-12-2012 07:25:12 Software Distribution Service 3.0
24-12-2012 12:53:28 Software Distribution Service 3.0
25-12-2012 13:37:14 Software Distribution Service 3.0
26-12-2012 18:31:46 System Checkpoint
27-12-2012 13:26:31 Software Distribution Service 3.0
28-12-2012 13:26:39 Software Distribution Service 3.0
29-12-2012 13:29:38 System Checkpoint
29-12-2012 16:56:07 Software Distribution Service 3.0
30-12-2012 06:59:40 Software Distribution Service 3.0
30-12-2012 16:54:48 Software Distribution Service 3.0
31-12-2012 15:18:13 Removed Zoosk Messenger
31-12-2012 18:29:04 Software Distribution Service 3.0
02-01-2013 01:57:27 System Checkpoint
02-01-2013 15:04:32 Software Distribution Service 3.0
03-01-2013 15:03:33 Software Distribution Service 3.0
04-01-2013 08:00:23 Software Distribution Service 3.0
04-01-2013 17:41:23 Software Distribution Service 3.0
05-01-2013 23:27:15 System Checkpoint
05-01-2013 23:27:45 Software Distribution Service 3.0
07-01-2013 05:59:40 System Checkpoint
07-01-2013 21:09:13 Software Distribution Service 3.0
08-01-2013 22:27:09 Software Distribution Service 3.0
09-01-2013 08:00:50 Software Distribution Service 3.0
09-01-2013 22:56:14 Software Distribution Service 3.0
11-01-2013 03:28:47 System Checkpoint
11-01-2013 16:42:27 Software Distribution Service 3.0
12-01-2013 16:42:38 Software Distribution Service 3.0
13-01-2013 18:39:20 System Checkpoint
13-01-2013 22:17:00 Software Distribution Service 3.0
14-01-2013 23:44:18 Installed Windows Internet Explorer 8.
14-01-2013 23:55:03 Installed Microsoft Fix it 50777
14-01-2013 23:58:15 Software Distribution Service 3.0
15-01-2013 08:13:01 Software Distribution Service 3.0
16-01-2013 12:30:28 Software Distribution Service 3.0
17-01-2013 13:33:56 Software Distribution Service 3.0

**** End of log ****


FSS:

Farbar Service Scanner Version: 16-01-2013
Ran by Liz (administrator) on 17-01-2013 at 18:22:47
Running from "C:\Documents and Settings\Liz\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

ADWCleaner:

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 18:39:07
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Liz - BELIEVE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Liz\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b720pkex.default\extensions\m3ffxtbr@mywebsearch.com
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2956045
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3030540
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{21EF3164-5FA8-4FF0-8BBE-25B23F313086}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DailyBibleGuideEI
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\21jitit6.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b720pkex.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Liz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9379 octets] - [17/01/2013 18:39:07]

########## EOF - C:\AdwCleaner[S1].txt - [9439 octets] ##########


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Microsoft Windows XP x86
Ran by Liz on Thu 01/17/2013 at 18:44:55.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\w3i"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml"
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Emptied folder: C:\Documents and Settings\Liz\Application Data\mozilla\firefox\profiles\21jitit6.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/17/2013 at 18:56:33.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RKill:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2013 06:59:29 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 1824) [WD-HEUR]
* C:\WINDOWS\System32\bcmwltry.exe (PID: 1840) [WD-HEUR]
* C:\WINDOWS\system32\WLTRAY.exe (PID: 2056) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* wscsvc [Missing Parameters Key]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 01/17/2013 07:00:50 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)

Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "IntelZeroConfig" "Intel® PROSet/Wireless Zero Config Service" "Intel® Corporation" "c:\program files\intel\wifi\bin\zcfgsvc.exe"
+ "LanguageShortcut" "Language Application" "" "c:\program files\cyberlink\powerdvd\language\language.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "NeroFilterCheck" "" "" "File not found: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
+ "RemoteControl" "PowerDVD RC Service" "Cyberlink Corp." "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\Liz\Start Menu\Programs\Startup" "" "" ""
+ "ZooskMessenger.lnk" "" "" "File not found: C:\Program Files\ZooskMessenger\ZooskMessenger.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\documents and settings\liz\application data\spotify\data\spotifywebhelper.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "YTNavAssistPlugin Class" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn0\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ARO 2011.job" "" "" "File not found: C:\Program Files\ARO 2011\ARO.exe -s"
+ "At25.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At26.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At27.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At28.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At29.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At30.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At31.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At32.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At33.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At34.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At35.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At36.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At37.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At38.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At39.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At40.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At41.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At42.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At43.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At44.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At45.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At46.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At47.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "At48.job" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\ftba35Rr.exe_"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "MpIdleTask.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "RichVideo" "RichVideo Module" "" "c:\program files\cyberlink\shared files\richvideo.exe"
+ "S24EventMonitor" "Wireless Management Service for Intel® PROSet/Wireless WiFi Software" "Intel® Corporation" "c:\program files\intel\wifi\bin\s24evmon.exe"
+ "WLANKEEPER" "Provides Single Sign On (SSO) functionality." "Intel® Corporation" "c:\program files\intel\wifi\bin\wlkeeper.exe"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5762" "" "" "File not found: C:\DOCUME~1\Liz\LOCALS~1\Temp\5762.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "GTIPCI21" "Texas Instruments PCI GemCore IFD Handler" "Texas Instruments" "c:\windows\system32\drivers\gtipci21.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwich.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "mlaopttm" "" "" "File not found: C:\WINDOWS\system32\drivers\mlaopttm.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RTL8192su" "Realtek RTL8192S USB NDIS Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192su.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "SASDIFSV" "" "" "File not found: C:\DOCUME~1\Liz\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS"
+ "SASKUTIL" "" "" "File not found: C:\DOCUME~1\Liz\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "UIUSys" "" "" "File not found: system32\drivers\UIUSys.sys"
+ "w29n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w29n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder (PDVD7 UPnP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\claud.ax"
+ "CyberLink Audio Decoder (PDVD7)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD7)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD7)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink AudioCD Filter (PDVD7)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD7 UPnP)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\cldemuxer.ax"
+ "CyberLink Demux (PDVD7)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax"
+ "CyberLink DVD Navigator (PDVD7)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD7)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax"
+ "CyberLink MPEG Splitter(Scramble)" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clsplter.ax"
+ "CyberLink MPEG-4 Splitter (PDVD7)" "CyberLink MPEG-4 Splitter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clm4splt.ax"
+ "CyberLink Push-Mode CLStream (PDVD7)" "CLStream" "CyberLink" "c:\program files\cyberlink\powerdvd\upnp\clstream(pushmode).ax"
+ "CyberLink SAC Video Decoder(PDVD7 HomeNetwork)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clvsd.ax"
+ "CyberLink Streamming Filter (PDVD7)" "Cyberlink Streaming Source Filter(Scramble)" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\upnp\clstream.ax"
+ "Cyberlink SubTitle Importor (PDVD7)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD7)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder (PDVD7)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\Setup\CmdLine" "" "" ""
+ "/update" "" "" "File not found: /update"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP280 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlmaa.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
+ "IntelNetProvCredMan" "IntelNetProvCredMan" "Intel® Corporation" "c:\windows\system32\netprovcredman.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 17 January 2013 - 07:20 PM

Press Windows+R key and type

tasks and click ok

Delete all these files

At25.job,At26.job,At27.job,At28.job..............till At48.job

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Let me know if you have any more issues

#12 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 07:25 PM

I don't know what to do with the Autoruns after the scan... Just close it or what?

#13 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 08:05 PM

Farbar Service Scanner Version: 16-01-2013
Ran by Liz (administrator) on 17-01-2013 at 20:01:57
Running from "C:\Documents and Settings\Liz\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#14 MysticalFire

MysticalFire
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:36 AM

Posted 17 January 2013 - 08:39 PM

Seems to be running smoothly. Thank you :)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 AM

Posted 18 January 2013 - 09:51 AM

Looks good.You can remove all the tools used by us.

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users