Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Redirect Problem


  • This topic is locked This topic is locked
25 replies to this topic

#1 Skyhound

Skyhound

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 06 June 2013 - 03:45 PM

Hi, I'm having a redirect problem when I try to use Google only when using Firefox.

When I click on a link on Google sometimes the correct page comes up and sometimes another site comes up, usually an ad site.

The redirect seems to be random sometimes I can go 10-15 minutes without a redirect, other times it takes 5 minutes to get to the right site.

 

 

Here is my DDS Log.

 

 

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 17:23:31 on 2013-06-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.304 [GMT -3:00]
.
AV: EastLink Internet Security Services 9.12 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EastLink Internet Security Services 9.12 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe
C:\Program Files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\eastlinkinternetsecurityservices\nrs\iescript\baselitmus.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\eastlinkinternetsecurityservices\nrs\iescript\baselitmus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [F-Secure Manager] "c:\program files\eastlinkinternetsecurityservices\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\eastlinkinternetsecurityservices\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imageb~1.lnk - c:\program files\canon\imagebrowser ex\MFManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\resche~1.lnk - c:\hp\bin\CLOAKER.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.13.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343487780656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343485843421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{A01669E9-C8AC-41BB-862D-A3BFC5D96F33} : DHCPNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{BBF1D3AA-E1CF-49C1-A866-7EA85A54E390} : NameServer = 24.222.0.94,24.222.0.95
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\vrirh0pz.default\
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-13 03:13; litmus-ff@f-secure.com; c:\program files\eastlinkinternetsecurityservices\nrs\litmus-ff@f-secure.com
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-3-10 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-3-10 81864]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\eastlinkinternetsecurityservices\hips\drivers\fshs.sys [2012-3-10 69928]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\eastlinkinternetsecurityservices\anti-virus\fsgk32st.exe [2012-3-10 221608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\eastlinkinternetsecurityservices\anti-virus\minifilter\fsgk.sys [2012-3-10 145464]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\eastlinkinternetsecurityservices\orsp client\fsorsp.exe [2012-3-10 60352]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1b3b.tmp --> c:\windows\system32\1B3B.tmp [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\eastlinkinternetsecurityservices\anti-virus\win2k\fsfilter.sys [2012-3-10 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\eastlinkinternetsecurityservices\anti-virus\win2k\fsrec.sys [2012-3-10 27048]
.
=============== Created Last 30 ================
.
2013-06-05 18:39:48    294912    --sha-r-    c:\windows\system32\syncuij.dll
2013-05-24 04:58:20    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-24 04:57:43    26520    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-05-11 10:37:28    209472    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-05-15 03:37:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:37:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17:14    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55    385024    ----a-w-    c:\windows\system32\html.iec
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 17:25:41.50 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 07 June 2013 - 12:24 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 


Scan with aswMBR


Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

 

 

 

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 June 2013 - 10:11 AM

aswMBR Log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-07 12:07:40
-----------------------------
12:07:40.687    OS Version: Windows 5.1.2600 Service Pack 3
12:07:40.687    Number of processors: 1 586 0x2F02
12:07:40.687    ComputerName: BAD-T  UserName:
12:07:41.484    Initialize success
12:07:44.906    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
12:07:44.906    Disk 0 Vendor: SAMSUNG_SP2004C VM100-38 Size: 190782MB BusType: 3
12:07:45.125    Disk 0 MBR read successfully
12:07:45.125    Disk 0 MBR scan
12:07:45.125    Disk 0 unknown MBR code
12:07:45.125    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       181766 MB offset 63
12:07:45.156    Disk 0 Partition 2 00     0C    FAT32 LBA RECOVERY     9005 MB offset 372274245
12:07:45.156    Disk 0 scanning sectors +390716865
12:07:45.203    Disk 0 scanning C:\WINDOWS\system32\drivers
12:07:54.687    Service scanning
12:08:07.609    Modules scanning
12:08:11.218    Disk 0 trace - called modules:
12:08:11.234    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:08:11.234    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860e6ab8]
12:08:11.562    3 CLASSPNP.SYS[f7610fd7] -> nt!IofCallDriver -> \Device\0000006f[0x860f3f18]
12:08:11.562    5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x860b3940]
12:08:11.562    Scan finished successfully
12:08:31.218    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
12:08:31.218    The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

 

TDSSKiller Log:

 

12:08:54.0968 2536  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:08:55.0546 2536  ============================================================
12:08:55.0546 2536  Current date / time: 2013/06/07 12:08:55.0546
12:08:55.0546 2536  SystemInfo:
12:08:55.0546 2536  
12:08:55.0546 2536  OS Version: 5.1.2600 ServicePack: 3.0
12:08:55.0546 2536  Product type: Workstation
12:08:55.0546 2536  ComputerName: BAD-T
12:08:55.0546 2536  UserName: HP_Administrator
12:08:55.0546 2536  Windows directory: C:\WINDOWS
12:08:55.0546 2536  System windows directory: C:\WINDOWS
12:08:55.0546 2536  Processor architecture: Intel x86
12:08:55.0546 2536  Number of processors: 1
12:08:55.0546 2536  Page size: 0x1000
12:08:55.0546 2536  Boot type: Normal boot
12:08:55.0546 2536  ============================================================
12:08:57.0234 2536  Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:08:57.0296 2536  ============================================================
12:08:57.0296 2536  \Device\Harddisk0\DR0:
12:08:57.0296 2536  MBR partitions:
12:08:57.0296 2536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x16303545
12:08:57.0296 2536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x16307445, BlocksNum 0x119697C
12:08:57.0296 2536  ============================================================
12:08:57.0328 2536  C: <-> \Device\Harddisk0\DR0\Partition1
12:08:57.0343 2536  D: <-> \Device\Harddisk0\DR0\Partition2
12:08:57.0343 2536  ============================================================
12:08:57.0343 2536  Initialize success
12:08:57.0343 2536  ============================================================
12:09:05.0468 3352  ============================================================
12:09:05.0468 3352  Scan started
12:09:05.0468 3352  Mode: Manual;
12:09:05.0468 3352  ============================================================
12:09:05.0828 3352  ================ Scan system memory ========================
12:09:06.0828 3352  System memory - ok
12:09:06.0843 3352  ================ Scan services =============================
12:09:06.0984 3352  Abiosdsk - ok
12:09:06.0984 3352  abp480n5 - ok
12:09:07.0046 3352  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:09:07.0046 3352  ACPI - ok
12:09:07.0093 3352  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:09:07.0093 3352  ACPIEC - ok
12:09:07.0187 3352  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:09:07.0187 3352  AdobeFlashPlayerUpdateSvc - ok
12:09:07.0203 3352  adpu160m - ok
12:09:07.0234 3352  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:09:07.0234 3352  aec - ok
12:09:07.0281 3352  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:09:07.0281 3352  AFD - ok
12:09:07.0343 3352  [ 994A42D273C35B43EE9D1E8A5D8BC639 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:09:07.0359 3352  AgereSoftModem - ok
12:09:07.0359 3352  Aha154x - ok
12:09:07.0375 3352  aic78u2 - ok
12:09:07.0375 3352  aic78xx - ok
12:09:07.0406 3352  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:09:07.0406 3352  Alerter - ok
12:09:07.0437 3352  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:09:07.0437 3352  ALG - ok
12:09:07.0453 3352  AliIde - ok
12:09:07.0515 3352  [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:09:07.0515 3352  AmdK8 - ok
12:09:07.0531 3352  amsint - ok
12:09:07.0562 3352  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:09:07.0562 3352  AppMgmt - ok
12:09:07.0562 3352  [ 00523019E3579C8F8A94457FE25F0F24 ] aracpi          C:\WINDOWS\system32\DRIVERS\aracpi.sys
12:09:07.0562 3352  aracpi - ok
12:09:07.0625 3352  [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] arhidfltr       C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
12:09:07.0625 3352  arhidfltr - ok
12:09:07.0640 3352  [ 82969576093CD983DD559F5A86F382B4 ] arkbcfltr       C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
12:09:07.0640 3352  arkbcfltr - ok
12:09:07.0656 3352  [ 9B21791D8A78FAECE999FADBEBDA6C22 ] armoucfltr      C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
12:09:07.0656 3352  armoucfltr - ok
12:09:07.0687 3352  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:09:07.0687 3352  Arp1394 - ok
12:09:07.0687 3352  [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] ARPolicy        C:\WINDOWS\system32\DRIVERS\arpolicy.sys
12:09:07.0687 3352  ARPolicy - ok
12:09:07.0750 3352  [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] ARSVC           C:\WINDOWS\arservice.exe
12:09:07.0750 3352  ARSVC - ok
12:09:07.0765 3352  asc - ok
12:09:07.0781 3352  asc3350p - ok
12:09:07.0781 3352  asc3550 - ok
12:09:07.0921 3352  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:09:07.0921 3352  aspnet_state - ok
12:09:07.0953 3352  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:09:07.0953 3352  AsyncMac - ok
12:09:07.0953 3352  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:09:07.0968 3352  atapi - ok
12:09:07.0968 3352  Atdisk - ok
12:09:08.0015 3352  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:09:08.0015 3352  Atmarpc - ok
12:09:08.0062 3352  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:09:08.0062 3352  AudioSrv - ok
12:09:08.0078 3352  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:09:08.0078 3352  audstub - ok
12:09:08.0093 3352  [ 7270D070173B20AC9487EA16BB08B45F ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys
12:09:08.0093 3352  bb-run - ok
12:09:08.0109 3352  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:09:08.0109 3352  Beep - ok
12:09:08.0140 3352  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:09:08.0156 3352  BITS - ok
12:09:08.0187 3352  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:09:08.0187 3352  Browser - ok
12:09:08.0203 3352  catchme - ok
12:09:08.0203 3352  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:09:08.0203 3352  cbidf2k - ok
12:09:08.0218 3352  cd20xrnt - ok
12:09:08.0234 3352  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:09:08.0234 3352  Cdaudio - ok
12:09:08.0250 3352  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:09:08.0250 3352  Cdfs - ok
12:09:08.0281 3352  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:09:08.0281 3352  Cdrom - ok
12:09:08.0296 3352  Changer - ok
12:09:08.0328 3352  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:09:08.0328 3352  CiSvc - ok
12:09:08.0343 3352  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:09:08.0343 3352  ClipSrv - ok
12:09:08.0375 3352  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:09:08.0375 3352  clr_optimization_v2.0.50727_32 - ok
12:09:08.0390 3352  CmdIde - ok
12:09:08.0406 3352  COMSysApp - ok
12:09:08.0421 3352  Cpqarray - ok
12:09:08.0437 3352  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:09:08.0437 3352  CryptSvc - ok
12:09:08.0453 3352  [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
12:09:08.0453 3352  ctxusbm - ok
12:09:08.0468 3352  dac2w2k - ok
12:09:08.0468 3352  dac960nt - ok
12:09:08.0515 3352  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:09:08.0531 3352  DcomLaunch - ok
12:09:08.0546 3352  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:09:08.0546 3352  Dhcp - ok
12:09:08.0562 3352  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:09:08.0562 3352  Disk - ok
12:09:08.0578 3352  dmadmin - ok
12:09:08.0640 3352  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:09:08.0656 3352  dmboot - ok
12:09:08.0687 3352  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:09:08.0687 3352  dmio - ok
12:09:08.0718 3352  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:09:08.0718 3352  dmload - ok
12:09:08.0812 3352  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:09:08.0812 3352  dmserver - ok
12:09:08.0828 3352  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:09:08.0828 3352  DMusic - ok
12:09:08.0875 3352  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:09:08.0875 3352  Dnscache - ok
12:09:08.0890 3352  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:09:08.0890 3352  Dot3svc - ok
12:09:08.0906 3352  dpti2o - ok
12:09:08.0937 3352  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:09:08.0937 3352  drmkaud - ok
12:09:08.0953 3352  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:09:08.0953 3352  EapHost - ok
12:09:09.0078 3352  [ D039A0C347632622934906BD59A4E1EA ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
12:09:09.0078 3352  ehRecvr - ok
12:09:09.0125 3352  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
12:09:09.0125 3352  ehSched - ok
12:09:09.0156 3352  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:09:09.0156 3352  ERSvc - ok
12:09:09.0187 3352  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:09:09.0187 3352  Eventlog - ok
12:09:09.0250 3352  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:09:09.0250 3352  EventSystem - ok
12:09:09.0406 3352  [ C42B0105E09B1ECE2DD75141CF64AFD6 ] F-Secure Filter C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSfilter.sys
12:09:09.0406 3352  F-Secure Filter - ok
12:09:09.0437 3352  [ 3DB7415150DFB85FCF470E10F4745FD3 ] F-Secure Gatekeeper C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys
12:09:09.0437 3352  F-Secure Gatekeeper - ok
12:09:09.0484 3352  [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
12:09:09.0500 3352  F-Secure Gatekeeper Handler Starter - ok
12:09:09.0578 3352  [ DC0720248DC4D1F303DF94CCC3ADFF96 ] F-Secure HIPS   C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys
12:09:09.0578 3352  F-Secure HIPS - ok
12:09:09.0593 3352  [ 17B22D1BB6770D8A86573387345C1738 ] F-Secure Recognizer C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSrec.sys
12:09:09.0593 3352  F-Secure Recognizer - ok
12:09:09.0609 3352  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:09:09.0609 3352  Fastfat - ok
12:09:09.0656 3352  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:09:09.0656 3352  FastUserSwitchingCompatibility - ok
12:09:09.0687 3352  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
12:09:09.0687 3352  Fax - ok
12:09:09.0859 3352  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:09:09.0859 3352  Fdc - ok
12:09:09.0875 3352  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:09:09.0875 3352  Fips - ok
12:09:09.0890 3352  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:09:09.0890 3352  Flpydisk - ok
12:09:09.0906 3352  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:09:09.0906 3352  FltMgr - ok
12:09:09.0984 3352  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:09:09.0984 3352  FontCache3.0.0.0 - ok
12:09:10.0000 3352  [ 18DA737DD5122A475DA4948ED4643675 ] fsbts           C:\WINDOWS\system32\Drivers\fsbts.sys
12:09:10.0000 3352  fsbts - ok
12:09:10.0078 3352  [ 7CD27E80DFD22F02FBDA47B706ABA0F2 ] FSDFWD          C:\Program Files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe
12:09:10.0078 3352  FSDFWD - ok
12:09:10.0109 3352  [ FE5918F5C839F7BBF74FB91743DD4262 ] FSFW            C:\WINDOWS\system32\drivers\fsdfw.sys
12:09:10.0109 3352  FSFW - ok
12:09:10.0140 3352  [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA            C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
12:09:10.0140 3352  FSMA - ok
12:09:10.0171 3352  [ 45303CDBC1FD8F8D371E726BF126F771 ] FSORSPClient    C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe
12:09:10.0171 3352  FSORSPClient - ok
12:09:10.0203 3352  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:09:10.0203 3352  Fs_Rec - ok
12:09:10.0250 3352  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:09:10.0250 3352  Ftdisk - ok
12:09:10.0265 3352  [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys
12:09:10.0265 3352  ftsata2 - ok
12:09:10.0312 3352  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:09:10.0312 3352  Gpc - ok
12:09:10.0328 3352  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:09:10.0328 3352  HDAudBus - ok
12:09:10.0453 3352  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:09:10.0453 3352  helpsvc - ok
12:09:10.0468 3352  HidServ - ok
12:09:10.0500 3352  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:09:10.0500 3352  HidUsb - ok
12:09:10.0531 3352  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:09:10.0531 3352  hkmsvc - ok
12:09:10.0531 3352  hpn - ok
12:09:10.0562 3352  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:09:10.0562 3352  HPZid412 - ok
12:09:10.0609 3352  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:09:10.0609 3352  HPZipr12 - ok
12:09:10.0625 3352  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:09:10.0625 3352  HPZius12 - ok
12:09:10.0671 3352  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:09:10.0687 3352  HTTP - ok
12:09:10.0703 3352  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:09:10.0703 3352  HTTPFilter - ok
12:09:10.0718 3352  i2omgmt - ok
12:09:10.0718 3352  i2omp - ok
12:09:10.0750 3352  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:09:10.0750 3352  i8042prt - ok
12:09:10.0812 3352  [ 9A65E42664D1534B68512CAAD0EFE963 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:09:10.0812 3352  iaStor - ok
12:09:10.0937 3352  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:09:10.0953 3352  IDriverT - ok
12:09:11.0062 3352  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:09:11.0062 3352  idsvc - ok
12:09:11.0093 3352  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:09:11.0093 3352  Imapi - ok
12:09:11.0156 3352  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:09:11.0156 3352  ImapiService - ok
12:09:11.0171 3352  ini910u - ok
12:09:11.0390 3352  [ 64BE56B8858CA0153C725C720FFD194F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:09:11.0421 3352  IntcAzAudAddService - ok
12:09:11.0468 3352  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:09:11.0468 3352  IntelIde - ok
12:09:11.0515 3352  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:09:11.0515 3352  intelppm - ok
12:09:11.0546 3352  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:09:11.0546 3352  Ip6Fw - ok
12:09:11.0578 3352  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:09:11.0578 3352  IpFilterDriver - ok
12:09:11.0609 3352  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:09:11.0609 3352  IpInIp - ok
12:09:11.0656 3352  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:09:11.0656 3352  IpNat - ok
12:09:11.0656 3352  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:09:11.0671 3352  IPSec - ok
12:09:11.0703 3352  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:09:11.0703 3352  IRENUM - ok
12:09:11.0718 3352  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:09:11.0718 3352  isapnp - ok
12:09:11.0890 3352  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:09:11.0890 3352  JavaQuickStarterService - ok
12:09:11.0921 3352  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:09:11.0921 3352  Kbdclass - ok
12:09:11.0937 3352  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:09:11.0937 3352  kmixer - ok
12:09:11.0968 3352  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:09:11.0968 3352  KSecDD - ok
12:09:12.0000 3352  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:09:12.0000 3352  lanmanserver - ok
12:09:12.0015 3352  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:09:12.0031 3352  lanmanworkstation - ok
12:09:12.0031 3352  lbrtfdc - ok
12:09:12.0109 3352  [ E4973B3229E0015345AFBE43A8A8EB3B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:09:12.0109 3352  LightScribeService - ok
12:09:12.0171 3352  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:09:12.0171 3352  LmHosts - ok
12:09:12.0234 3352  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
12:09:12.0234 3352  McrdSvc - ok
12:09:12.0312 3352  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:09:12.0312 3352  MDM - ok
12:09:12.0328 3352  MEMSWEEP2 - ok
12:09:12.0359 3352  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:09:12.0359 3352  Messenger - ok
12:09:12.0437 3352  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
12:09:12.0437 3352  MHN - ok
12:09:12.0484 3352  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:09:12.0484 3352  MHNDRV - ok
12:09:12.0531 3352  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:09:12.0531 3352  mnmdd - ok
12:09:12.0562 3352  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:09:12.0578 3352  mnmsrvc - ok
12:09:12.0609 3352  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:09:12.0609 3352  Modem - ok
12:09:12.0640 3352  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:09:12.0656 3352  Mouclass - ok
12:09:12.0703 3352  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:09:12.0703 3352  mouhid - ok
12:09:12.0703 3352  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:09:12.0703 3352  MountMgr - ok
12:09:12.0765 3352  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:09:12.0781 3352  MozillaMaintenance - ok
12:09:12.0781 3352  mraid35x - ok
12:09:12.0828 3352  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:09:12.0828 3352  MRxDAV - ok
12:09:12.0875 3352  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:09:12.0890 3352  MRxSmb - ok
12:09:12.0937 3352  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:09:12.0937 3352  MSDTC - ok
12:09:12.0937 3352  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:09:12.0953 3352  Msfs - ok
12:09:12.0953 3352  MSIServer - ok
12:09:12.0984 3352  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:09:12.0984 3352  MSKSSRV - ok
12:09:13.0000 3352  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:09:13.0000 3352  MSPCLOCK - ok
12:09:13.0031 3352  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:09:13.0031 3352  MSPQM - ok
12:09:13.0078 3352  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:09:13.0078 3352  mssmbios - ok
12:09:13.0093 3352  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:09:13.0093 3352  Mup - ok
12:09:13.0156 3352  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:09:13.0156 3352  napagent - ok
12:09:13.0203 3352  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:09:13.0203 3352  NDIS - ok
12:09:13.0250 3352  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:09:13.0250 3352  NdisTapi - ok
12:09:13.0281 3352  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:09:13.0281 3352  Ndisuio - ok
12:09:13.0296 3352  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:09:13.0296 3352  NdisWan - ok
12:09:13.0328 3352  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:09:13.0328 3352  NDProxy - ok
12:09:13.0359 3352  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:09:13.0359 3352  NetBIOS - ok
12:09:13.0406 3352  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:09:13.0406 3352  NetBT - ok
12:09:13.0453 3352  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:09:13.0453 3352  NetDDE - ok
12:09:13.0453 3352  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:09:13.0453 3352  NetDDEdsdm - ok
12:09:13.0500 3352  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:09:13.0500 3352  Netlogon - ok
12:09:13.0546 3352  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:09:13.0546 3352  Netman - ok
12:09:13.0593 3352  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:09:13.0593 3352  NetTcpPortSharing - ok
12:09:13.0640 3352  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:09:13.0640 3352  NIC1394 - ok
12:09:13.0687 3352  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:09:13.0687 3352  Nla - ok
12:09:13.0703 3352  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:09:13.0703 3352  Npfs - ok
12:09:13.0765 3352  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:09:13.0765 3352  Ntfs - ok
12:09:13.0765 3352  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:09:13.0765 3352  NtLmSsp - ok
12:09:13.0859 3352  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:09:13.0859 3352  NtmsSvc - ok
12:09:13.0921 3352  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:09:13.0921 3352  Null - ok
12:09:14.0062 3352  [ CE58F42B11BE20A47C3D8D2F38DA254E ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:09:14.0093 3352  nv - ok
12:09:14.0156 3352  [ 22EEDB34C4D7613A25B10C347C6C4C21 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:09:14.0156 3352  NVENETFD - ok
12:09:14.0171 3352  [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:09:14.0171 3352  nvnetbus - ok
12:09:14.0234 3352  [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
12:09:14.0234 3352  NVSvc - ok
12:09:14.0265 3352  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:09:14.0265 3352  NwlnkFlt - ok
12:09:14.0296 3352  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:09:14.0296 3352  NwlnkFwd - ok
12:09:14.0328 3352  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:09:14.0328 3352  ohci1394 - ok
12:09:14.0390 3352  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:09:14.0390 3352  ose - ok
12:09:14.0625 3352  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:09:14.0656 3352  osppsvc - ok
12:09:14.0703 3352  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:09:14.0703 3352  Parport - ok
12:09:14.0703 3352  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:09:14.0703 3352  PartMgr - ok
12:09:14.0734 3352  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:09:14.0734 3352  ParVdm - ok
12:09:14.0734 3352  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:09:14.0734 3352  PCI - ok
12:09:14.0734 3352  PCIDump - ok
12:09:14.0750 3352  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:09:14.0750 3352  PCIIde - ok
12:09:14.0796 3352  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:09:14.0796 3352  Pcmcia - ok
12:09:14.0796 3352  PDCOMP - ok
12:09:14.0812 3352  PDFRAME - ok
12:09:14.0812 3352  PDRELI - ok
12:09:14.0828 3352  PDRFRAME - ok
12:09:14.0828 3352  perc2 - ok
12:09:14.0843 3352  perc2hib - ok
12:09:14.0875 3352  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:09:14.0875 3352  PlugPlay - ok
12:09:14.0937 3352  [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
12:09:14.0937 3352  Pml Driver HPZ12 - ok
12:09:14.0953 3352  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:09:14.0953 3352  PolicyAgent - ok
12:09:15.0000 3352  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:09:15.0000 3352  PptpMiniport - ok
12:09:15.0015 3352  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
12:09:15.0015 3352  Processor - ok
12:09:15.0015 3352  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:09:15.0031 3352  ProtectedStorage - ok
12:09:15.0078 3352  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
12:09:15.0078 3352  Ps2 - ok
12:09:15.0093 3352  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:09:15.0093 3352  PSched - ok
12:09:15.0093 3352  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:09:15.0093 3352  Ptilink - ok
12:09:15.0109 3352  [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:09:15.0109 3352  PxHelp20 - ok
12:09:15.0125 3352  ql1080 - ok
12:09:15.0125 3352  Ql10wnt - ok
12:09:15.0140 3352  ql12160 - ok
12:09:15.0140 3352  ql1240 - ok
12:09:15.0156 3352  ql1280 - ok
12:09:15.0156 3352  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:09:15.0156 3352  RasAcd - ok
12:09:15.0203 3352  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:09:15.0203 3352  RasAuto - ok
12:09:15.0218 3352  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:09:15.0218 3352  Rasl2tp - ok
12:09:15.0265 3352  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:09:15.0265 3352  RasMan - ok
12:09:15.0281 3352  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:09:15.0281 3352  RasPppoe - ok
12:09:15.0281 3352  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:09:15.0281 3352  Raspti - ok
12:09:15.0296 3352  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:09:15.0312 3352  Rdbss - ok
12:09:15.0328 3352  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:09:15.0328 3352  RDPCDD - ok
12:09:15.0343 3352  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:09:15.0343 3352  rdpdr - ok
12:09:15.0390 3352  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:09:15.0390 3352  RDPWD - ok
12:09:15.0406 3352  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:09:15.0406 3352  RDSessMgr - ok
12:09:15.0453 3352  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:09:15.0453 3352  redbook - ok
12:09:15.0484 3352  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:09:15.0484 3352  RemoteAccess - ok
12:09:15.0531 3352  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:09:15.0531 3352  RemoteRegistry - ok
12:09:15.0562 3352  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:09:15.0562 3352  RpcLocator - ok
12:09:15.0609 3352  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:09:15.0625 3352  RpcSs - ok
12:09:15.0656 3352  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:09:15.0656 3352  RSVP - ok
12:09:15.0671 3352  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:09:15.0671 3352  rtl8139 - ok
12:09:15.0671 3352  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:09:15.0671 3352  SamSs - ok
12:09:15.0703 3352  [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
12:09:15.0703 3352  sbp2port - ok
12:09:15.0718 3352  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:09:15.0718 3352  SCardSvr - ok
12:09:15.0750 3352  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:09:15.0765 3352  Schedule - ok
12:09:15.0812 3352  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:09:15.0812 3352  Secdrv - ok
12:09:15.0843 3352  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:09:15.0843 3352  seclogon - ok
12:09:15.0875 3352  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:09:15.0875 3352  SENS - ok
12:09:15.0937 3352  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:09:15.0937 3352  Serial - ok
12:09:15.0984 3352  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:09:15.0984 3352  Sfloppy - ok
12:09:16.0046 3352  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:09:16.0046 3352  SharedAccess - ok
12:09:16.0062 3352  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:09:16.0062 3352  ShellHWDetection - ok
12:09:16.0078 3352  Simbad - ok
12:09:16.0093 3352  Sparrow - ok
12:09:16.0109 3352  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:09:16.0109 3352  splitter - ok
12:09:16.0140 3352  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:09:16.0140 3352  Spooler - ok
12:09:16.0156 3352  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:09:16.0156 3352  sr - ok
12:09:16.0203 3352  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:09:16.0203 3352  srservice - ok
12:09:16.0250 3352  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:09:16.0250 3352  Srv - ok
12:09:16.0296 3352  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:09:16.0296 3352  SSDPSRV - ok
12:09:16.0343 3352  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:09:16.0343 3352  stisvc - ok
12:09:16.0375 3352  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:09:16.0375 3352  swenum - ok
12:09:16.0390 3352  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:09:16.0390 3352  swmidi - ok
12:09:16.0406 3352  SwPrv - ok
12:09:16.0406 3352  symc810 - ok
12:09:16.0421 3352  symc8xx - ok
12:09:16.0468 3352  SYMIDSCO - ok
12:09:16.0468 3352  sym_hi - ok
12:09:16.0484 3352  sym_u3 - ok
12:09:16.0531 3352  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:09:16.0531 3352  sysaudio - ok
12:09:16.0546 3352  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:09:16.0546 3352  SysmonLog - ok
12:09:16.0578 3352  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:09:16.0578 3352  TapiSrv - ok
12:09:16.0656 3352  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:09:16.0656 3352  Tcpip - ok
12:09:16.0687 3352  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:09:16.0703 3352  TDPIPE - ok
12:09:16.0703 3352  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:09:16.0703 3352  TDTCP - ok
12:09:16.0734 3352  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:09:16.0734 3352  TermDD - ok
12:09:16.0750 3352  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:09:16.0765 3352  TermService - ok
12:09:16.0828 3352  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:09:16.0828 3352  Themes - ok
12:09:16.0875 3352  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:09:16.0875 3352  TlntSvr - ok
12:09:16.0890 3352  TosIde - ok
12:09:16.0890 3352  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:09:16.0890 3352  TrkWks - ok
12:09:16.0937 3352  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:09:16.0937 3352  Udfs - ok
12:09:16.0953 3352  ultra - ok
12:09:16.0984 3352  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:09:17.0000 3352  Update - ok
12:09:17.0031 3352  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:09:17.0031 3352  upnphost - ok
12:09:17.0046 3352  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:09:17.0046 3352  UPS - ok
12:09:17.0078 3352  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:09:17.0078 3352  usbccgp - ok
12:09:17.0093 3352  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:09:17.0109 3352  usbehci - ok
12:09:17.0125 3352  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:09:17.0125 3352  usbhub - ok
12:09:17.0156 3352  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:09:17.0156 3352  usbohci - ok
12:09:17.0171 3352  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:09:17.0171 3352  usbprint - ok
12:09:17.0187 3352  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:09:17.0187 3352  usbscan - ok
12:09:17.0218 3352  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:09:17.0218 3352  usbstor - ok
12:09:17.0250 3352  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:09:17.0250 3352  usbuhci - ok
12:09:17.0281 3352  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:09:17.0281 3352  VgaSave - ok
12:09:17.0328 3352  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:09:17.0328 3352  ViaIde - ok
12:09:17.0343 3352  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:09:17.0343 3352  VolSnap - ok
12:09:17.0375 3352  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:09:17.0390 3352  VSS - ok
12:09:17.0421 3352  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:09:17.0421 3352  W32Time - ok
12:09:17.0453 3352  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:09:17.0453 3352  Wanarp - ok
12:09:17.0453 3352  WDICA - ok
12:09:17.0500 3352  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:17.0500 3352  wdmaud - ok
12:09:17.0531 3352  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:09:17.0531 3352  WebClient - ok
12:09:17.0625 3352  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:09:17.0625 3352  winmgmt - ok
12:09:17.0671 3352  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:09:17.0671 3352  WmdmPmSN - ok
12:09:17.0734 3352  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:09:17.0734 3352  Wmi - ok
12:09:17.0781 3352  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:09:17.0781 3352  WmiApSrv - ok
12:09:17.0906 3352  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:09:17.0921 3352  WMPNetworkSvc - ok
12:09:17.0937 3352  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:09:17.0937 3352  WS2IFSL - ok
12:09:17.0984 3352  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:09:17.0984 3352  wscsvc - ok
12:09:18.0015 3352  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:09:18.0015 3352  wuauserv - ok
12:09:18.0046 3352  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:09:18.0046 3352  WudfPf - ok
12:09:18.0062 3352  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:09:18.0062 3352  WudfRd - ok
12:09:18.0109 3352  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:09:18.0109 3352  WudfSvc - ok
12:09:18.0171 3352  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:09:18.0187 3352  WZCSVC - ok
12:09:18.0234 3352  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:09:18.0234 3352  xmlprov - ok
12:09:18.0234 3352  ================ Scan global ===============================
12:09:18.0281 3352  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:09:18.0328 3352  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:09:18.0343 3352  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:09:18.0375 3352  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:09:18.0375 3352  [Global] - ok
12:09:18.0375 3352  ================ Scan MBR ==================================
12:09:18.0406 3352  [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0
12:09:18.0796 3352  \Device\Harddisk0\DR0 - ok
12:09:18.0796 3352  ================ Scan VBR ==================================
12:09:18.0796 3352  [ 00C2644E6200ADF8F440F3C02C41E711 ] \Device\Harddisk0\DR0\Partition1
12:09:18.0812 3352  \Device\Harddisk0\DR0\Partition1 - ok
12:09:18.0812 3352  [ 8726395901DBDF4394AC78A1E8AC00FB ] \Device\Harddisk0\DR0\Partition2
12:09:18.0812 3352  \Device\Harddisk0\DR0\Partition2 - ok
12:09:18.0812 3352  ============================================================
12:09:18.0812 3352  Scan finished
12:09:18.0812 3352  ============================================================
12:09:18.0828 3828  Detected object count: 0
12:09:18.0828 3828  Actual detected object count: 0
12:09:37.0578 3516  Deinitialize success
 

 

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 07 June 2013 - 11:46 AM

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 June 2013 - 12:49 PM

ComboFix Log:

 

ComboFix 13-06-07.03 - HP_Administrator 07/06/2013  14:19:06.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.432 [GMT -3:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: EastLink Internet Security Services 9.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EastLink Internet Security Services 9.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HP_Administrator\alg.exe
c:\documents and settings\HP_Administrator\Application Data\PriceGong
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\1.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\a.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\b.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\c.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\d.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\e.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\f.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\g.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\h.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\i.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\j.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\k.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\l.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\m.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\n.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\o.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\p.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\q.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\r.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\s.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\t.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\u.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\v.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\w.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\x.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\y.txt
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\z.txt
c:\documents and settings\HP_Administrator\chrome.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-07 to 2013-06-07  )))))))))))))))))))))))))))))))
.
.
2013-06-06 18:12 . 2013-06-06 18:12    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-06-05 18:39 . 2013-06-05 18:39    294912    --sha-r-    c:\windows\system32\syncuij.dll
2013-05-11 10:37 . 2013-05-11 10:37    209472    ----a-w-    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:37 . 2012-07-26 23:50    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 03:37 . 2012-03-10 20:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-08-10 04:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 04:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 04:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-10 04:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-10 04:00    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"F-Secure Manager"="c:\program files\eastlinkinternetsecurityservices\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\eastlinkinternetsecurityservices\FSGUI\TNBUtil.exe" [2012-03-11 1655464]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-11-4 69120]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/03/2012 9:54 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/03/2012 9:53 PM 81864]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [16/04/2010 4:22 PM 65584]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys [10/03/2012 9:53 PM 69928]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys [10/03/2012 9:53 PM 145464]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe [10/03/2012 9:53 PM 60352]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B3B.tmp --> c:\windows\system32\1B3B.tmp [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsfilter.sys [10/03/2012 9:53 PM 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsrec.sys [10/03/2012 9:53 PM 27048]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 28301743
*NewlyCreated* - 28442706
*NewlyCreated* - ASWMBR
*Deregistered* - 28301743
*Deregistered* - 28442706
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 03:37]
.
2013-06-03 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-06 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-06 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-07 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-07 c:\windows\Tasks\DCYK.job
- c:\windows\system32\syncuij.dll [2013-06-05 18:39]
.
2013-06-07 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\EASTLI~1\ANTI-V~1\fsav.exe [2012-03-11 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{BBF1D3AA-E1CF-49C1-A866-7EA85A54E390}: NameServer = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\vrirh0pz.default\
FF - ExtSQL: 2013-05-13 03:13; litmus-ff@f-secure.com; c:\program files\eastlinkinternetsecurityservices\NRS\litmus-ff@f-secure.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-07 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B3B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\eastlinkinternetsecurityservices\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\program files\eastlinkinternetsecurityservices\hips\fshook32.dll
.
Completion time: 2013-06-07  14:32:23
ComboFix-quarantined-files.txt  2013-06-07 17:32
.
Pre-Run: 129,589,207,040 bytes free
Post-Run: 130,304,831,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C558F107002A820EF207F1C219E1C51C
D11C727E03BB7318DCDA069B06E652F0
 

 



#6 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 June 2013 - 08:04 PM

I seem to have picked up another virus now. Something called "Internet Security (designed to protect) popped up and started to scan my system I stopped the scan but it downloaded an icon onto my taskbar that pops up a bubble that says: "Security Warning! Malicious program has been detected. Click here to protect your computer", and a pop up appeared that says "Firewall Warning.
Hidden file transfers to remote host has been detected. Internet Security has detected a leak of your files through the Internet. We strongly recommend that you block the attack immediately". Help please.

 

 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 08 June 2013 - 06:14 PM

Then please run combofix again and post up the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 08 June 2013 - 09:46 PM

ComboFix 13-06-08.02 - HP_Administrator 08/06/2013  23:17:33.4.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.379 [GMT -3:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: EastLink Internet Security Services 9.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EastLink Internet Security Services 9.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\itdefender.exe
c:\documents and settings\HP_Administrator\chrome.exe
c:\documents and settings\HP_Administrator\java.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-06 18:12 . 2013-06-06 18:12    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-06-05 18:39 . 2013-06-05 18:39    294912    --sha-r-    c:\windows\system32\syncuij.dll
2013-05-11 10:37 . 2013-05-11 10:37    209472    ----a-w-    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:37 . 2012-07-26 23:50    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 03:37 . 2012-03-10 20:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2004-08-10 04:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 04:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 04:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-10 04:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-10 04:00    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"F-Secure Manager"="c:\program files\eastlinkinternetsecurityservices\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\eastlinkinternetsecurityservices\FSGUI\TNBUtil.exe" [2012-03-11 1655464]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2012-11-4 69120]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/03/2012 9:54 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/03/2012 9:53 PM 81864]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [16/04/2010 4:22 PM 65584]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys [10/03/2012 9:53 PM 69928]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys [10/03/2012 9:53 PM 145464]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe [10/03/2012 9:53 PM 60352]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B3B.tmp --> c:\windows\system32\1B3B.tmp [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsfilter.sys [10/03/2012 9:53 PM 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsrec.sys [10/03/2012 9:53 PM 27048]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 03:37]
.
2013-06-03 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-08 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-08 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-08 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 00:12]
.
2013-06-09 c:\windows\Tasks\DCYK.job
- c:\windows\system32\syncuij.dll [2013-06-05 18:39]
.
2013-06-08 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\EASTLI~1\ANTI-V~1\fsav.exe [2012-03-11 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\vrirh0pz.default\
FF - ExtSQL: 2013-05-13 03:13; litmus-ff@f-secure.com; c:\program files\eastlinkinternetsecurityservices\NRS\litmus-ff@f-secure.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-41769170.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-08 23:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B3B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\eastlinkinternetsecurityservices\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\program files\eastlinkinternetsecurityservices\hips\fshook32.dll
.
Completion time: 2013-06-08  23:28:37
ComboFix-quarantined-files.txt  2013-06-09 02:28
.
Pre-Run: 130,007,797,760 bytes free
Post-Run: 130,052,448,256 bytes free
.
- - End Of File - - AFD2B82CAED223169F2C2E4478A5421A
D11C727E03BB7318DCDA069B06E652F0
 

 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 09 June 2013 - 05:02 AM

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box

    c:\windows\system32\syncuij.dll
    
  • and click open.
  • click Send File.
please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 09 June 2013 - 06:32 PM

I've had VirusTotal running for like 2+ hours and it still hasn't uploaded the file yet, should it take this long? Or is it having trouble since syncuij.dll is a hidden .dll in the system32 folder?

 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 10 June 2013 - 03:17 AM

Restart your browser and try again - it should not take longer than several minutes.

If this happens again, please report.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 10 June 2013 - 11:56 AM

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1370883245/

 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 10 June 2013 - 11:57 AM

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 10 June 2013 - 01:36 PM

ESET Log:

 

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\itdefender.exe.vir    a variant of Win32/Kryptik.BDFH trojan
Operating memory    probably a variant of Win32/Ponmocup.AA trojan
 

 



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 10 June 2013 - 02:35 PM

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users