Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dad's computer has a bunch of adware


  • Please log in to reply
8 replies to this topic

#1 hrolsons

hrolsons

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 28 July 2013 - 12:53 PM

Can someone help me run through some scans of my Dad's computer.  He has ads popping up all over the place.



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 28 July 2013 - 12:59 PM

:welcome:

 

 

Give this a try:

 

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

:step3:  ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 28 July 2013 - 03:21 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.28.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rich Olson :: RICH-CD7716F084 [administrator]
 
7/28/2013 12:33:14 PM
mbam-log-2013-07-28 (12-33-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299146
Time elapsed: 6 minute(s), 18 second(s)
 
Memory Processes Detected: 1
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 536 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 33
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C45C304-4FC4-42AE-BF02-209008005AD2} (PUP.Adurr) -> Quarantined and deleted successfully.
HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Extension.ExtensionHelperObject.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Extension.ExtensionHelperObject (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Updater By SweetPacks (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: ???????? -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data:  -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 31
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Temp\BlekkoIC\BlekkoIC.exe (Adware.Downware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0002]-[p01].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p04].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p05].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p06].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p07].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p08].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0005]-[p09].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p02].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p08].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p09].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p10].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p11].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p12].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p13].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p14].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p15].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p16].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p17].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p18].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p19].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p20].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0006]-[p21].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data[j0009]-[p01].bmp (Trojan.Dropper.MST) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\firefox.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\rundll32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rich Olson\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.
 
(end)
 
 
 
12:54:25.0359 3160  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:54:25.0828 3160  ============================================================
12:54:25.0828 3160  Current date / time: 2013/07/28 12:54:25.0828
12:54:25.0828 3160  SystemInfo:
12:54:25.0828 3160  
12:54:25.0828 3160  OS Version: 5.1.2600 ServicePack: 3.0
12:54:25.0828 3160  Product type: Workstation
12:54:25.0828 3160  ComputerName: RICH-CD7716F084
12:54:25.0828 3160  UserName: Rich Olson
12:54:25.0828 3160  Windows directory: C:\WINDOWS
12:54:25.0828 3160  System windows directory: C:\WINDOWS
12:54:25.0828 3160  Processor architecture: Intel x86
12:54:25.0828 3160  Number of processors: 4
12:54:25.0828 3160  Page size: 0x1000
12:54:25.0828 3160  Boot type: Normal boot
12:54:25.0828 3160  ============================================================
12:54:26.0156 3160  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:54:26.0171 3160  ============================================================
12:54:26.0171 3160  \Device\Harddisk0\DR0:
12:54:26.0171 3160  MBR partitions:
12:54:26.0171 3160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x455F5B, BlocksNum 0x742ABBA5
12:54:26.0171 3160  ============================================================
12:54:26.0203 3160  C: <-> \Device\Harddisk0\DR0\Partition1
12:54:26.0203 3160  ============================================================
12:54:26.0203 3160  Initialize success
12:54:26.0203 3160  ============================================================
12:54:49.0250 1780  ============================================================
12:54:49.0250 1780  Scan started
12:54:49.0250 1780  Mode: Manual; TDLFS; 
12:54:49.0250 1780  ============================================================
12:54:49.0359 1780  ================ Scan system memory ========================
12:54:49.0359 1780  System memory - ok
12:54:49.0359 1780  ================ Scan services =============================
12:54:49.0515 1780  Abiosdsk - ok
12:54:49.0515 1780  abp480n5 - ok
12:54:49.0546 1780  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:54:49.0546 1780  ACPI - ok
12:54:49.0578 1780  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:54:49.0578 1780  ACPIEC - ok
12:54:49.0671 1780  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:49.0671 1780  AdobeFlashPlayerUpdateSvc - ok
12:54:49.0671 1780  adpu160m - ok
12:54:49.0718 1780  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:54:49.0718 1780  aec - ok
12:54:49.0750 1780  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:54:49.0750 1780  AFD - ok
12:54:49.0765 1780  Aha154x - ok
12:54:49.0765 1780  aic78u2 - ok
12:54:49.0765 1780  aic78xx - ok
12:54:49.0781 1780  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:54:49.0781 1780  Alerter - ok
12:54:49.0812 1780  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:54:49.0812 1780  ALG - ok
12:54:49.0812 1780  AliIde - ok
12:54:49.0859 1780  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
12:54:49.0875 1780  Ambfilt - ok
12:54:49.0875 1780  amsint - ok
12:54:49.0890 1780  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:54:49.0890 1780  AppMgmt - ok
12:54:49.0890 1780  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:54:49.0890 1780  Arp1394 - ok
12:54:49.0906 1780  asc - ok
12:54:49.0906 1780  asc3350p - ok
12:54:49.0906 1780  asc3550 - ok
12:54:49.0984 1780  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:54:49.0984 1780  aspnet_state - ok
12:54:50.0000 1780  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:54:50.0000 1780  AsyncMac - ok
12:54:50.0000 1780  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
12:54:50.0000 1780  atapi - ok
12:54:50.0000 1780  Atdisk - ok
12:54:50.0046 1780  [ BBC6A3DEC3F51336E8DFC9BF955B4C36 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:54:50.0046 1780  Ati HotKey Poller - ok
12:54:50.0109 1780  [ 97129408C8760F3421C1551BA3F3899D ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:54:50.0125 1780  ati2mtag - ok
12:54:50.0125 1780  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:54:50.0125 1780  Atmarpc - ok
12:54:50.0140 1780  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:54:50.0140 1780  AudioSrv - ok
12:54:50.0156 1780  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:54:50.0156 1780  audstub - ok
12:54:50.0171 1780  [ 8DCD8B53E5935D9AF52CB62FD2B965B5 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
12:54:50.0171 1780  avgtp - ok
12:54:50.0265 1780  [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:54:50.0265 1780  BBSvc - ok
12:54:50.0281 1780  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:54:50.0281 1780  BBUpdate - ok
12:54:50.0312 1780  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:54:50.0312 1780  Beep - ok
12:54:50.0343 1780  [ 6F19E5D9DBA2E2426D7FD0AA9B94725E ] BeFrugal.com Service C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe
12:54:50.0343 1780  BeFrugal.com Service - ok
12:54:50.0375 1780  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:54:50.0375 1780  BITS - ok
12:54:50.0437 1780  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:54:50.0437 1780  Browser - ok
12:54:50.0562 1780  [ 8A7BE4B3E6DD4687CF849B70EBDBCFF0 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
12:54:50.0578 1780  CarboniteService - ok
12:54:50.0578 1780  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:54:50.0578 1780  cbidf2k - ok
12:54:50.0578 1780  cd20xrnt - ok
12:54:50.0609 1780  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:54:50.0609 1780  Cdaudio - ok
12:54:50.0640 1780  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:54:50.0640 1780  Cdfs - ok
12:54:50.0640 1780  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:54:50.0640 1780  Cdrom - ok
12:54:50.0671 1780  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:54:50.0671 1780  CiSvc - ok
12:54:50.0671 1780  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:54:50.0671 1780  ClipSrv - ok
12:54:50.0703 1780  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:50.0703 1780  clr_optimization_v2.0.50727_32 - ok
12:54:50.0703 1780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:50.0718 1780  clr_optimization_v4.0.30319_32 - ok
12:54:50.0718 1780  CmdIde - ok
12:54:50.0718 1780  COMSysApp - ok
12:54:50.0718 1780  Cpqarray - ok
12:54:50.0828 1780  cpuz134 - ok
12:54:50.0828 1780  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:54:50.0828 1780  CryptSvc - ok
12:54:50.0828 1780  dac2w2k - ok
12:54:50.0828 1780  dac960nt - ok
12:54:50.0843 1780  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:54:50.0843 1780  DcomLaunch - ok
12:54:50.0859 1780  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:54:50.0859 1780  Dhcp - ok
12:54:50.0875 1780  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:54:50.0875 1780  Disk - ok
12:54:50.0890 1780  dmadmin - ok
12:54:50.0906 1780  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:54:50.0906 1780  dmboot - ok
12:54:50.0921 1780  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:54:50.0921 1780  dmio - ok
12:54:50.0921 1780  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:54:50.0921 1780  dmload - ok
12:54:50.0953 1780  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:54:50.0953 1780  dmserver - ok
12:54:50.0984 1780  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:54:50.0984 1780  DMusic - ok
12:54:51.0015 1780  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:54:51.0015 1780  Dnscache - ok
12:54:51.0046 1780  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:54:51.0046 1780  Dot3svc - ok
12:54:51.0046 1780  dpti2o - ok
12:54:51.0046 1780  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:54:51.0046 1780  drmkaud - ok
12:54:51.0062 1780  [ 21375E1D8C9657E1587DCC2EFD0723EE ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:54:51.0078 1780  e1kexpress - ok
12:54:51.0078 1780  [ 14EA0C26137744636EB25B3FF1F2B02E ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
12:54:51.0093 1780  eamon - ok
12:54:51.0093 1780  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:54:51.0093 1780  EapHost - ok
12:54:51.0125 1780  [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:54:51.0125 1780  ehdrv - ok
12:54:51.0187 1780  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:54:51.0187 1780  ekrn - ok
12:54:51.0218 1780  [ 8BED309AC2E0ACDB9DE6B645B1FBB871 ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:54:51.0218 1780  epfwtdir - ok
12:54:51.0218 1780  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:54:51.0218 1780  ERSvc - ok
12:54:51.0250 1780  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:54:51.0250 1780  Eventlog - ok
12:54:51.0281 1780  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:54:51.0281 1780  EventSystem - ok
12:54:51.0328 1780  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:54:51.0328 1780  Fastfat - ok
12:54:51.0328 1780  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:54:51.0328 1780  FastUserSwitchingCompatibility - ok
12:54:51.0343 1780  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:54:51.0343 1780  Fdc - ok
12:54:51.0343 1780  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:54:51.0343 1780  Fips - ok
12:54:51.0343 1780  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:54:51.0343 1780  Flpydisk - ok
12:54:51.0375 1780  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:54:51.0375 1780  FltMgr - ok
12:54:51.0437 1780  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:54:51.0437 1780  FontCache3.0.0.0 - ok
12:54:51.0453 1780  [ E0087225B137E57239FF40F8AE82059B ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
12:54:51.0453 1780  fssfltr - ok
12:54:51.0531 1780  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:54:51.0531 1780  fsssvc - ok
12:54:51.0531 1780  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:54:51.0531 1780  Fs_Rec - ok
12:54:51.0546 1780  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:54:51.0546 1780  Ftdisk - ok
12:54:51.0562 1780  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:54:51.0562 1780  Gpc - ok
12:54:51.0625 1780  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:51.0625 1780  gupdate - ok
12:54:51.0625 1780  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:51.0625 1780  gupdatem - ok
12:54:51.0656 1780  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:54:51.0656 1780  gusvc - ok
12:54:51.0687 1780  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:54:51.0687 1780  HDAudBus - ok
12:54:51.0718 1780  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:54:51.0718 1780  helpsvc - ok
12:54:51.0750 1780  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:54:51.0750 1780  HidServ - ok
12:54:51.0765 1780  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:54:51.0765 1780  hidusb - ok
12:54:51.0781 1780  [ 411BCE825FCA2B296FF89B833DE11321 ] hitmanpro35     C:\WINDOWS\system32\drivers\hitmanpro36.sys
12:54:51.0781 1780  hitmanpro35 - ok
12:54:51.0812 1780  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:54:51.0812 1780  hkmsvc - ok
12:54:51.0812 1780  hpn - ok
12:54:51.0843 1780  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:54:51.0843 1780  hpqcxs08 - ok
12:54:51.0859 1780  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:54:51.0859 1780  hpqddsvc - ok
12:54:51.0890 1780  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:54:51.0890 1780  HPZid412 - ok
12:54:51.0890 1780  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:54:51.0890 1780  HPZipr12 - ok
12:54:51.0890 1780  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:54:51.0890 1780  HPZius12 - ok
12:54:51.0921 1780  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:54:51.0937 1780  HTTP - ok
12:54:51.0968 1780  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:54:51.0968 1780  HTTPFilter - ok
12:54:51.0968 1780  i2omp - ok
12:54:52.0000 1780  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:54:52.0015 1780  iaStor - ok
12:54:52.0078 1780  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:54:52.0093 1780  IDriverT - ok
12:54:52.0156 1780  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:54:52.0156 1780  idsvc - ok
12:54:52.0171 1780  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:54:52.0187 1780  Imapi - ok
12:54:52.0203 1780  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:54:52.0203 1780  ImapiService - ok
12:54:52.0203 1780  ini910u - ok
12:54:52.0296 1780  [ 0CE2EAB2FFB33B8B0EF2B8E0D8B3F026 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:54:52.0312 1780  IntcAzAudAddService - ok
12:54:52.0312 1780  IntelIde - ok
12:54:52.0343 1780  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:54:52.0343 1780  intelppm - ok
12:54:52.0421 1780  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:54:52.0421 1780  IntuitUpdateService - ok
12:54:52.0453 1780  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:54:52.0453 1780  IntuitUpdateServiceV4 - ok
12:54:52.0484 1780  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:54:52.0484 1780  Ip6Fw - ok
12:54:52.0500 1780  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:54:52.0500 1780  IpFilterDriver - ok
12:54:52.0515 1780  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:54:52.0515 1780  IpInIp - ok
12:54:52.0531 1780  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:54:52.0531 1780  IpNat - ok
12:54:52.0546 1780  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:54:52.0546 1780  IPSec - ok
12:54:52.0546 1780  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:54:52.0546 1780  IRENUM - ok
12:54:52.0578 1780  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:54:52.0578 1780  isapnp - ok
12:54:52.0671 1780  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:54:52.0671 1780  JavaQuickStarterService - ok
12:54:52.0687 1780  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:54:52.0687 1780  Kbdclass - ok
12:54:52.0687 1780  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:54:52.0687 1780  kbdhid - ok
12:54:52.0703 1780  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:54:52.0703 1780  kmixer - ok
12:54:52.0703 1780  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:54:52.0703 1780  KSecDD - ok
12:54:52.0734 1780  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:54:52.0734 1780  LanmanServer - ok
12:54:52.0765 1780  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:54:52.0765 1780  lanmanworkstation - ok
12:54:52.0781 1780  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:54:52.0781 1780  LmHosts - ok
12:54:52.0859 1780  [ DABCB3AD9B60BFDA876CB4F6081E822F ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:54:52.0859 1780  LMIGuardianSvc - ok
12:54:52.0890 1780  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
12:54:52.0890 1780  LMIInfo - ok
12:54:52.0953 1780  [ AB73A7C8594ABE0A7418626F0E742F40 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
12:54:52.0953 1780  LMIMaint - ok
12:54:52.0968 1780  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:54:52.0968 1780  lmimirr - ok
12:54:52.0984 1780  LMIRfsClientNP - ok
12:54:53.0000 1780  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:54:53.0000 1780  LMIRfsDriver - ok
12:54:53.0046 1780  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:54:53.0046 1780  LogMeIn - ok
12:54:53.0046 1780  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:54:53.0046 1780  Messenger - ok
12:54:53.0078 1780  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:54:53.0078 1780  mnmdd - ok
12:54:53.0093 1780  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:54:53.0093 1780  mnmsrvc - ok
12:54:53.0125 1780  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:54:53.0125 1780  Modem - ok
12:54:53.0156 1780  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
12:54:53.0171 1780  Monfilt - ok
12:54:53.0171 1780  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:54:53.0171 1780  Mouclass - ok
12:54:53.0218 1780  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:54:53.0218 1780  mouhid - ok
12:54:53.0218 1780  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:54:53.0218 1780  MountMgr - ok
12:54:53.0218 1780  mraid35x - ok
12:54:53.0234 1780  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:54:53.0234 1780  MRxDAV - ok
12:54:53.0250 1780  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:54:53.0250 1780  MRxSmb - ok
12:54:53.0281 1780  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:54:53.0281 1780  MSDTC - ok
12:54:53.0281 1780  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:54:53.0281 1780  Msfs - ok
12:54:53.0281 1780  MSIServer - ok
12:54:53.0296 1780  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:54:53.0296 1780  MSKSSRV - ok
12:54:53.0296 1780  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:54:53.0312 1780  MSPCLOCK - ok
12:54:53.0312 1780  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:54:53.0312 1780  MSPQM - ok
12:54:53.0328 1780  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:54:53.0328 1780  mssmbios - ok
12:54:53.0328 1780  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:54:53.0328 1780  Mup - ok
12:54:53.0359 1780  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:54:53.0359 1780  napagent - ok
12:54:53.0375 1780  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:54:53.0375 1780  NDIS - ok
12:54:53.0390 1780  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:54:53.0390 1780  NdisTapi - ok
12:54:53.0406 1780  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:54:53.0406 1780  Ndisuio - ok
12:54:53.0406 1780  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:54:53.0406 1780  NdisWan - ok
12:54:53.0421 1780  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:54:53.0421 1780  NDProxy - ok
12:54:53.0421 1780  NecUsb - ok
12:54:53.0437 1780  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:54:53.0437 1780  Net Driver HPZ12 - ok
12:54:53.0453 1780  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:54:53.0453 1780  NetBIOS - ok
12:54:53.0468 1780  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:54:53.0468 1780  NetBT - ok
12:54:53.0484 1780  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:54:53.0484 1780  NetDDE - ok
12:54:53.0484 1780  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:54:53.0484 1780  NetDDEdsdm - ok
12:54:53.0500 1780  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:54:53.0500 1780  Netlogon - ok
12:54:53.0515 1780  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:54:53.0515 1780  Netman - ok
12:54:53.0531 1780  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:53.0546 1780  NetTcpPortSharing - ok
12:54:53.0546 1780  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:54:53.0546 1780  NIC1394 - ok
12:54:53.0578 1780  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:54:53.0578 1780  Nla - ok
12:54:53.0625 1780  [ 1ACF98D80E95ADD298832C7A8996B48C ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:54:53.0625 1780  nosGetPlusHelper - ok
12:54:53.0625 1780  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:54:53.0640 1780  Npfs - ok
12:54:53.0640 1780  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:54:53.0640 1780  Ntfs - ok
12:54:53.0640 1780  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:54:53.0640 1780  NtLmSsp - ok
12:54:53.0671 1780  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:54:53.0671 1780  NtmsSvc - ok
12:54:53.0671 1780  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:54:53.0671 1780  NuidFltr - ok
12:54:53.0687 1780  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:54:53.0687 1780  Null - ok
12:54:53.0703 1780  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:54:53.0703 1780  NwlnkFlt - ok
12:54:53.0718 1780  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:54:53.0718 1780  NwlnkFwd - ok
12:54:53.0718 1780  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:54:53.0718 1780  ohci1394 - ok
12:54:53.0781 1780  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:53.0781 1780  ose - ok
12:54:53.0812 1780  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:54:53.0812 1780  Parport - ok
12:54:53.0812 1780  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:54:53.0812 1780  PartMgr - ok
12:54:53.0828 1780  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:54:53.0828 1780  ParVdm - ok
12:54:53.0843 1780  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:54:53.0843 1780  PCI - ok
12:54:53.0843 1780  PCIIde - ok
12:54:53.0859 1780  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:54:53.0859 1780  Pcmcia - ok
12:54:53.0875 1780  PctrlsInjectService - ok
12:54:53.0875 1780  perc2 - ok
12:54:53.0875 1780  perc2hib - ok
12:54:53.0890 1780  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:54:53.0890 1780  PlugPlay - ok
12:54:53.0937 1780  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:54:53.0937 1780  Pml Driver HPZ12 - ok
12:54:53.0937 1780  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:54:53.0937 1780  PolicyAgent - ok
12:54:53.0953 1780  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:54:53.0953 1780  PptpMiniport - ok
12:54:53.0953 1780  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:54:53.0968 1780  ProtectedStorage - ok
12:54:53.0968 1780  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:54:53.0968 1780  PSched - ok
12:54:53.0968 1780  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:54:53.0968 1780  Ptilink - ok
12:54:54.0000 1780  [ FAA729E2E2FD3AFB8DF7A45DE8769CC3 ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:54:54.0000 1780  PxHelp20 - ok
12:54:54.0000 1780  ql1080 - ok
12:54:54.0000 1780  Ql10wnt - ok
12:54:54.0000 1780  ql12160 - ok
12:54:54.0000 1780  ql1240 - ok
12:54:54.0000 1780  ql1280 - ok
12:54:54.0015 1780  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:54:54.0015 1780  RasAcd - ok
12:54:54.0031 1780  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:54:54.0031 1780  RasAuto - ok
12:54:54.0031 1780  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:54:54.0031 1780  Rasl2tp - ok
12:54:54.0046 1780  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:54:54.0046 1780  RasMan - ok
12:54:54.0046 1780  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:54:54.0046 1780  RasPppoe - ok
12:54:54.0062 1780  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:54:54.0062 1780  Raspti - ok
12:54:54.0078 1780  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:54:54.0078 1780  Rdbss - ok
12:54:54.0078 1780  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:54:54.0078 1780  RDPCDD - ok
12:54:54.0093 1780  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:54:54.0093 1780  rdpdr - ok
12:54:54.0109 1780  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:54:54.0125 1780  RDPWD - ok
12:54:54.0140 1780  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:54:54.0140 1780  RDSessMgr - ok
12:54:54.0203 1780  [ B2D01290C0E0465ACA54C2088E947823 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:54:54.0203 1780  RealNetworks Downloader Resolver Service - ok
12:54:54.0218 1780  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:54:54.0218 1780  redbook - ok
12:54:54.0234 1780  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:54:54.0234 1780  RemoteAccess - ok
12:54:54.0234 1780  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:54:54.0234 1780  RemoteRegistry - ok
12:54:54.0265 1780  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:54:54.0265 1780  RpcLocator - ok
12:54:54.0281 1780  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:54:54.0281 1780  RpcSs - ok
12:54:54.0312 1780  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:54:54.0312 1780  RSVP - ok
12:54:54.0375 1780  [ 3CF6631543C743C29A369287EA67FFE6 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
12:54:54.0390 1780  RTHDMIAzAudService - ok
12:54:54.0390 1780  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:54:54.0390 1780  SamSs - ok
12:54:54.0421 1780  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
12:54:54.0421 1780  SBRE - ok
12:54:54.0437 1780  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:54:54.0437 1780  SCardSvr - ok
12:54:54.0468 1780  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:54:54.0468 1780  Schedule - ok
12:54:54.0484 1780  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:54:54.0484 1780  Secdrv - ok
12:54:54.0500 1780  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:54:54.0500 1780  seclogon - ok
12:54:54.0500 1780  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:54:54.0500 1780  SENS - ok
12:54:54.0515 1780  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:54:54.0515 1780  Serial - ok
12:54:54.0546 1780  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:54:54.0546 1780  Sfloppy - ok
12:54:54.0562 1780  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:54:54.0562 1780  SharedAccess - ok
12:54:54.0562 1780  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:54:54.0562 1780  ShellHWDetection - ok
12:54:54.0562 1780  Simbad - ok
12:54:54.0578 1780  Sparrow - ok
12:54:54.0578 1780  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:54:54.0578 1780  splitter - ok
12:54:54.0609 1780  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:54:54.0609 1780  Spooler - ok
12:54:54.0625 1780  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:54:54.0625 1780  sr - ok
12:54:54.0640 1780  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:54:54.0640 1780  srservice - ok
12:54:54.0656 1780  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:54:54.0656 1780  Srv - ok
12:54:54.0671 1780  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:54:54.0671 1780  SSDPSRV - ok
12:54:54.0687 1780  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:54:54.0687 1780  stisvc - ok
12:54:54.0718 1780  [ C86A229BB5CB5DC47498B2C530A9458E ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
12:54:54.0718 1780  SWDUMon - ok
12:54:54.0734 1780  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:54:54.0734 1780  swenum - ok
12:54:54.0734 1780  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:54:54.0734 1780  swmidi - ok
12:54:54.0734 1780  SwPrv - ok
12:54:54.0734 1780  symc810 - ok
12:54:54.0734 1780  symc8xx - ok
12:54:54.0734 1780  sym_hi - ok
12:54:54.0750 1780  sym_u3 - ok
12:54:54.0750 1780  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:54:54.0750 1780  sysaudio - ok
12:54:54.0781 1780  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:54:54.0781 1780  SysmonLog - ok
12:54:54.0812 1780  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:54:54.0812 1780  TapiSrv - ok
12:54:54.0828 1780  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:54:54.0828 1780  Tcpip - ok
12:54:54.0859 1780  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:54:54.0859 1780  TDPIPE - ok
12:54:54.0875 1780  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:54:54.0875 1780  TDTCP - ok
12:54:54.0890 1780  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:54:54.0890 1780  TermDD - ok
12:54:54.0890 1780  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:54:54.0890 1780  TermService - ok
12:54:54.0906 1780  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:54:54.0906 1780  Themes - ok
12:54:54.0921 1780  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:54:54.0921 1780  TlntSvr - ok
12:54:54.0984 1780  [ F620772888B6E3EDEF5C3E71E3D447F0 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
12:54:54.0984 1780  TomTomHOMEService - ok
12:54:55.0000 1780  TosIde - ok
12:54:55.0000 1780  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:54:55.0000 1780  TrkWks - ok
12:54:55.0031 1780  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:54:55.0031 1780  Udfs - ok
12:54:55.0031 1780  ultra - ok
12:54:55.0031 1780  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:54:55.0031 1780  Update - ok
12:54:55.0046 1780  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:54:55.0046 1780  upnphost - ok
12:54:55.0046 1780  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:54:55.0062 1780  UPS - ok
12:54:55.0062 1780  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:54:55.0062 1780  usbccgp - ok
12:54:55.0078 1780  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:54:55.0078 1780  usbehci - ok
12:54:55.0078 1780  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:54:55.0078 1780  usbhub - ok
12:54:55.0093 1780  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:54:55.0093 1780  usbprint - ok
12:54:55.0109 1780  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:54:55.0109 1780  usbscan - ok
12:54:55.0109 1780  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:54:55.0109 1780  usbstor - ok
12:54:55.0140 1780  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:54:55.0140 1780  VgaSave - ok
12:54:55.0140 1780  ViaIde - ok
12:54:55.0156 1780  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:54:55.0156 1780  VolSnap - ok
12:54:55.0156 1780  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:54:55.0171 1780  VSS - ok
12:54:55.0234 1780  [ 654D358F8DC18167F31A01166B4CA9D6 ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
12:54:55.0234 1780  vToolbarUpdater15.3.0 - ok
12:54:55.0250 1780  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:54:55.0250 1780  W32Time - ok
12:54:55.0265 1780  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:54:55.0265 1780  Wanarp - ok
12:54:55.0296 1780  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:54:55.0296 1780  Wdf01000 - ok
12:54:55.0312 1780  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:54:55.0312 1780  wdmaud - ok
12:54:55.0328 1780  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:54:55.0328 1780  WebClient - ok
12:54:55.0375 1780  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:54:55.0375 1780  winmgmt - ok
12:54:55.0421 1780  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:54:55.0421 1780  WinRM - ok
12:54:55.0468 1780  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:54:55.0484 1780  wlidsvc - ok
12:54:55.0500 1780  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:54:55.0500 1780  WmdmPmSN - ok
12:54:55.0531 1780  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:54:55.0531 1780  Wmi - ok
12:54:55.0562 1780  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:54:55.0562 1780  WmiApSrv - ok
12:54:55.0593 1780  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:54:55.0593 1780  WMPNetworkSvc - ok
12:54:55.0671 1780  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:54:55.0671 1780  WPFFontCache_v0400 - ok
12:54:55.0687 1780  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:54:55.0687 1780  WS2IFSL - ok
12:54:55.0703 1780  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:54:55.0703 1780  wscsvc - ok
12:54:55.0703 1780  WSearch - ok
12:54:55.0718 1780  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:54:55.0718 1780  wuauserv - ok
12:54:55.0750 1780  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:54:55.0750 1780  WudfPf - ok
12:54:55.0750 1780  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:54:55.0750 1780  WudfRd - ok
12:54:55.0765 1780  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:54:55.0765 1780  WudfSvc - ok
12:54:55.0781 1780  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:54:55.0781 1780  WZCSVC - ok
12:54:55.0796 1780  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:54:55.0796 1780  xmlprov - ok
12:54:55.0812 1780  ================ Scan global ===============================
12:54:55.0828 1780  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:54:55.0843 1780  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:54:55.0859 1780  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:54:55.0875 1780  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:54:55.0875 1780  [Global] - ok
12:54:55.0875 1780  ================ Scan MBR ==================================
12:54:55.0890 1780  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:54:56.0234 1780  \Device\Harddisk0\DR0 - ok
12:54:56.0234 1780  ================ Scan VBR ==================================
12:54:56.0234 1780  [ 3C90BF836D1285A07725CEED6E08CB02 ] \Device\Harddisk0\DR0\Partition1
12:54:56.0250 1780  \Device\Harddisk0\DR0\Partition1 - ok
12:54:56.0250 1780  ============================================================
12:54:56.0250 1780  Scan finished
12:54:56.0250 1780  ============================================================
12:54:56.0265 0776  Detected object count: 0
12:54:56.0265 0776  Actual detected object count: 0
 
 
C:\Documents and Settings\Rich Olson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
C:\WINDOWS\Installer\18c7c03.msi a variant of Win32/HiddenStart.A application


#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 29 July 2013 - 02:10 AM

Reboot the computer. Are there any issues left?


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 29 July 2013 - 11:16 AM

Not fixed yet.

 

So ESET found 2 viruses and we were told not to delete them.

I opened Chrome and it went to an AVG search and then sweetpacks.com search came up.

For fun I went to speedtest.net and it went to some other crazy website.

Opened IE and it went to AVG search and had a bunch of unwanted toolbars.

Definately not fixed yet.  Thank you for your help!



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 29 July 2013 - 11:31 AM

:step1: Run Rkill http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/

 

       Note: Sometimes AV's thinks Rkill is infected, this isn't true, it's just a false-positive. Just let it terminate the malware processes. 

 

:step2: Provide the Rkill log.

 

:step3: Download Emsisoft Emergency Kit

  • Open EmsisoftEmergencyKit by  double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 29 July 2013 - 01:55 PM

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/29/2013 10:38:27 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Recycler\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\ [ZA Dir]
     * C:\Recycler\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\@ [ZA File]
     * C:\Recycler\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\L\ [ZA Dir]
     * C:\Recycler\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\U\ [ZA Dir]
     * C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e69a18f7da47772\ [ZA Dir]
     * C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e69a18f7da47772\@ [ZA File]
     * C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e69a18f7da47772\L\ [ZA Dir]
     * C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e69a18f7da47772\U\ [ZA Dir]

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\WINDOWS\$NtUninstallKB49190$ => c:\windows\system32\config\ [Dir]

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.78.0_x-ww_aa528373 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.78.0_x-ww_8bb99ed [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * atapi [Missing ImagePath]

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 07/07/2008 11:07 AM : 362bc5af8eaf712832c58cc13ae05750 [NoSig]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/29/2013 10:39:00 AM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)

Emsisoft Emergency Kit - Version 4.0
Last update: 7/29/2013 10:51:57 AM
User account: RICH-CD7716F084\Rich Olson

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 7/29/2013 10:53:07 AM
C:\Program Files\Free Offers from Freeze.com\  detected: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com  detected: Trace.File.Freeze (A)
C:\Program Files\Winferno  detected: Trace.File.Winferno (A)
C:\Program Files\Las Vegas USA Casino\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\_patch\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\fonts\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\temp\  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Free Offers from Freeze.com\control.txt  detected: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico  detected: Trace.File.Freeze (A)
C:\Program Files\Las Vegas USA Casino\lbyinst.exe  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\plibc32.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\winsound.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.ico  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\Las Vegas USA Casino.ico  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\lobby.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\lobby.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\bj.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.exe  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\directsound.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\extgame.dll  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\_patch\package_list.ini.crc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\_patch\package_list.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\fonts\albw.ttf  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Fonts - Latin  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Fonts - Latin.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Lobby  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Lobby.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\packages  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Common  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Common.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Standard  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Standard.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Extgame  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Extgame.ini  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.pln.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.rub.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.usd.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.zar.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.cad.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.chf.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.cny.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.eur.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.myr.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.pen.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.php.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.pln.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.rub.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.thb.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.uah.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.usd.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.zar.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.bd1.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.cad.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.chf.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.cny.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.eur.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.gbp.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.myr.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.pen.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.php.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.pln.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.rub.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.thb.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.uah.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.usd.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.zar.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\downloaddlg.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\exit.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\extgame.en.st.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\history.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\lobby.en.st.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\lobby.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\logos.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\options_new.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\rings.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\table.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\table.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\tables32.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\tbslot.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\action_button.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\card.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\cards32.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino32.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino32.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.bd1.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.cad.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.chf.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.cny.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.en.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.en.st.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.eur.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.gbp.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.myr.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.pen.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.php.rsc  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn000.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn001.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn002.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn003.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn004.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn005.wav  detected: Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn007.wav  detected: Trace.File.LasVegasUSACasino (A)
Value: HKEY_CLASSES_ROOT\RTG.SUNPALACECASINO -> URL PROTOCOL  detected: Trace.Registry.Diamond Deal Casino (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.SUNPALACECASINO -> URL PROTOCOL  detected: Trace.Registry.Diamond Deal Casino (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FREEZE.COM\INSTALLER -> ID  detected: Trace.Registry.EZ Game Cheats (A)
Key: HKEY_USERS\S-1-5-21-1060284298-287218729-682003330-1003\SOFTWARE\IMESH  detected: Trace.Registry.IMesh (A)
Value: HKEY_USERS\S-1-5-21-1060284298-287218729-682003330-1003\SOFTWARE\IMESH -> LASTOPENFILEDIR  detected: Trace.Registry.iMesh (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\FREEZE.COM  detected: Trace.Registry.Freeze (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO  detected: Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\CLSID  detected: Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\DEFAULTICON  detected: Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL  detected: Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL\OPEN  detected: Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL\OPEN\COMMAND  detected: Trace.Registry.LasVegasUSACasino (A)
C:\Documents and Settings\Rich Olson\Local Settings\Temp\spdinf.ini  detected: Trojan.Html.Fakealert.P (B)
C:\VIPRERESCUE\Quarantine\{D1BCEB66-6447-480B-9778-026D02E2C529}_ENC2 -> (Quarantine-PE) -> (NSIS o) -> lzma_solid_nsis0003  detected: Gen:Variant.Kazy.122951 (B)

Scanned 439569
Found 121

Scan end: 7/29/2013 11:45:21 AM
Scan time: 0:52:14

C:\VIPRERESCUE\Quarantine\{D1BCEB66-6447-480B-9778-026D02E2C529}_ENC2 Quarantined Gen:Variant.Kazy.122951 (B)
C:\Documents and Settings\Rich Olson\Local Settings\Temp\spdinf.ini Quarantined Trojan.Html.Fakealert.P (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\CLSID Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\DEFAULTICON Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL\OPEN Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RTG.LASVEGASUSACASINO\SHELL\OPEN\COMMAND Quarantined Trace.Registry.LasVegasUSACasino (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\FREEZE.COM Quarantined Trace.Registry.Freeze (A)
Key: HKEY_USERS\S-1-5-21-1060284298-287218729-682003330-1003\SOFTWARE\IMESH Quarantined Trace.Registry.IMesh (A)
Value: HKEY_CLASSES_ROOT\RTG.SUNPALACECASINO -> URL PROTOCOL Quarantined Trace.Registry.Diamond Deal Casino (A)
C:\Program Files\Las Vegas USA Casino\lbyinst.exe Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\plibc32.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\winsound.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.ico Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\Las Vegas USA Casino.ico Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\lobby.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\lobby.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\bj.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\casino.exe Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\directsound.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\extgame.dll Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\_patch\package_list.ini.crc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\_patch\package_list.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\fonts\albw.ttf Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Fonts - Latin Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Fonts - Latin.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Lobby Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Lobby.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\packages Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Common Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Common.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Standard Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Blackjack - Standard.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Extgame Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\installed\Extgame.ini Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.pln.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.rub.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.usd.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.zar.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.cad.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.chf.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.cny.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.eur.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.myr.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.pen.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.php.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.pln.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.rub.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.thb.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.uah.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.usd.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips32.zar.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.bd1.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.cad.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.chf.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.cny.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.eur.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.gbp.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.myr.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.pen.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.php.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.pln.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.rub.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.thb.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.uah.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.usd.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\chips.zar.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\downloaddlg.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\exit.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\extgame.en.st.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\history.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\lobby.en.st.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\lobby.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\logos.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\options_new.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\rings.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\table.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\table.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\tables32.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\tbslot.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\action_button.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\card.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\cards32.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino32.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino32.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.bd1.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.cad.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.chf.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.cny.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.en.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.en.st.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.eur.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.gbp.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.myr.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.pen.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\rsc\casino.php.rsc Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn000.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn001.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn002.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn003.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn004.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn005.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Las Vegas USA Casino\sounds\cmn007.wav Quarantined Trace.File.LasVegasUSACasino (A)
C:\Program Files\Winferno Quarantined Trace.File.Winferno (A)
C:\Program Files\Free Offers from Freeze.com Quarantined Trace.File.Freeze (A)

Quarantined 108



#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 30 July 2013 - 03:07 AM

 Rootkit ZeroAccess found by Rkill.

 

Don't do any homebanking on this computer. It's heavilly infected.

 

Malware is sometimes very smart in defending itself. I would suggest you post a DSS-log into the forum Virus, Trojan, Spyware, and Malware Removal Logs.

 

:step1: Read this topic: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

:step2: Post a new topic with the DSS-log http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

:step3: A malware expert will help you there. 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 30 July 2013 - 11:04 AM

Thank you so much!!!

 

Drama continued here:

 

http://www.bleepingcomputer.com/forums/t/502752/serious-infection/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users