Jump to content


Photo

Malware


  • This topic is locked This topic is locked
44 replies to this topic

#1 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 31 October 2012 - 07:26 AM

Good day,

For a long time I have had problems with my acer extensa running xp. I suspect there is a virus hidden somewhere.
I haven't used the pc for a few months and now on turning it on I can't get firefox to become my start page.
It keeps giving me orange.fr who are my internet provider, telecoms company.
I have tried re setting in options but it doesn't work.
Out of the blue I got a windows message that they had detected a trojan dos sinoval. q virus and it had been sorted.
I have since ran malware bytes, spybot and kaspersky anti rootkit scan. This found a rootkit and got rid of it but still the problem persists.
Can anybody kindly advise how I can get the pc 100% clean.

The requested log information is as follows:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.30.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Eddie Hooper :: ACER-926C8D0979 [administrator]

Protection: Enabled

31/10/2012 12:27:28
mbam-log-2012-10-31 (12-27-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218820
Time elapsed: 18 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Eddie Hooper at 12:49:06 on 2012-10-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.953.410 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE
C:\Documents and Settings\Eddie Hooper\Application Data\Orange\OrangeInside\one\OrangeInside.exe
C:\Program Files\Orange\MailNotifier\MailNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\DOCUME~1\EDDIEH~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xpp&d=0411&m=extensa_5230
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ToolbarOrange.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775b} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: barre d'outils Orange: {c9a6357b-25cc-4bcf-96c1-78736985d412} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
uRun: [Google Update] "c:\documents and settings\eddie hooper\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EPSON SX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifce.exe /fu "c:\docume~1\eddieh~1\locals~1\temp\E_SF.tmp" /EF "HKCU"
uRun: [orangeinside] c:\documents and settings\eddie hooper\application data\orange\orangeinside\one\OrangeInside.exe
uRun: [MailNotifier] c:\program files\orange\mailnotifier\MailNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\program files\acer\empowering technology\epower\Boot.exe
mRun: [eRecoveryService] c:\program files\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\program files\acer\empowering technology\Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\eddie hooper\application data\orange\orangeinside\src\translateselectedtext_html\translateSelectedText.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A4211D83-58D2-4459-8306-EB771B467B5A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DE1342A5-37CE-44E2-8859-43C6C4C2C2B1} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eddie hooper\application data\mozilla\firefox\profiles\vn7h6agv.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - plugin: c:\documents and settings\eddie hooper\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-29 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-29 676936]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-29 22856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-29 250808]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-4-25 24064]
S3 MEMOQDRV;MemoQ Voice Recorder;c:\windows\system32\drivers\memoqdrv.sys [2011-6-7 18304]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys --> c:\windows\system32\drivers\o2media.sys [?]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys --> c:\windows\system32\drivers\o2sd.sys [?]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2012-10-30 16:23:21 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f27811a-d77d-4b0f-9e57-8ce323df3a0a}\mpengine.dll
2012-10-30 10:50:51 -------- d-----w- c:\program files\Kaspersky Lab
2012-10-30 10:50:51 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-10-30 10:12:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-29 14:34:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:26:58 -------- d-----w- c:\documents and settings\eddie hooper\application data\SUPERAntiSpyware.com
2012-10-29 14:26:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-10-29 14:07:29 -------- d-----w- c:\documents and settings\eddie hooper\application data\Malwarebytes
2012-10-29 14:07:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-29 14:07:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-29 14:07:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:35:39 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-29 13:35:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-29 13:31:37 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-29 11:05:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-29 11:05:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 10:51:34 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-29 10:29:34 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2012-09-24 14:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:50:15.14 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 25/04/2011 22:15:11
System Uptime: 31/10/2012 12:17:37 (0 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel Pentium III Xeon processor | U2E1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 53.059 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.48 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 29/10/2012 11:50:08 - Installed Java™ 6 Update 37
RP98: 29/10/2012 12:12:29 - Software Distribution Service 3.0
RP99: 29/10/2012 13:01:10 - Software Distribution Service 3.0
RP100: 29/10/2012 14:15:06 - Removed AVG 2012
RP101: 29/10/2012 14:16:58 - Removed AVG 2012
RP102: 29/10/2012 14:17:32 - Software Distribution Service 3.0
RP103: 29/10/2012 14:35:30 - Software Distribution Service 3.0
RP104: 29/10/2012 15:48:40 - Software Distribution Service 3.0
RP105: 30/10/2012 07:55:50 - Software Distribution Service 3.0
RP106: 30/10/2012 11:50:50 - Installed Kaspersky Security Scan.
RP107: 30/10/2012 13:20:48 - Software Distribution Service 3.0
RP108: 30/10/2012 17:23:10 - Software Distribution Service 3.0
RP109: 30/10/2012 18:28:43 - Software Distribution Service 3.0
RP110: 30/10/2012 20:26:13 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Acer Empowering Technology
Acer ePower Management
Acer GridVista
Acer Product Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader XI
ALPS Touch Pad Driver
Ask Toolbar
Ask Toolbar Updater
barre d'outils Orange
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
EPSON Web-To-Page
eSobi v2
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Java Auto Updater
Java™ 6 Update 37
Kaspersky Security Scan
Launch Manager
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
msvcrt_installer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Notification Mail
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
Orange Inside
Orange Installeur version 1.2.1.0
Orange Installeur version 1.2.2.0
Orange Installeur version 1.2.5.0
Orange update
QuickBooks Basic Edition 2003
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
ToolbarFR
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
30/10/2012 11:14:55, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
29/10/2012 15:34:37, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
29/10/2012 13:04:13, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
29/10/2012 13:04:02, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).
29/10/2012 13:02:09, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
29/10/2012 13:02:04, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
29/10/2012 13:02:03, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
29/10/2012 11:41:00, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Mant thanks in advance,

Winston 66

EDIT: Please do not start any more topics. I have deleted your other topic.

Edited by Rocket Grannie, 31 October 2012 - 08:58 AM.


#2 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 31 October 2012 - 11:32 AM

Hello winston66,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

#3 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 31 October 2012 - 12:25 PM

Hello winston66,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.



Thanks very much

#4 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 31 October 2012 - 12:26 PM

Thanks very much

#5 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 01 November 2012 - 02:55 AM

Hello winston66,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.





Thanks very much.

#6 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 01 November 2012 - 02:19 PM

Hi winston66 - Welcome to SWI. :hi:

I have since ran malware bytes, spybot and kaspersky anti rootkit scan. This found a rootkit and got rid of it but still the problem persists.

If you still have a copy of these logs on your machine please post them here. That will make it easier to understand what's going on with your computer.

The TDSSKiller report is located at C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.

Can anybody kindly advise how I can get the pc 100% clean.

I will examine your log files carefully. However I cannot guarantee that your machine is totally clean afterwards. With tons of new malware being delivered every day, there is always a small chance that some malicious files might hide successfully from the tools we use.

=====

I strongly recommend that you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
You can find further information here.

To remove it please navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):
  • Ask Toolbar
  • Ask Toolbar Updater

====

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

Note: **Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Note: **If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

=====

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your next post, please
  • Include the logs from TDSSKiller and Malwarebytes Anti-Malware
  • Include the ComboFix log (located at C:\ComboFix.txt)
  • Include the ADWCleaner log
  • Let me know if you're still experiencing problems when changing your start page.


#7 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 02 November 2012 - 07:58 AM

ler

Thanks very much for your assistance.
I have encountered a problem.
I have disabled or deleted all anti virus, mal ware and spyware programs but windows security centre was showing AVG 2012 still running.
I delketyerd this a few days ago in favour of microsoft security essentials.
I couldn't and still can't find the avg program anywhere on the computer so proceeded with the combo but have received a warning that avg is running and to disable it before clicking ok on the instal which has already part downloaded.
I will leave the computer in its current state until I hear from you.

Kind regards,

winston66

#8 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 02 November 2012 - 03:31 PM

Hi again,

I have disabled or deleted all anti virus, mal ware and spyware programs but windows security centre was showing AVG 2012 still running.
I delketyerd this a few days ago in favour of microsoft security essentials.


Please download AVG Remover to your Desktop and execute it. Please read the warning dialog and confirm. After that please try running ComboFix again. Let me know if that resolves the issue.

#9 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 03 November 2012 - 03:31 AM

ler

Thanks once again.
I have tried removing AVG as you suggested and also looked at the avg site.
I have tried about 6 times and it still won't un install.
Could this be infected ?
Incidentally, I don't get any prompt to save it to desktop.
I just get an option to run which I do - there is a black window with white type that opens and then when this has completed I re boot twice.

Best wishes

winston 66

Edited by winston66, 03 November 2012 - 03:31 AM.


#10 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 03 November 2012 - 12:10 PM

Incidentally, I don't get any prompt to save it to desktop.

In Firefox you can right click the link and choose Save Link As. This will do the trick :thumbup: .

I have tried about 6 times and it still won't un install.
Could this be infected ?

Highly unlikely. However it sounds as if you already successfully used the tool. Have you tried ComboFix yet?

I just get an option to run which I do - there is a black window with white type that opens and then when this has completed I re boot twice.

This tool does not have a graphical user interface. It's perfectly normal that you just see that dark Window.

=====

With that said, please repeat the instructions above to run AVG Remover. Use Save Link As and save it to the Desktop and run it. When finished you will find a file named avgremover.txt on your Desktop.

Right-click the file, point to Send To, and then click Compressed (zipped) Folder. You will find a file named avgremover.zip on your Desktop.
Please attach this file to your next post.

Please follow the instructions to run ComboFix. When alerted that AVG is still active, please simply ignore that warning and proceed.

#11 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 03 November 2012 - 04:26 PM

ler Hi and thanks for your reply.

I still can't get rid of avg so have proceeded with combo anyway and have encountgered the following:

It downloads as: Combofix (1).exe

When I run it a window appears saying avg is still running but I click ok anyway.

A new window states that avg is still running and I click ok at my own risk.

When I click ok I get an error:
You cannot rename Combofix as Combofix (1).
Please use another name made up of alphanumerical characters.

How do I do this please.

I enclose the following log:
11:15:15.0609 3292 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:15:16.0156 3292 ============================================================
11:15:16.0156 3292 Current date / time: 2012/10/30 11:15:16.0156
11:15:16.0156 3292 SystemInfo:
11:15:16.0156 3292
11:15:16.0156 3292 OS Version: 5.1.2600 ServicePack: 3.0
11:15:16.0156 3292 Product type: Workstation
11:15:16.0156 3292 ComputerName: ACER-926C8D0979
11:15:16.0156 3292 UserName: Eddie Hooper
11:15:16.0156 3292 Windows directory: C:\WINDOWS
11:15:16.0156 3292 System windows directory: C:\WINDOWS
11:15:16.0156 3292 Processor architecture: Intel x86
11:15:16.0156 3292 Number of processors: 1
11:15:16.0156 3292 Page size: 0x1000
11:15:16.0156 3292 Boot type: Normal boot
11:15:16.0156 3292 ============================================================
11:15:17.0234 3292 BG loaded
11:15:17.0796 3292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:15:17.0937 3292 ============================================================
11:15:17.0937 3292 \Device\Harddisk0\DR0:
11:15:17.0937 3292 MBR partitions:
11:15:17.0937 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
11:15:17.0937 3292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
11:15:17.0937 3292 ============================================================
11:15:18.0093 3292 C: <-> \Device\Harddisk0\DR0\Partition1
11:15:18.0421 3292 D: <-> \Device\Harddisk0\DR0\Partition2
11:15:18.0421 3292 ============================================================
11:15:18.0421 3292 Initialize success
11:15:18.0421 3292 ============================================================
11:16:39.0484 2172 ============================================================
11:16:39.0484 2172 Scan started
11:16:39.0484 2172 Mode: Manual;
11:16:39.0484 2172 ============================================================
11:16:40.0343 2172 ================ Scan system memory ========================
11:16:40.0343 2172 System memory - ok
11:16:40.0359 2172 ================ Scan services =============================
11:16:40.0500 2172 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:16:40.0500 2172 !SASCORE - ok
11:16:40.0906 2172 Abiosdsk - ok
11:16:40.0968 2172 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:16:40.0968 2172 abp480n5 - ok
11:16:40.0968 2172 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:16:40.0968 2172 ACPI - ok
11:16:40.0984 2172 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:16:40.0984 2172 ACPIEC - ok
11:16:41.0140 2172 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:16:41.0343 2172 AdobeFlashPlayerUpdateSvc - ok
11:16:41.0453 2172 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:16:41.0468 2172 adpu160m - ok
11:16:41.0609 2172 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:16:41.0609 2172 aec - ok
11:16:41.0703 2172 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:16:41.0718 2172 AFD - ok
11:16:41.0718 2172 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:16:41.0718 2172 agp440 - ok
11:16:41.0734 2172 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:16:41.0734 2172 agpCPQ - ok
11:16:41.0921 2172 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:16:42.0156 2172 Aha154x - ok
11:16:42.0156 2172 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:16:42.0156 2172 aic78u2 - ok
11:16:42.0171 2172 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:16:42.0171 2172 aic78xx - ok
11:16:42.0187 2172 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:16:42.0187 2172 Alerter - ok
11:16:42.0250 2172 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:16:42.0250 2172 ALG - ok
11:16:42.0281 2172 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:16:42.0281 2172 AliIde - ok
11:16:42.0312 2172 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:16:42.0312 2172 alim1541 - ok
11:16:42.0312 2172 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:16:42.0312 2172 amdagp - ok
11:16:42.0328 2172 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:16:42.0390 2172 amsint - ok
11:16:42.0484 2172 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:16:42.0500 2172 ApfiltrService - ok
11:16:42.0531 2172 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:16:42.0531 2172 AppMgmt - ok
11:16:42.0718 2172 [ 41074707BA49D02E240C7B960217AABE ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
11:16:42.0765 2172 AR5416 - ok
11:16:42.0796 2172 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:16:42.0812 2172 Arp1394 - ok
11:16:42.0843 2172 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:16:42.0843 2172 asc - ok
11:16:42.0859 2172 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:16:42.0859 2172 asc3350p - ok
11:16:42.0906 2172 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:16:42.0921 2172 asc3550 - ok
11:16:43.0093 2172 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:16:43.0515 2172 aspnet_state - ok
11:16:43.0609 2172 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:16:43.0625 2172 AsyncMac - ok
11:16:43.0796 2172 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:16:43.0843 2172 atapi - ok
11:16:43.0843 2172 Atdisk - ok
11:16:43.0875 2172 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:16:43.0875 2172 Atmarpc - ok
11:16:43.0906 2172 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:16:43.0906 2172 AudioSrv - ok
11:16:44.0000 2172 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:16:44.0000 2172 audstub - ok
11:16:44.0031 2172 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:16:44.0093 2172 b57w2k - ok
11:16:44.0218 2172 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:16:44.0218 2172 BcmSqlStartupSvc - ok
11:16:44.0296 2172 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:16:44.0296 2172 Beep - ok
11:16:44.0359 2172 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:16:44.0640 2172 BITS - ok
11:16:44.0765 2172 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:16:44.0765 2172 Browser - ok
11:16:44.0921 2172 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
11:16:44.0921 2172 BUNAgentSvc - ok
11:16:44.0968 2172 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:16:44.0968 2172 cbidf - ok
11:16:44.0984 2172 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:16:44.0984 2172 cbidf2k - ok
11:16:45.0015 2172 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:16:45.0015 2172 CCDECODE - ok
11:16:45.0015 2172 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:16:45.0015 2172 cd20xrnt - ok
11:16:45.0062 2172 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:16:45.0062 2172 Cdaudio - ok
11:16:45.0078 2172 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:16:45.0078 2172 Cdfs - ok
11:16:45.0109 2172 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:16:45.0109 2172 Cdrom - ok
11:16:45.0109 2172 Changer - ok
11:16:45.0171 2172 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:16:45.0171 2172 CiSvc - ok
11:16:45.0281 2172 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:16:45.0296 2172 ClipSrv - ok
11:16:45.0375 2172 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:16:45.0546 2172 clr_optimization_v2.0.50727_32 - ok
11:16:45.0609 2172 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:16:45.0640 2172 CmBatt - ok
11:16:45.0656 2172 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:16:45.0656 2172 CmdIde - ok
11:16:45.0671 2172 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:16:45.0671 2172 Compbatt - ok
11:16:45.0687 2172 COMSysApp - ok
11:16:45.0703 2172 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:16:45.0734 2172 Cpqarray - ok
11:16:45.0781 2172 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:16:45.0781 2172 CryptSvc - ok
11:16:45.0875 2172 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:16:45.0984 2172 dac2w2k - ok
11:16:45.0984 2172 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:16:46.0000 2172 dac960nt - ok
11:16:46.0046 2172 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:16:46.0062 2172 DcomLaunch - ok
11:16:46.0171 2172 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:16:46.0171 2172 Dhcp - ok
11:16:46.0328 2172 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:16:46.0328 2172 Disk - ok
11:16:46.0468 2172 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
11:16:46.0468 2172 DKbFltr - ok
11:16:46.0468 2172 dmadmin - ok
11:16:46.0609 2172 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:16:46.0703 2172 dmboot - ok
11:16:46.0812 2172 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:16:46.0812 2172 dmio - ok
11:16:46.0828 2172 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:16:46.0828 2172 dmload - ok
11:16:46.0921 2172 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:16:46.0921 2172 dmserver - ok
11:16:47.0046 2172 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:16:47.0046 2172 DMusic - ok
11:16:47.0218 2172 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:16:47.0218 2172 Dnscache - ok
11:16:47.0296 2172 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:16:47.0312 2172 Dot3svc - ok
11:16:47.0359 2172 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:16:47.0359 2172 dpti2o - ok
11:16:47.0421 2172 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:16:47.0421 2172 drmkaud - ok
11:16:47.0484 2172 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:16:47.0484 2172 EapHost - ok
11:16:47.0531 2172 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:16:47.0531 2172 ERSvc - ok
11:16:47.0578 2172 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:16:47.0578 2172 Eventlog - ok
11:16:47.0656 2172 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:16:47.0656 2172 EventSystem - ok
11:16:47.0734 2172 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:16:47.0734 2172 Fastfat - ok
11:16:47.0828 2172 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:16:47.0828 2172 FastUserSwitchingCompatibility - ok
11:16:47.0906 2172 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:16:47.0921 2172 Fax - ok
11:16:47.0968 2172 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:16:47.0968 2172 Fdc - ok
11:16:48.0000 2172 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:16:48.0000 2172 Fips - ok
11:16:48.0078 2172 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:16:48.0078 2172 Flpydisk - ok
11:16:48.0281 2172 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:16:48.0281 2172 FltMgr - ok
11:16:48.0421 2172 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:16:48.0484 2172 FontCache3.0.0.0 - ok
11:16:48.0515 2172 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:16:48.0515 2172 Fs_Rec - ok
11:16:48.0562 2172 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:16:48.0578 2172 Ftdisk - ok
11:16:48.0718 2172 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:16:48.0718 2172 GoogleDesktopManager-080708-050100 - ok
11:16:48.0781 2172 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:16:48.0812 2172 Gpc - ok
11:16:48.0859 2172 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:16:48.0937 2172 gusvc - ok
11:16:49.0000 2172 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:16:49.0000 2172 HDAudBus - ok
11:16:49.0093 2172 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:16:49.0093 2172 helpsvc - ok
11:16:49.0109 2172 HidServ - ok
11:16:49.0156 2172 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:16:49.0187 2172 HidUsb - ok
11:16:49.0250 2172 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:16:49.0281 2172 hkmsvc - ok
11:16:49.0328 2172 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:16:49.0343 2172 hpn - ok
11:16:49.0390 2172 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:16:49.0406 2172 HTTP - ok
11:16:49.0453 2172 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:16:49.0484 2172 HTTPFilter - ok
11:16:49.0515 2172 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:16:49.0515 2172 i2omgmt - ok
11:16:49.0546 2172 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:16:49.0578 2172 i2omp - ok
11:16:49.0640 2172 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:16:49.0640 2172 i8042prt - ok
11:16:49.0843 2172 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:16:49.0843 2172 IAANTMON - ok
11:16:50.0109 2172 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:16:50.0296 2172 ialm - ok
11:16:50.0343 2172 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:16:50.0359 2172 iaStor - ok
11:16:50.0625 2172 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:16:50.0656 2172 idsvc - ok
11:16:50.0734 2172 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:16:50.0734 2172 Imapi - ok
11:16:50.0890 2172 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:16:50.0906 2172 ImapiService - ok
11:16:50.0953 2172 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:16:50.0968 2172 ini910u - ok
11:16:51.0203 2172 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:16:51.0359 2172 IntcAzAudAddService - ok
11:16:51.0406 2172 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:16:51.0406 2172 IntelIde - ok
11:16:51.0421 2172 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:16:51.0421 2172 intelppm - ok
11:16:51.0500 2172 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:16:51.0500 2172 Ip6Fw - ok
11:16:51.0562 2172 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:16:51.0562 2172 IpFilterDriver - ok
11:16:51.0625 2172 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:16:51.0625 2172 IpInIp - ok
11:16:51.0671 2172 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:16:51.0671 2172 IpNat - ok
11:16:51.0750 2172 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:16:51.0781 2172 IPSec - ok
11:16:51.0843 2172 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:16:51.0843 2172 IRENUM - ok
11:16:51.0968 2172 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:16:51.0984 2172 isapnp - ok
11:16:52.0109 2172 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
11:16:52.0125 2172 Iviaspi - ok
11:16:52.0265 2172 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:16:52.0265 2172 IviRegMgr - ok
11:16:52.0562 2172 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:16:52.0562 2172 JavaQuickStarterService - ok
11:16:52.0656 2172 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:16:52.0687 2172 Kbdclass - ok
11:16:52.0718 2172 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:16:52.0718 2172 kmixer - ok
11:16:52.0859 2172 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:16:52.0859 2172 KSecDD - ok
11:16:52.0984 2172 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:16:52.0984 2172 LanmanServer - ok
11:16:53.0218 2172 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:16:53.0234 2172 lanmanworkstation - ok
11:16:53.0234 2172 lbrtfdc - ok
11:16:53.0343 2172 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:16:53.0343 2172 LightScribeService - ok
11:16:53.0578 2172 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:16:53.0578 2172 LmHosts - ok
11:16:53.0625 2172 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:16:53.0625 2172 MBAMProtector - ok
11:16:53.0859 2172 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:16:53.0859 2172 MBAMScheduler - ok
11:16:54.0000 2172 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:16:54.0031 2172 MBAMService - ok
11:16:54.0187 2172 [ A57A3954408687063780055B1EF58296 ] MEMOQDRV C:\WINDOWS\system32\DRIVERS\memoqdrv.sys
11:16:54.0203 2172 MEMOQDRV - ok
11:16:54.0375 2172 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:16:54.0375 2172 Messenger - ok
11:16:54.0484 2172 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:16:54.0515 2172 mnmdd - ok
11:16:54.0546 2172 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:16:54.0546 2172 mnmsrvc - ok
11:16:54.0578 2172 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:16:54.0593 2172 Modem - ok
11:16:54.0671 2172 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:16:54.0687 2172 Mouclass - ok
11:16:54.0859 2172 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:16:54.0875 2172 mouhid - ok
11:16:54.0984 2172 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:16:55.0015 2172 MountMgr - ok
11:16:55.0234 2172 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:16:55.0296 2172 MozillaMaintenance - ok
11:16:55.0468 2172 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:16:55.0703 2172 MpFilter - ok
11:16:56.0609 2172 [ A69630D039C38018689190234F866D77 ] MpKsl4419704a C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D398D0C0-975B-44B1-BC20-967C3391E6C2}\MpKsl4419704a.sys
11:16:56.0609 2172 MpKsl4419704a - ok
11:16:56.0640 2172 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:16:56.0656 2172 mraid35x - ok
11:16:56.0703 2172 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:16:56.0718 2172 MRxDAV - ok
11:16:56.0843 2172 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:16:56.0921 2172 MRxSmb - ok
11:16:56.0968 2172 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:16:56.0984 2172 MSDTC - ok
11:16:57.0000 2172 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:16:57.0000 2172 Msfs - ok
11:16:57.0000 2172 MSIServer - ok
11:16:57.0109 2172 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:16:57.0109 2172 MSKSSRV - ok
11:16:57.0421 2172 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:16:57.0421 2172 MsMpSvc - ok
11:16:57.0468 2172 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:16:57.0468 2172 MSPCLOCK - ok
11:16:57.0796 2172 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:16:57.0796 2172 MSPQM - ok
11:16:57.0875 2172 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:16:57.0875 2172 mssmbios - ok
11:16:58.0437 2172 MSSQL$MSSMLBIZ - ok
11:16:58.0828 2172 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:16:58.0828 2172 MSSQLServerADHelper - ok
11:16:58.0859 2172 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:16:58.0859 2172 MSTEE - ok
11:16:58.0984 2172 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:16:59.0015 2172 Mup - ok
11:16:59.0078 2172 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:16:59.0078 2172 NABTSFEC - ok
11:16:59.0218 2172 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:16:59.0218 2172 napagent - ok
11:16:59.0281 2172 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:16:59.0406 2172 NDIS - ok
11:16:59.0484 2172 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:16:59.0484 2172 NdisIP - ok
11:16:59.0546 2172 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:16:59.0562 2172 NdisTapi - ok
11:16:59.0609 2172 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:16:59.0625 2172 Ndisuio - ok
11:16:59.0625 2172 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:16:59.0640 2172 NdisWan - ok
11:16:59.0718 2172 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:16:59.0734 2172 NDProxy - ok
11:16:59.0859 2172 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:16:59.0875 2172 NetBIOS - ok
11:17:00.0015 2172 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:17:00.0031 2172 NetBT - ok
11:17:00.0062 2172 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:17:00.0078 2172 NetDDE - ok
11:17:00.0078 2172 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:17:00.0078 2172 NetDDEdsdm - ok
11:17:00.0125 2172 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:17:00.0125 2172 Netlogon - ok
11:17:00.0156 2172 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:17:00.0171 2172 Netman - ok
11:17:00.0437 2172 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:17:00.0484 2172 NetTcpPortSharing - ok
11:17:00.0546 2172 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:17:00.0562 2172 NIC1394 - ok
11:17:00.0718 2172 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:17:00.0718 2172 Nla - ok
11:17:00.0828 2172 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:17:00.0843 2172 Npfs - ok
11:17:00.0890 2172 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:17:00.0906 2172 Ntfs - ok
11:17:00.0968 2172 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:17:00.0968 2172 NTIBackupSvc - ok
11:17:01.0000 2172 [ 5535174933A08BB8F1CEE26DFFB930E4 ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
11:17:01.0156 2172 NTIDrvr - ok
11:17:01.0296 2172 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:17:01.0296 2172 NTISchedulerSvc - ok
11:17:01.0343 2172 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:17:01.0343 2172 NtLmSsp - ok
11:17:01.0437 2172 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:17:01.0437 2172 NtmsSvc - ok
11:17:01.0468 2172 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:17:01.0468 2172 Null - ok
11:17:01.0531 2172 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:17:01.0546 2172 NwlnkFlt - ok
11:17:01.0562 2172 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:17:01.0562 2172 NwlnkFwd - ok
11:17:01.0562 2172 O2MDRDR - ok
11:17:01.0578 2172 O2SDRDR - ok
11:17:01.0968 2172 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:17:02.0031 2172 odserv - ok
11:17:02.0078 2172 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:17:02.0078 2172 ohci1394 - ok
11:17:02.0468 2172 [ FD209F8C2562C351F7A25B4FFCD8F856 ] Orange update Core Service C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
11:17:02.0500 2172 Orange update Core Service - ok
11:17:02.0593 2172 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:02.0593 2172 ose - ok
11:17:02.0734 2172 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:17:02.0750 2172 Parport - ok
11:17:02.0875 2172 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:17:02.0875 2172 PartMgr - ok
11:17:02.0953 2172 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:17:02.0953 2172 ParVdm - ok
11:17:02.0968 2172 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:17:02.0968 2172 PCI - ok
11:17:02.0968 2172 PCIDump - ok
11:17:02.0984 2172 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:17:02.0984 2172 PCIIde - ok
11:17:03.0000 2172 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:17:03.0000 2172 Pcmcia - ok
11:17:03.0015 2172 PDCOMP - ok
11:17:03.0015 2172 PDFRAME - ok
11:17:03.0031 2172 PDRELI - ok
11:17:03.0031 2172 PDRFRAME - ok
11:17:03.0046 2172 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:17:03.0046 2172 perc2 - ok
11:17:03.0062 2172 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:17:03.0062 2172 perc2hib - ok
11:17:03.0250 2172 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:17:03.0250 2172 PlugPlay - ok
11:17:03.0296 2172 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:17:03.0296 2172 PolicyAgent - ok
11:17:03.0406 2172 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:17:03.0406 2172 PptpMiniport - ok
11:17:03.0406 2172 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:17:03.0406 2172 ProtectedStorage - ok
11:17:03.0453 2172 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:17:03.0453 2172 PSched - ok
11:17:03.0515 2172 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:17:03.0515 2172 PSI_SVC_2 - ok
11:17:03.0531 2172 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:17:03.0531 2172 Ptilink - ok
11:17:03.0578 2172 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:17:03.0593 2172 ql1080 - ok
11:17:03.0593 2172 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:17:03.0625 2172 Ql10wnt - ok
11:17:03.0656 2172 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:17:03.0687 2172 ql12160 - ok
11:17:03.0687 2172 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:17:03.0718 2172 ql1240 - ok
11:17:03.0718 2172 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:17:03.0750 2172 ql1280 - ok
11:17:03.0765 2172 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:17:03.0781 2172 RasAcd - ok
11:17:03.0859 2172 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:17:03.0859 2172 RasAuto - ok
11:17:03.0890 2172 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:17:03.0890 2172 Rasl2tp - ok
11:17:03.0921 2172 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:17:03.0937 2172 RasMan - ok
11:17:03.0937 2172 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:17:03.0937 2172 RasPppoe - ok
11:17:03.0968 2172 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:17:03.0968 2172 Raspti - ok
11:17:04.0046 2172 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:17:04.0046 2172 Rdbss - ok
11:17:04.0078 2172 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:17:04.0078 2172 RDPCDD - ok
11:17:04.0093 2172 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:17:04.0093 2172 rdpdr - ok
11:17:04.0171 2172 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:17:04.0171 2172 RDPWD - ok
11:17:04.0281 2172 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:17:04.0281 2172 RDSessMgr - ok
11:17:04.0343 2172 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:17:04.0343 2172 redbook - ok
11:17:04.0406 2172 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
11:17:04.0406 2172 regi - ok
11:17:04.0515 2172 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:17:04.0515 2172 RemoteAccess - ok
11:17:04.0671 2172 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:17:04.0671 2172 RemoteRegistry - ok
11:17:04.0750 2172 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:17:04.0765 2172 RpcLocator - ok
11:17:04.0812 2172 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:17:04.0812 2172 RpcSs - ok
11:17:04.0859 2172 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:17:04.0859 2172 RSVP - ok
11:17:04.0953 2172 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:17:04.0953 2172 SamSs - ok
11:17:05.0015 2172 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:17:05.0015 2172 SASDIFSV - ok
11:17:05.0109 2172 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:17:05.0109 2172 SASKUTIL - ok
11:17:05.0171 2172 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:17:05.0171 2172 SCardSvr - ok
11:17:05.0218 2172 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:17:05.0218 2172 Schedule - ok
11:17:05.0375 2172 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:17:05.0375 2172 sdbus - ok
11:17:05.0421 2172 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:17:05.0421 2172 Secdrv - ok
11:17:05.0453 2172 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:17:05.0453 2172 seclogon - ok
11:17:05.0468 2172 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:17:05.0484 2172 SENS - ok
11:17:05.0500 2172 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:17:05.0515 2172 Serial - ok
11:17:05.0578 2172 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:17:05.0609 2172 Sfloppy - ok
11:17:05.0656 2172 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:17:05.0656 2172 SharedAccess - ok
11:17:05.0687 2172 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:17:05.0687 2172 ShellHWDetection - ok
11:17:05.0703 2172 Simbad - ok
11:17:05.0796 2172 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:17:05.0796 2172 sisagp - ok
11:17:05.0906 2172 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:17:05.0921 2172 SLIP - ok
11:17:05.0968 2172 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:17:05.0984 2172 Sparrow - ok
11:17:06.0156 2172 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:17:06.0171 2172 splitter - ok
11:17:06.0203 2172 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:17:06.0203 2172 Spooler - ok
11:17:06.0296 2172 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:17:06.0312 2172 SQLBrowser - ok
11:17:06.0343 2172 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:17:06.0343 2172 SQLWriter - ok
11:17:06.0390 2172 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:17:06.0421 2172 sr - ok
11:17:06.0453 2172 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:17:06.0515 2172 srservice - ok
11:17:06.0546 2172 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:17:06.0562 2172 Srv - ok
11:17:06.0593 2172 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:17:06.0593 2172 SSDPSRV - ok
11:17:06.0656 2172 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:17:06.0687 2172 stisvc - ok
11:17:06.0718 2172 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:17:06.0750 2172 streamip - ok
11:17:06.0781 2172 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:17:06.0812 2172 swenum - ok
11:17:06.0859 2172 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:17:06.0875 2172 swmidi - ok
11:17:06.0875 2172 SwPrv - ok
11:17:06.0890 2172 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:17:06.0921 2172 symc810 - ok
11:17:06.0953 2172 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:17:06.0984 2172 symc8xx - ok
11:17:06.0984 2172 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:17:07.0015 2172 sym_hi - ok
11:17:07.0015 2172 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:17:07.0046 2172 sym_u3 - ok
11:17:07.0093 2172 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:07.0109 2172 sysaudio - ok
11:17:07.0156 2172 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:17:07.0171 2172 SysmonLog - ok
11:17:07.0234 2172 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:17:07.0250 2172 TapiSrv - ok
11:17:07.0281 2172 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:17:07.0296 2172 Tcpip - ok
11:17:07.0328 2172 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:17:07.0343 2172 TDPIPE - ok
11:17:07.0375 2172 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:17:07.0375 2172 TDTCP - ok
11:17:07.0406 2172 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:17:07.0437 2172 TermDD - ok
11:17:07.0500 2172 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:17:07.0500 2172 TermService - ok
11:17:07.0531 2172 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:17:07.0531 2172 Themes - ok
11:17:07.0546 2172 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:17:07.0562 2172 TlntSvr - ok
11:17:07.0593 2172 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:17:07.0625 2172 TosIde - ok
11:17:07.0640 2172 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\WINDOWS\system32\DRIVERS\TpChoice.sys
11:17:07.0703 2172 TpChoice - ok
11:17:07.0718 2172 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:17:07.0718 2172 TrkWks - ok
11:17:07.0734 2172 [ 5E3966A0D9B57531264FC0C835021FA1 ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
11:17:07.0796 2172 UBHelper - ok
11:17:07.0812 2172 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:17:07.0812 2172 Udfs - ok
11:17:07.0828 2172 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:17:07.0828 2172 ultra - ok
11:17:08.0000 2172 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:17:08.0015 2172 Update - ok
11:17:08.0078 2172 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:17:08.0078 2172 upnphost - ok
11:17:08.0171 2172 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:17:08.0171 2172 UPS - ok
11:17:08.0312 2172 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:17:08.0312 2172 usbccgp - ok
11:17:08.0484 2172 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:17:08.0500 2172 usbehci - ok
11:17:08.0562 2172 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:17:08.0562 2172 usbhub - ok
11:17:08.0671 2172 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:17:08.0671 2172 usbprint - ok
11:17:08.0750 2172 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:17:08.0750 2172 usbscan - ok
11:17:08.0765 2172 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:17:08.0765 2172 USBSTOR - ok
11:17:08.0843 2172 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:17:08.0843 2172 usbuhci - ok
11:17:08.0984 2172 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:17:08.0984 2172 usbvideo - ok
11:17:09.0062 2172 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:17:09.0078 2172 VgaSave - ok
11:17:09.0171 2172 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:17:09.0171 2172 viaagp - ok
11:17:09.0187 2172 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:17:09.0187 2172 ViaIde - ok
11:17:09.0187 2172 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:17:09.0203 2172 VolSnap - ok
11:17:09.0250 2172 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:17:09.0250 2172 VSS - ok
11:17:09.0296 2172 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:17:09.0296 2172 W32Time - ok
11:17:09.0328 2172 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:17:09.0328 2172 Wanarp - ok
11:17:09.0390 2172 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:17:09.0406 2172 Wdf01000 - ok
11:17:09.0406 2172 WDICA - ok
11:17:09.0484 2172 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:09.0484 2172 wdmaud - ok
11:17:09.0703 2172 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:17:09.0718 2172 WebClient - ok
11:17:09.0875 2172 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:17:09.0890 2172 winmgmt - ok
11:17:10.0015 2172 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:17:10.0015 2172 WmdmPmSN - ok
11:17:10.0078 2172 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:17:10.0078 2172 Wmi - ok
11:17:10.0125 2172 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:17:10.0125 2172 WmiAcpi - ok
11:17:10.0171 2172 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:17:10.0171 2172 WmiApSrv - ok
11:17:10.0265 2172 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:17:10.0265 2172 wscsvc - ok
11:17:10.0312 2172 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:17:10.0312 2172 WSTCODEC - ok
11:17:10.0359 2172 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:17:10.0359 2172 wuauserv - ok
11:17:10.0437 2172 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:17:10.0531 2172 WZCSVC - ok
11:17:10.0531 2172 xcpip - ok
11:17:10.0546 2172 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:17:10.0562 2172 xmlprov - ok
11:17:10.0562 2172 xpsec - ok
11:17:10.0578 2172 ================ Scan global ===============================
11:17:10.0625 2172 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:10.0671 2172 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:10.0734 2172 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:10.0781 2172 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:17:10.0781 2172 [Global] - ok
11:17:10.0796 2172 ================ Scan MBR ==================================
11:17:10.0859 2172 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
11:17:13.0593 2172 \Device\Harddisk0\DR0 - ok
11:17:13.0593 2172 ================ Scan VBR ==================================
11:17:13.0593 2172 [ BC4749E89EE9915D0E2FC08C0D2D40B6 ] \Device\Harddisk0\DR0\Partition1
11:17:13.0593 2172 \Device\Harddisk0\DR0\Partition1 - ok
11:17:13.0640 2172 [ 11857727105556DFE3CE603245B0CD86 ] \Device\Harddisk0\DR0\Partition2
11:17:13.0640 2172 \Device\Harddisk0\DR0\Partition2 - ok
11:17:13.0640 2172 ============================================================
11:17:13.0640 2172 Scan finished
11:17:13.0640 2172 ============================================================
11:17:13.0687 2140 Detected object count: 0
11:17:13.0687 2140 Actual detected object count: 0
11:17:34.0953 3064 Deinitialize success

and the avg one aswell:

2012-11-03 18:44:21,250 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-11-03 18:44:21,265 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-11-03 18:44:21,265 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-11-03 18:44:21,265 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-11-03 18:44:21,265 INFO Command line: "C:\Documents and Settings\Eddie Hooper\Desktop\avg_remover_stf_x86_2012_2125.exe"
2012-11-03 18:44:21,265 WARN AvgDir param empty.
2012-11-03 18:44:21,265 WARN AvgDataDir param empty.
2012-11-03 18:44:26,531 INFO AvgRemover runs in attempt number 1
2012-11-03 18:44:26,531 INFO Attempting to unregister AVG from the Windows Security Center.
2012-11-03 18:44:26,531 INFO Attempting to uninstall AVG Identity Protection.
2012-11-03 18:44:26,546 INFO Attempting to uninstall toolbar
2012-11-03 18:44:26,546 INFO ***** Msi data *****
2012-11-03 18:44:26,546 DEBUG No product code found for our upgrade codes, nothing to do here
2012-11-03 18:44:26,546 INFO ***** Exchange&Outlook plugins data *****
2012-11-03 18:44:26,546 INFO Removing AvgOutlook addin
2012-11-03 18:44:26,546 INFO AvgOutlook Removing HKCR addin keys x86
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-11-03 18:44:26,546 INFO AvgOutlook Removing HKCR addin keys x64
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-11-03 18:44:26,546 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-11-03 18:44:26,546 INFO Removing Sharepoint plugin if exists
2012-11-03 18:44:26,546 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-11-03 18:44:26,546 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-11-03 18:44:26,546 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2012-11-03 18:44:26,546 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2012-11-03 18:44:26,546 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2012-11-03 18:44:26,546 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2012-11-03 18:44:26,546 INFO ***** Services *****
2012-11-03 18:44:26,546 INFO Processing service avg8emc, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service avgfws8, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service avg8wd, it can take several minutes...
2012-11-03 18:44:26,546 INFO Service avg8wd is not installed
2012-11-03 18:44:26,546 DEBUG Service avg8wd RegCleanup
2012-11-03 18:44:26,546 DEBUG Registry keys for service avg8wd are not present
2012-11-03 18:44:26,546 INFO Service avg8emc is not installed
2012-11-03 18:44:26,546 INFO Processing service AvgWFPx, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service AvgWFPa, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service avg9wd, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service AvgMfx86, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service AvgMfx64, it can take several minutes...
2012-11-03 18:44:26,546 INFO Processing service AvgLdx86, it can take several minutes...
2012-11-03 18:44:26,546 INFO Service avgfws8 is not installed
2012-11-03 18:44:26,562 DEBUG Service avgfws8 RegCleanup
2012-11-03 18:44:26,562 DEBUG Registry keys for service avgfws8 are not present
2012-11-03 18:44:26,562 DEBUG Service avg8emc RegCleanup
2012-11-03 18:44:26,562 DEBUG Registry keys for service avg8emc are not present
2012-11-03 18:44:26,562 INFO Processing service AvgLdx64, it can take several minutes...
2012-11-03 18:44:26,562 INFO Processing service AvgTdiX, it can take several minutes...
2012-11-03 18:44:26,562 INFO Processing service AvgTdiA, it can take several minutes...
2012-11-03 18:44:26,562 INFO Processing service AvgWfpX, it can take several minutes...
2012-11-03 18:44:26,562 INFO Processing service AvgWfpA, it can take several minutes...
2012-11-03 18:44:26,562 INFO Processing service AvgRkx86, it can take several minutes...
2012-11-03 18:44:26,562 INFO Service AvgWFPx is not installed
2012-11-03 18:44:26,562 DEBUG Service AvgWFPx RegCleanup
2012-11-03 18:44:26,562 DEBUG Registry keys for service AvgWFPx are not present
2012-11-03 18:44:26,562 INFO Service AvgWFPa is not installed
2012-11-03 18:44:26,562 INFO Service avg9wd is not installed
2012-11-03 18:44:26,562 INFO Service AvgMfx86 is not installed
2012-11-03 18:44:26,562 INFO Service AvgMfx64 is not installed
2012-11-03 18:44:26,578 INFO Service AvgLdx64 is not installed
2012-11-03 18:44:26,578 INFO Processing service AvgRkx64, it can take several minutes...
2012-11-03 18:44:26,578 INFO Processing service avg9emc, it can take several minutes...
2012-11-03 18:44:26,578 INFO Processing service avgfws9, it can take several minutes...
2012-11-03 18:44:26,578 INFO Processing service avgfws, it can take several minutes...
2012-11-03 18:44:26,578 INFO Processing service AVGIDSAgent, it can take several minutes...
2012-11-03 18:44:26,578 INFO Processing service AVGIDSWatcher, it can take several minutes...
2012-11-03 18:44:26,578 INFO Service AVGIDSWatcher is not installed
2012-11-03 18:44:26

#12 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 03 November 2012 - 05:33 PM

Hi,

It downloads as: Combofix (1).exe


That's because the directory already contained a copy of ComboFix when you tried to download it again. Unfortunately you cannot run ComboFix when its file name contains special characters. Please delete all copies of ComboFix from your Desktop, download a fresh copy and make sure its name is Combofix.exe before you execute it.

#13 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 04 November 2012 - 05:09 AM

Hi ler,

Apologies for the combo. I should have worked that out myself. You have probably gathered, I'm not too goog at this kind of stuff.

The combo log is posted below:

ComboFix 12-11-04.01 - Eddie Hooper 04/11/2012 10:53:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.953.485 [GMT 1:00]
Running from: c:\documents and settings\Eddie Hooper\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\system32\Cache\055c4f43c2d2428c.fb
c:\windows\system32\Cache\0d7a84ec3841a2b0.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ae593bea84aec54b.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Temp\log.txt
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-03 18:59 . 2012-10-11 21:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCAA6362-1866-45FC-AED6-570C76BF1042}\mpengine.dll
2012-11-03 08:20 . 2012-11-03 08:20 -------- d-----w- c:\windows\system32\LogFiles
2012-11-03 08:06 . 2012-11-03 08:06 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\MFAData
2012-11-03 08:06 . 2012-11-03 08:06 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Avg2013
2012-11-02 11:38 . 2012-11-02 11:38 -------- d-----w- c:\windows\system32\NtmsData
2012-11-02 10:45 . 2012-10-11 21:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-30 10:12 . 2012-10-30 10:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-29 14:07 . 2012-10-29 14:07 -------- d-----w- c:\documents and settings\Eddie Hooper\Application Data\Malwarebytes
2012-10-29 14:07 . 2012-10-29 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 13:35 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-29 13:31 . 2012-10-29 13:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-29 11:09 . 2012-10-29 11:10 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-29 11:05 . 2012-10-29 11:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-29 11:05 . 2012-10-29 11:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 11:01 . 2012-10-29 11:01 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Mozilla
2012-10-29 11:01 . 2012-10-29 11:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-29 10:51 . 2012-10-29 10:51 -------- d-----w- c:\program files\Common Files\Java
2012-10-29 10:51 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-29 10:29 . 2012-10-29 13:16 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 14:32 . 2012-05-08 17:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2011-08-09 14:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-05-08 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:03 . 2012-08-30 21:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2008-04-23 04:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-08-14 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-23 04:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 04:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 04:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-10-29 11:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"orangeinside"="c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
"MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-08 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-04-25 24064]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2011-4-25 45056]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-5-9 651264]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 06:42 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 11:03 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19:09 11032]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [20/05/2011 10:13 1055872]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/04/2011 21:19 24064]
S3 MEMOQDRV;MemoQ Voice Recorder;c:\windows\system32\drivers\memoqdrv.sys [07/06/2011 17:06 18304]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys --> c:\windows\system32\DRIVERS\o2media.sys [?]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys --> c:\windows\system32\DRIVERS\o2sd.sys [?]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26/12/2007 06:23 17968]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 11:05]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008Core.job
- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 12:31]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008UA.job
- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 12:31]
.
2012-11-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
2012-11-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-04-26 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - user.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-29510466.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxext.exe
c:\docume~1\EDDIEH~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-11-04 11:00:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-04 10:00
.
Pre-Run: 57,002,315,776 bytes free
Post-Run: 57,331,609,600 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3FC84015FC8A8DD4B2E5BCD1A81960FA


And the ADW cleaner is here. I've only done the search. Do I need to delete aswell ?

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 11:06:49
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Ask

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\SearchBar.Client
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKU\S-1-5-21-3921896784-1015831755-3862374435-1008\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

Found : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2118 octets] - [04/11/2012 11:06:49]

########## EOF - C:\AdwCleaner[R1].txt - [2178 octets] ##########

Kind regards,

winston66

ps I still cannot get the computer to open on the firefox start page.

Is there something basic I am not doing.

When I click on tools and options and click restore to default "Mozilla Firefox Start Page" appears but it is in faint grey type and doesn't action.

Regards,

winston66

Edited by winston66, 04 November 2012 - 05:18 AM.


#14 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 06 November 2012 - 02:49 AM

Hi winston66,

Please follow these instructions to remove the remaining malicious entries:
  • Please close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
Please Note: Do not use any other text editor than Notepad or the CFScript will fail.

Driver::
O2MDRDR
O2SDRDR

DDS::
Trusted Zone: orange.fr\logicielsgratuits

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

ClearJavaCache::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

=====

And the ADW cleaner is here. I've only done the search. Do I need to delete aswell ?

AdwCleaner found a couple of entries belonging to Ask Toolbar. Did you uninstall Ask Toolbar like I've suggested above?

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

=====

Please download TDSSKiller.exe to your Desktop

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

====

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the Posted Image to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

====

In your next post, please
  • Include the ComboFix log
  • Include the AdwCleaner log
  • Include the TDSSKiller log
  • Include the ESET log
  • Describe any remaining issues with this machine


#15 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 06 November 2012 - 05:58 AM

Hi ler and thanks for the instructions.

I enclose the new Combofix log with the CF Script overlay below:
However, this time it told me that microsft security essentials was running but it is definitely showing as disabled ?

ComboFix 12-11-05.03 - Eddie Hooper 06/11/2012 11:49:03.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.953.543 [GMT 1:00]
Running from: c:\documents and settings\Eddie Hooper\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Eddie Hooper\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_O2MDRDR
-------\Service_O2SDRDR
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 09:35 . 2012-10-11 21:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8656DB7-472D-47ED-A91B-339CFBC8D8B0}\mpengine.dll
2012-11-05 09:09 . 2012-10-11 21:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-03 08:20 . 2012-11-03 08:20 -------- d-----w- c:\windows\system32\LogFiles
2012-11-03 08:06 . 2012-11-03 08:06 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\MFAData
2012-11-03 08:06 . 2012-11-03 08:06 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Avg2013
2012-11-02 11:38 . 2012-11-02 11:38 -------- d-----w- c:\windows\system32\NtmsData
2012-10-30 10:12 . 2012-10-30 10:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-29 14:07 . 2012-10-29 14:07 -------- d-----w- c:\documents and settings\Eddie Hooper\Application Data\Malwarebytes
2012-10-29 14:07 . 2012-10-29 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 13:35 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-29 13:31 . 2012-10-29 13:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-29 11:09 . 2012-10-29 11:10 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-29 11:05 . 2012-10-29 11:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-29 11:05 . 2012-10-29 11:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 11:01 . 2012-10-29 11:01 -------- d-----w- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Mozilla
2012-10-29 11:01 . 2012-10-29 11:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-29 10:51 . 2012-10-29 10:51 -------- d-----w- c:\program files\Common Files\Java
2012-10-29 10:51 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-29 10:29 . 2012-10-29 13:16 -------- d-----w- C:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 14:32 . 2012-05-08 17:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 14:32 . 2011-08-09 14:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 12:51 . 2012-05-08 17:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:03 . 2012-08-30 21:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2008-04-23 04:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-08-14 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-23 04:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 04:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 04:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-24 17:50 . 2012-10-29 11:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"orangeinside"="c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
"MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-08 178712]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-04-25 24064]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 196608]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2011-4-25 45056]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-5-9 651264]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
.
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 06:42 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 11:03 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 19:09 11032]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [20/05/2011 10:13 1055872]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/04/2011 21:19 24064]
S3 MEMOQDRV;MemoQ Voice Recorder;c:\windows\system32\drivers\memoqdrv.sys [07/06/2011 17:06 18304]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26/12/2007 06:23 17968]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-29 11:05]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008Core.job
- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 12:31]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008UA.job
- c:\documents and settings\Eddie Hooper\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-25 12:31]
.
2012-11-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25]
.
2012-11-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-04-26 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: traduire la page - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\Eddie Hooper\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - user.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 11:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\igfxext.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\docume~1\EDDIEH~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-11-06 11:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-06 10:56
ComboFix2.txt 2012-11-06 10:11
ComboFix3.txt 2012-11-04 10:00
.
Pre-Run: 57,087,971,328 bytes free
Post-Run: 57,070,112,768 bytes free
.
- - End Of File - - 5A7442FDE07A18C73B4704776E753C3B

Here's the adw cleaner log:

# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########



# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########


# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########






# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########


# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########







# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########




# AdwCleaner v2.006 - Logfile created 11/06/2012 at 12:00:19
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Eddie Hooper - ACER-926C8D0979
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Eddie Hooper\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js

C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2247 octets] - [04/11/2012 11:06:49]
AdwCleaner[S1].txt - [2301 octets] - [06/11/2012 11:32:27]
AdwCleaner[S2].txt - [1196 octets] - [06/11/2012 12:00:19]

########## EOF - C:\AdwCleaner[S2].txt - [1256 octets] ##########

Now this is really odd.
I ran the TDSS Killer and I couldn't copy and paste the report.
At first the ADWCleaner log was continually pasting - ie it didn't clear when I pasted it on here and the only way i could get rid of it was to re boot the pc.

And now I can't copy the TDSS Killer report. I right click the mouse and nothing happens the script just remains highlighted ??????????

I have downloaded the ESET scanner and it has run and not detected any threats.
However I was unable to download to desktop (is there a method for this without prompts ?, and never got the icon or the List of Threats, Export, or Back buttons.

Sorry I keep running into problems.

Regards,

winston66

Edited by winston66, 06 November 2012 - 12:19 PM.


#16 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 06 November 2012 - 04:51 PM

Now this is really odd.
I ran the TDSS Killer and I couldn't copy and paste the report.
Ar first the ADWCleaner log was continually pasting - ie it didn't clear when I pasted it on here and the only way i could get rid of it was to re boot the pc.

And now I can't copy the TDSS Killer report. I right click the mouse and nothing happens the script just remains highlighted ??????????


Do you have still problems with the clipboard? Sounds as if an application locks it.

Please download GetOpenClipboardWindow.zip to your Desktop. Please right-click GetOpenClipboardWindow.zip, click Extract All and follow the instructions. You will find a new folder named GetOpenClipboardWindow on your Desktop. Please open this folder and run GetOpenClipboardWindow.exe. Please post back what it reports.

Apart from that, how is your computer running at the moment? Were you able to change the start page in Firefox or is it still locked?

#17 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 07 November 2012 - 02:48 AM

Hi ler

I ran the program as requested and it did not report any problems.

I will try all the action s that you asked for in the previous post and see what happens this time.

The Firefox situation is still the same.

Regards,

winston 66

I have tried the TDSS Killer again and still the same pasting problem.

Let me check that I am completing the actions properly.

I right click on your link "Get Open clipboard window.zip and in the window that opens I click "save link as"

In the window that opens I save this file to desktop and then follow the instructions.

Something is blocking the copy and paste function on Killer. Could it be a virus.

Incidentally, I have looked in the history section of microsoft security essentials and the trojan virus that i mentioned earlier is quarantined there.

Regards,

winston66

ps On that copy and pasting problem. The other programs that you asked me to save to desktop all copy and paste okay.

regards,

winston66


Hi ler

Look what I have found, the original log of the TDSS Killer with the root virus :

11:12:00.0562 5256 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:12:00.0984 5256 ============================================================
11:12:00.0984 5256 Current date / time: 2012/10/30 11:12:00.0984
11:12:00.0984 5256 SystemInfo:
11:12:00.0984 5256
11:12:00.0984 5256 OS Version: 5.1.2600 ServicePack: 3.0
11:12:00.0984 5256 Product type: Workstation
11:12:00.0984 5256 ComputerName: ACER-926C8D0979
11:12:00.0984 5256 UserName: Eddie Hooper
11:12:00.0984 5256 Windows directory: C:\WINDOWS
11:12:00.0984 5256 System windows directory: C:\WINDOWS
11:12:00.0984 5256 Processor architecture: Intel x86
11:12:00.0984 5256 Number of processors: 1
11:12:00.0984 5256 Page size: 0x1000
11:12:00.0984 5256 Boot type: Normal boot
11:12:00.0984 5256 ============================================================
11:12:03.0296 5256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:03.0312 5256 ============================================================
11:12:03.0312 5256 \Device\Harddisk0\DR0:
11:12:03.0312 5256 MBR partitions:
11:12:03.0312 5256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
11:12:03.0312 5256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
11:12:03.0312 5256 ============================================================
11:12:03.0343 5256 C: <-> \Device\Harddisk0\DR0\Partition1
11:12:03.0406 5256 D: <-> \Device\Harddisk0\DR0\Partition2
11:12:03.0406 5256 ============================================================
11:12:03.0406 5256 Initialize success
11:12:03.0406 5256 ============================================================
11:12:18.0796 4460 ============================================================
11:12:18.0796 4460 Scan started
11:12:18.0796 4460 Mode: Manual;
11:12:18.0796 4460 ============================================================
11:12:18.0937 4460 ================ Scan system memory ========================
11:12:19.0796 4460 System memory - ok
11:12:19.0796 4460 ================ Scan services =============================
11:12:19.0890 4460 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:12:19.0890 4460 !SASCORE - ok
11:12:20.0046 4460 Abiosdsk - ok
11:12:20.0078 4460 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:12:20.0078 4460 abp480n5 - ok
11:12:20.0078 4460 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:12:20.0093 4460 ACPI - ok
11:12:20.0093 4460 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:12:20.0093 4460 ACPIEC - ok
11:12:20.0171 4460 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:12:20.0171 4460 AdobeFlashPlayerUpdateSvc - ok
11:12:20.0171 4460 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:12:20.0187 4460 adpu160m - ok
11:12:20.0218 4460 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:12:20.0218 4460 aec - ok
11:12:20.0250 4460 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:12:20.0250 4460 AFD - ok
11:12:20.0265 4460 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:12:20.0265 4460 agp440 - ok
11:12:20.0281 4460 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:12:20.0281 4460 agpCPQ - ok
11:12:20.0281 4460 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:12:20.0281 4460 Aha154x - ok
11:12:20.0296 4460 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:12:20.0296 4460 aic78u2 - ok
11:12:20.0312 4460 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:12:20.0328 4460 aic78xx - ok
11:12:20.0375 4460 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:12:20.0375 4460 Alerter - ok
11:12:20.0406 4460 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:12:20.0406 4460 ALG - ok
11:12:20.0421 4460 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:12:20.0421 4460 AliIde - ok
11:12:20.0437 4460 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:12:20.0437 4460 alim1541 - ok
11:12:20.0437 4460 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:12:20.0453 4460 amdagp - ok
11:12:20.0453 4460 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:12:20.0468 4460 amsint - ok
11:12:20.0500 4460 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:12:20.0500 4460 ApfiltrService - ok
11:12:20.0531 4460 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:12:20.0531 4460 AppMgmt - ok
11:12:20.0609 4460 [ 41074707BA49D02E240C7B960217AABE ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
11:12:20.0671 4460 AR5416 - ok
11:12:20.0703 4460 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:12:20.0703 4460 Arp1394 - ok
11:12:20.0718 4460 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:12:20.0718 4460 asc - ok
11:12:20.0718 4460 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:12:20.0718 4460 asc3350p - ok
11:12:20.0734 4460 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:12:20.0734 4460 asc3550 - ok
11:12:20.0906 4460 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:12:20.0906 4460 aspnet_state - ok
11:12:20.0953 4460 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:12:20.0953 4460 AsyncMac - ok
11:12:20.0968 4460 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:12:20.0968 4460 atapi - ok
11:12:20.0968 4460 Atdisk - ok
11:12:21.0031 4460 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:12:21.0031 4460 Atmarpc - ok
11:12:21.0093 4460 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:12:21.0093 4460 AudioSrv - ok
11:12:21.0156 4460 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:12:21.0156 4460 audstub - ok
11:12:21.0203 4460 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:12:21.0203 4460 b57w2k - ok
11:12:21.0312 4460 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:12:21.0328 4460 BcmSqlStartupSvc - ok
11:12:21.0343 4460 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:12:21.0343 4460 Beep - ok
11:12:21.0406 4460 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:12:21.0421 4460 BITS - ok
11:12:21.0453 4460 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:12:21.0453 4460 Browser - ok
11:12:21.0500 4460 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
11:12:21.0500 4460 BUNAgentSvc - ok
11:12:21.0546 4460 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:12:21.0546 4460 cbidf - ok
11:12:21.0562 4460 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:12:21.0562 4460 cbidf2k - ok
11:12:21.0593 4460 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:12:21.0593 4460 CCDECODE - ok
11:12:21.0609 4460 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:12:21.0609 4460 cd20xrnt - ok
11:12:21.0640 4460 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:12:21.0640 4460 Cdaudio - ok
11:12:21.0640 4460 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:12:21.0656 4460 Cdfs - ok
11:12:21.0671 4460 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:12:21.0671 4460 Cdrom - ok
11:12:21.0671 4460 Changer - ok
11:12:21.0718 4460 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:12:21.0718 4460 CiSvc - ok
11:12:21.0734 4460 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:12:21.0734 4460 ClipSrv - ok
11:12:21.0781 4460 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:21.0812 4460 clr_optimization_v2.0.50727_32 - ok
11:12:21.0843 4460 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:12:21.0843 4460 CmBatt - ok
11:12:21.0843 4460 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:12:21.0843 4460 CmdIde - ok
11:12:21.0859 4460 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:12:21.0859 4460 Compbatt - ok
11:12:21.0875 4460 COMSysApp - ok
11:12:21.0890 4460 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:12:21.0890 4460 Cpqarray - ok
11:12:21.0921 4460 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:12:21.0921 4460 CryptSvc - ok
11:12:21.0937 4460 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:12:21.0937 4460 dac2w2k - ok
11:12:21.0953 4460 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:12:21.0953 4460 dac960nt - ok
11:12:21.0984 4460 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:12:22.0000 4460 DcomLaunch - ok
11:12:22.0031 4460 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:12:22.0046 4460 Dhcp - ok
11:12:22.0046 4460 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:12:22.0046 4460 Disk - ok
11:12:22.0078 4460 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
11:12:22.0078 4460 DKbFltr - ok
11:12:22.0093 4460 dmadmin - ok
11:12:22.0156 4460 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:12:22.0171 4460 dmboot - ok
11:12:22.0187 4460 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:12:22.0187 4460 dmio - ok
11:12:22.0203 4460 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:12:22.0203 4460 dmload - ok
11:12:22.0234 4460 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:12:22.0234 4460 dmserver - ok
11:12:22.0265 4460 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:12:22.0265 4460 DMusic - ok
11:12:22.0312 4460 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:12:22.0328 4460 Dnscache - ok
11:12:22.0343 4460 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:12:22.0343 4460 Dot3svc - ok
11:12:22.0359 4460 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:12:22.0359 4460 dpti2o - ok
11:12:22.0359 4460 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:12:22.0359 4460 drmkaud - ok
11:12:22.0406 4460 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:12:22.0406 4460 EapHost - ok
11:12:22.0437 4460 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:12:22.0437 4460 ERSvc - ok
11:12:22.0453 4460 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:12:22.0453 4460 Eventlog - ok
11:12:22.0515 4460 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:12:22.0515 4460 EventSystem - ok
11:12:22.0546 4460 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:12:22.0562 4460 Fastfat - ok
11:12:22.0609 4460 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:12:22.0609 4460 FastUserSwitchingCompatibility - ok
11:12:22.0687 4460 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:12:22.0687 4460 Fax - ok
11:12:22.0703 4460 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:12:22.0703 4460 Fdc - ok
11:12:22.0718 4460 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:12:22.0718 4460 Fips - ok
11:12:22.0734 4460 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:12:22.0734 4460 Flpydisk - ok
11:12:22.0750 4460 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:12:22.0750 4460 FltMgr - ok
11:12:22.0828 4460 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:12:22.0828 4460 FontCache3.0.0.0 - ok
11:12:22.0828 4460 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:12:22.0828 4460 Fs_Rec - ok
11:12:22.0859 4460 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:12:22.0859 4460 Ftdisk - ok
11:12:22.0906 4460 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:12:22.0921 4460 GoogleDesktopManager-080708-050100 - ok
11:12:22.0937 4460 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:12:22.0937 4460 Gpc - ok
11:12:22.0968 4460 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:12:22.0968 4460 gusvc - ok
11:12:23.0000 4460 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:12:23.0000 4460 HDAudBus - ok
11:12:23.0078 4460 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:12:23.0078 4460 helpsvc - ok
11:12:23.0093 4460 HidServ - ok
11:12:23.0109 4460 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:12:23.0109 4460 HidUsb - ok
11:12:23.0156 4460 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:12:23.0156 4460 hkmsvc - ok
11:12:23.0156 4460 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:12:23.0156 4460 hpn - ok
11:12:23.0203 4460 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:12:23.0203 4460 HTTP - ok
11:12:23.0250 4460 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:12:23.0250 4460 HTTPFilter - ok
11:12:23.0265 4460 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:12:23.0265 4460 i2omgmt - ok
11:12:23.0281 4460 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:12:23.0281 4460 i2omp - ok
11:12:23.0343 4460 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:12:23.0343 4460 i8042prt - ok
11:12:23.0453 4460 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:12:23.0468 4460 IAANTMON - ok
11:12:23.0687 4460 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:12:23.0828 4460 ialm - ok
11:12:23.0843 4460 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:12:23.0843 4460 iaStor - ok
11:12:23.0984 4460 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:12:24.0015 4460 idsvc - ok
11:12:24.0046 4460 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:12:24.0046 4460 Imapi - ok
11:12:24.0093 4460 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:12:24.0093 4460 ImapiService - ok
11:12:24.0109 4460 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:12:24.0109 4460 ini910u - ok
11:12:24.0250 4460 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:12:24.0359 4460 IntcAzAudAddService - ok
11:12:24.0359 4460 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:12:24.0375 4460 IntelIde - ok
11:12:24.0375 4460 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:12:24.0390 4460 intelppm - ok
11:12:24.0406 4460 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:12:24.0421 4460 Ip6Fw - ok
11:12:24.0421 4460 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:12:24.0437 4460 IpFilterDriver - ok
11:12:24.0453 4460 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:12:24.0453 4460 IpInIp - ok
11:12:24.0484 4460 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:12:24.0484 4460 IpNat - ok
11:12:24.0500 4460 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:12:24.0500 4460 IPSec - ok
11:12:24.0531 4460 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:12:24.0531 4460 IRENUM - ok
11:12:24.0546 4460 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:12:24.0546 4460 isapnp - ok
11:12:24.0578 4460 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
11:12:24.0578 4460 Iviaspi - ok
11:12:24.0656 4460 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:12:24.0656 4460 IviRegMgr - ok
11:12:24.0734 4460 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:12:24.0734 4460 JavaQuickStarterService - ok
11:12:24.0750 4460 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:12:24.0750 4460 Kbdclass - ok
11:12:24.0781 4460 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:12:24.0781 4460 kmixer - ok
11:12:24.0812 4460 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:12:24.0812 4460 KSecDD - ok
11:12:24.0859 4460 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:12:24.0859 4460 LanmanServer - ok
11:12:24.0906 4460 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:12:24.0906 4460 lanmanworkstation - ok
11:12:24.0921 4460 lbrtfdc - ok
11:12:24.0984 4460 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:12:24.0984 4460 LightScribeService - ok
11:12:25.0015 4460 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:12:25.0031 4460 LmHosts - ok
11:12:25.0062 4460 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:12:25.0062 4460 MBAMProtector - ok
11:12:25.0125 4460 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:12:25.0125 4460 MBAMScheduler - ok
11:12:25.0156 4460 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:12:25.0171 4460 MBAMService - ok
11:12:25.0203 4460 [ A57A3954408687063780055B1EF58296 ] MEMOQDRV C:\WINDOWS\system32\DRIVERS\memoqdrv.sys
11:12:25.0234 4460 MEMOQDRV - ok
11:12:25.0281 4460 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:12:25.0281 4460 Messenger - ok
11:12:25.0312 4460 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:12:25.0312 4460 mnmdd - ok
11:12:25.0359 4460 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:12:25.0359 4460 mnmsrvc - ok
11:12:25.0375 4460 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:12:25.0375 4460 Modem - ok
11:12:25.0406 4460 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:12:25.0406 4460 Mouclass - ok
11:12:25.0453 4460 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:12:25.0468 4460 mouhid - ok
11:12:25.0484 4460 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:12:25.0484 4460 MountMgr - ok
11:12:25.0531 4460 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:12:25.0593 4460 MozillaMaintenance - ok
11:12:25.0625 4460 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:12:25.0625 4460 MpFilter - ok
11:12:25.0781 4460 [ A69630D039C38018689190234F866D77 ] MpKsl8ac438f9 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D398D0C0-975B-44B1-BC20-967C3391E6C2}\MpKsl8ac438f9.sys
11:12:25.0781 4460 MpKsl8ac438f9 - ok
11:12:25.0796 4460 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:12:25.0796 4460 mraid35x - ok
11:12:25.0796 4460 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:12:25.0812 4460 MRxDAV - ok
11:12:25.0859 4460 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:12:25.0859 4460 MRxSmb - ok
11:12:25.0906 4460 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:12:25.0906 4460 MSDTC - ok
11:12:25.0921 4460 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:12:25.0921 4460 Msfs - ok
11:12:25.0921 4460 MSIServer - ok
11:12:25.0953 4460 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:12:25.0953 4460 MSKSSRV - ok
11:12:26.0015 4460 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:12:26.0015 4460 MsMpSvc - ok
11:12:26.0031 4460 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:12:26.0031 4460 MSPCLOCK - ok
11:12:26.0046 4460 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:12:26.0046 4460 MSPQM - ok
11:12:26.0062 4460 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:12:26.0062 4460 mssmbios - ok
11:12:26.0125 4460 MSSQL$MSSMLBIZ - ok
11:12:26.0156 4460 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:12:26.0156 4460 MSSQLServerADHelper - ok
11:12:26.0171 4460 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:12:26.0171 4460 MSTEE - ok
11:12:26.0187 4460 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:12:26.0203 4460 Mup - ok
11:12:26.0218 4460 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:12:26.0218 4460 NABTSFEC - ok
11:12:26.0281 4460 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:12:26.0296 4460 napagent - ok
11:12:26.0328 4460 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:12:26.0328 4460 NDIS - ok
11:12:26.0343 4460 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:12:26.0343 4460 NdisIP - ok
11:12:26.0390 4460 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:12:26.0390 4460 NdisTapi - ok
11:12:26.0406 4460 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:12:26.0406 4460 Ndisuio - ok
11:12:26.0421 4460 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:12:26.0421 4460 NdisWan - ok
11:12:26.0453 4460 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:12:26.0453 4460 NDProxy - ok
11:12:26.0484 4460 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:12:26.0484 4460 NetBIOS - ok
11:12:26.0500 4460 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:12:26.0500 4460 NetBT - ok
11:12:26.0531 4460 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:12:26.0546 4460 NetDDE - ok
11:12:26.0546 4460 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:12:26.0546 4460 NetDDEdsdm - ok
11:12:26.0609 4460 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:12:26.0609 4460 Netlogon - ok
11:12:26.0625 4460 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:12:26.0625 4460 Netman - ok
11:12:26.0687 4460 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:12:26.0687 4460 NetTcpPortSharing - ok
11:12:26.0703 4460 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:12:26.0703 4460 NIC1394 - ok
11:12:26.0734 4460 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:12:26.0734 4460 Nla - ok
11:12:26.0750 4460 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:12:26.0750 4460 Npfs - ok
11:12:26.0765 4460 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:12:26.0781 4460 Ntfs - ok
11:12:26.0812 4460 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:12:26.0812 4460 NTIBackupSvc - ok
11:12:26.0828 4460 [ 5535174933A08BB8F1CEE26DFFB930E4 ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
11:12:26.0859 4460 NTIDrvr - ok
11:12:26.0906 4460 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:12:26.0906 4460 NTISchedulerSvc - ok
11:12:26.0921 4460 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:12:26.0921 4460 NtLmSsp - ok
11:12:26.0984 4460 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:12:27.0000 4460 NtmsSvc - ok
11:12:27.0046 4460 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:12:27.0046 4460 Null - ok
11:12:27.0078 4460 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:12:27.0078 4460 NwlnkFlt - ok
11:12:27.0093 4460 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:12:27.0093 4460 NwlnkFwd - ok
11:12:27.0093 4460 O2MDRDR - ok
11:12:27.0109 4460 O2SDRDR - ok
11:12:27.0218 4460 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:12:27.0218 4460 odserv - ok
11:12:27.0250 4460 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:12:27.0250 4460 ohci1394 - ok
11:12:27.0390 4460 [ FD209F8C2562C351F7A25B4FFCD8F856 ] Orange update Core Service C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
11:12:27.0421 4460 Orange update Core Service - ok
11:12:27.0437 4460 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:27.0453 4460 ose - ok
11:12:27.0484 4460 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:12:27.0500 4460 Parport - ok
11:12:27.0500 4460 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:12:27.0500 4460 PartMgr - ok
11:12:27.0515 4460 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:12:27.0531 4460 ParVdm - ok
11:12:27.0531 4460 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:12:27.0531 4460 PCI - ok
11:12:27.0546 4460 PCIDump - ok
11:12:27.0562 4460 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:12:27.0562 4460 PCIIde - ok
11:12:27.0578 4460 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:12:27.0578 4460 Pcmcia - ok
11:12:27.0593 4460 PDCOMP - ok
11:12:27.0593 4460 PDFRAME - ok
11:12:27.0609 4460 PDRELI - ok
11:12:27.0609 4460 PDRFRAME - ok
11:12:27.0625 4460 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:12:27.0625 4460 perc2 - ok
11:12:27.0640 4460 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:12:27.0640 4460 perc2hib - ok
11:12:27.0687 4460 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:12:27.0687 4460 PlugPlay - ok
11:12:27.0703 4460 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:12:27.0703 4460 PolicyAgent - ok
11:12:27.0718 4460 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:12:27.0718 4460 PptpMiniport - ok
11:12:27.0734 4460 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:12:27.0734 4460 ProtectedStorage - ok
11:12:27.0750 4460 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:12:27.0750 4460 PSched - ok
11:12:27.0796 4460 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:12:27.0796 4460 PSI_SVC_2 - ok
11:12:27.0812 4460 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:12:27.0812 4460 Ptilink - ok
11:12:27.0812 4460 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:12:27.0828 4460 ql1080 - ok
11:12:27.0828 4460 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:12:27.0828 4460 Ql10wnt - ok
11:12:27.0843 4460 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:12:27.0843 4460 ql12160 - ok
11:12:27.0843 4460 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:12:27.0859 4460 ql1240 - ok
11:12:27.0875 4460 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:12:27.0875 4460 ql1280 - ok
11:12:27.0906 4460 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:12:27.0906 4460 RasAcd - ok
11:12:27.0953 4460 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:12:27.0953 4460 RasAuto - ok
11:12:27.0968 4460 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:12:27.0984 4460 Rasl2tp - ok
11:12:28.0031 4460 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:12:28.0031 4460 RasMan - ok
11:12:28.0046 4460 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:12:28.0046 4460 RasPppoe - ok
11:12:28.0046 4460 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:12:28.0062 4460 Raspti - ok
11:12:28.0078 4460 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:12:28.0078 4460 Rdbss - ok
11:12:28.0093 4460 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:12:28.0093 4460 RDPCDD - ok
11:12:28.0109 4460 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:12:28.0109 4460 rdpdr - ok
11:12:28.0140 4460 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:12:28.0140 4460 RDPWD - ok
11:12:28.0187 4460 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:12:28.0187 4460 RDSessMgr - ok
11:12:28.0203 4460 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:12:28.0203 4460 redbook - ok
11:12:28.0250 4460 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
11:12:28.0250 4460 regi - ok
11:12:28.0281 4460 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:12:28.0296 4460 RemoteAccess - ok
11:12:28.0328 4460 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:12:28.0328 4460 RemoteRegistry - ok
11:12:28.0359 4460 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:12:28.0359 4460 RpcLocator - ok
11:12:28.0390 4460 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:12:28.0406 4460 RpcSs - ok
11:12:28.0437 4460 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:12:28.0437 4460 RSVP - ok
11:12:28.0484 4460 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:12:28.0484 4460 SamSs - ok
11:12:28.0500 4460 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:12:28.0500 4460 SASDIFSV - ok
11:12:28.0515 4460 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:12:28.0515 4460 SASKUTIL - ok
11:12:28.0546 4460 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:12:28.0562 4460 SCardSvr - ok
11:12:28.0609 4460 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:12:28.0625 4460 Schedule - ok
11:12:28.0656 4460 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:12:28.0656 4460 sdbus - ok
11:12:28.0671 4460 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:12:28.0671 4460 Secdrv - ok
11:12:28.0703 4460 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:12:28.0703 4460 seclogon - ok
11:12:28.0734 4460 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:12:28.0734 4460 SENS - ok
11:12:28.0750 4460 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:12:28.0765 4460 Serial - ok
11:12:28.0781 4460 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:12:28.0781 4460 Sfloppy - ok
11:12:28.0828 4460 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:12:28.0828 4460 SharedAccess - ok
11:12:28.0859 4460 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:12:28.0875 4460 ShellHWDetection - ok
11:12:28.0875 4460 Simbad - ok
11:12:28.0890 4460 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:12:28.0890 4460 sisagp - ok
11:12:28.0906 4460 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:12:28.0906 4460 SLIP - ok
11:12:28.0921 4460 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:12:28.0937 4460 Sparrow - ok
11:12:28.0953 4460 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:12:28.0953 4460 splitter - ok
11:12:29.0000 4460 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:12:29.0000 4460 Spooler - ok
11:12:29.0046 4460 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:12:29.0046 4460 SQLBrowser - ok
11:12:29.0078 4460 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:12:29.0093 4460 SQLWriter - ok
11:12:29.0093 4460 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:12:29.0093 4460 sr - ok
11:12:29.0140 4460 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:12:29.0140 4460 srservice - ok
11:12:29.0171 4460 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:12:29.0171 4460 Srv - ok
11:12:29.0203 4460 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:12:29.0203 4460 SSDPSRV - ok
11:12:29.0250 4460 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:12:29.0250 4460 stisvc - ok
11:12:29.0296 4460 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:12:29.0296 4460 streamip - ok
11:12:29.0312 4460 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:12:29.0328 4460 swenum - ok
11:12:29.0343 4460 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:12:29.0343 4460 swmidi - ok
11:12:29.0359 4460 SwPrv - ok
11:12:29.0359 4460 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:12:29.0359 4460 symc810 - ok
11:12:29.0375 4460 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:12:29.0375 4460 symc8xx - ok
11:12:29.0406 4460 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:12:29.0406 4460 sym_hi - ok
11:12:29.0406 4460 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:12:29.0421 4460 sym_u3 - ok
11:12:29.0437 4460 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:12:29.0437 4460 sysaudio - ok
11:12:29.0468 4460 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:12:29.0468 4460 SysmonLog - ok
11:12:29.0500 4460 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:12:29.0500 4460 TapiSrv - ok
11:12:29.0546 4460 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:12:29.0546 4460 Tcpip - ok
11:12:29.0562 4460 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:12:29.0562 4460 TDPIPE - ok
11:12:29.0578 4460 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:12:29.0593 4460 TDTCP - ok
11:12:29.0609 4460 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:12:29.0609 4460 TermDD - ok
11:12:29.0656 4460 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:12:29.0671 4460 TermService - ok
11:12:29.0687 4460 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:12:29.0687 4460 Themes - ok
11:12:29.0718 4460 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:12:29.0718 4460 TlntSvr - ok
11:12:29.0734 4460 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:12:29.0734 4460 TosIde - ok
11:12:29.0750 4460 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\WINDOWS\system32\DRIVERS\TpChoice.sys
11:12:29.0750 4460 TpChoice - ok
11:12:29.0765 4460 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:12:29.0765 4460 TrkWks - ok
11:12:29.0781 4460 [ 5E3966A0D9B57531264FC0C835021FA1 ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
11:12:29.0796 4460 UBHelper - ok
11:12:29.0828 4460 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:12:29.0828 4460 Udfs - ok
11:12:29.0843 4460 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:12:29.0843 4460 ultra - ok
11:12:29.0875 4460 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:12:29.0875 4460 Update - ok
11:12:29.0906 4460 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:12:29.0906 4460 upnphost - ok
11:12:29.0937 4460 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:12:29.0937 4460 UPS - ok
11:12:29.0968 4460 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:12:29.0968 4460 usbccgp - ok
11:12:29.0984 4460 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:12:29.0984 4460 usbehci - ok
11:12:29.0984 4460 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:12:30.0000 4460 usbhub - ok
11:12:30.0000 4460 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:12:30.0000 4460 usbprint - ok
11:12:30.0015 4460 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:12:30.0031 4460 usbscan - ok
11:12:30.0031 4460 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:12:30.0031 4460 USBSTOR - ok
11:12:30.0062 4460 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:12:30.0062 4460 usbuhci - ok
11:12:30.0109 4460 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
11:12:30.0109 4460 usbvideo - ok
11:12:30.0140 4460 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:12:30.0140 4460 VgaSave - ok
11:12:30.0140 4460 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:12:30.0140 4460 viaagp - ok
11:12:30.0156 4460 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:12:30.0156 4460 ViaIde - ok
11:12:30.0171 4460 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:12:30.0171 4460 VolSnap - ok
11:12:30.0218 4460 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:12:30.0218 4460 VSS - ok
11:12:30.0250 4460 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:12:30.0250 4460 W32Time - ok
11:12:30.0265 4460 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:12:30.0265 4460 Wanarp - ok
11:12:30.0312 4460 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:12:30.0312 4460 Wdf01000 - ok
11:12:30.0328 4460 WDICA - ok
11:12:30.0328 4460 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:12:30.0343 4460 wdmaud - ok
11:12:30.0359 4460 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:12:30.0359 4460 WebClient - ok
11:12:30.0453 4460 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:12:30.0453 4460 winmgmt - ok
11:12:30.0515 4460 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:12:30.0515 4460 WmdmPmSN - ok
11:12:30.0546 4460 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:12:30.0578 4460 Wmi - ok
11:12:30.0578 4460 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:12:30.0578 4460 WmiAcpi - ok
11:12:30.0625 4460 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:12:30.0625 4460 WmiApSrv - ok
11:12:30.0656 4460 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:12:30.0671 4460 wscsvc - ok
11:12:30.0703 4460 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:12:30.0703 4460 WSTCODEC - ok
11:12:30.0718 4460 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:12:30.0718 4460 wuauserv - ok
11:12:30.0765 4460 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:12:30.0781 4460 WZCSVC - ok
11:12:30.0781 4460 xcpip - ok
11:12:30.0812 4460 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:12:30.0828 4460 xmlprov - ok
11:12:30.0828 4460 xpsec - ok
11:12:30.0843 4460 ================ Scan global ===============================
11:12:30.0890 4460 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:12:30.0937 4460 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:12:30.0953 4460 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:12:30.0968 4460 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:12:30.0968 4460 [Global] - ok
11:12:30.0984 4460 ================ Scan MBR ==================================
11:12:31.0000 4460 [ 33ACD7F96C8C543021D4B4A4C6AFBE8A ] \Device\Harddisk0\DR0
11:12:31.0000 4460 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:12:31.0000 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
11:12:31.0000 4460 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
11:12:31.0000 4460 ================ Scan VBR ==================================
11:12:31.0015 4460 [ BC4749E89EE9915D0E2FC08C0D2D40B6 ] \Device\Harddisk0\DR0\Partition1
11:12:31.0015 4460 \Device\Harddisk0\DR0\Partition1 - ok
11:12:31.0031 4460 [ 11857727105556DFE3CE603245B0CD86 ] \Device\Harddisk0\DR0\Partition2
11:12:31.0031 4460 \Device\Harddisk0\DR0\Partition2 - ok
11:12:31.0046 4460 ============================================================
11:12:31.0046 4460 Scan finished
11:12:31.0046 4460 ============================================================
11:12:31.0062 3712 Detected object count: 1
11:12:31.0062 3712 Actual detected object count: 1
11:12:45.0187 3712 \Device\Harddisk0\DR0\# - copied to quarantine
11:12:45.0343 3712 \Device\Harddisk0\DR0 - copied to quarantine
11:12:47.0218 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
11:12:47.0265 3712 \Device\Harddisk0\DR0 - ok
11:12:47.0265 3712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
11:13:04.0781 5876 Deinitialize success




and this log which is the same date:



11:22:28.0468 2868 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:22:29.0828 2868 ============================================================
11:22:29.0828 2868 Current date / time: 2012/10/30 11:22:29.0828
11:22:29.0828 2868 SystemInfo:
11:22:29.0828 2868
11:22:29.0828 2868 OS Version: 5.1.2600 ServicePack: 3.0
11:22:29.0828 2868 Product type: Workstation
11:22:29.0828 2868 ComputerName: ACER-926C8D0979
11:22:29.0828 2868 UserName: Eddie Hooper
11:22:29.0828 2868 Windows directory: C:\WINDOWS
11:22:29.0828 2868 System windows directory: C:\WINDOWS
11:22:29.0828 2868 Processor architecture: Intel x86
11:22:29.0828 2868 Number of processors: 1
11:22:29.0828 2868 Page size: 0x1000
11:22:29.0828 2868 Boot type: Normal boot
11:22:29.0828 2868 ============================================================
11:22:31.0218 2868 BG loaded
11:22:31.0656 2868 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:22:31.0734 2868 ============================================================
11:22:31.0734 2868 \Device\Harddisk0\DR0:
11:22:31.0734 2868 MBR partitions:
11:22:31.0734 2868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
11:22:31.0734 2868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
11:22:31.0734 2868 ============================================================
11:22:31.0765 2868 C: <-> \Device\Harddisk0\DR0\Partition1
11:22:31.0937 2868 D: <-> \Device\Harddisk0\DR0\Partition2
11:22:31.0968 2868 ============================================================
11:22:31.0968 2868 Initialize success
11:22:31.0968 2868 ============================================================
11:22:37.0375 2112 ============================================================
11:22:37.0375 2112 Scan started
11:22:37.0375 2112 Mode: Manual;
11:22:37.0375 2112 ============================================================
11:22:37.0515 2112 ================ Scan system memory ========================
11:22:37.0515 2112 System memory - ok
11:22:37.0531 2112 ================ Scan services =============================
11:22:37.0625 2112 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:22:37.0625 2112 !SASCORE - ok
11:22:37.0828 2112 Abiosdsk - ok
11:22:37.0843 2112 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:22:37.0843 2112 abp480n5 - ok
11:22:37.0859 2112 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:37.0859 2112 ACPI - ok
11:22:37.0859 2112 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:22:37.0859 2112 ACPIEC - ok
11:22:37.0953 2112 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:22:37.0953 2112 AdobeFlashPlayerUpdateSvc - ok
11:22:37.0968 2112 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:22:37.0968 2112 adpu160m - ok
11:22:38.0000 2112 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:22:38.0000 2112 aec - ok
11:22:38.0046 2112 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:22:38.0046 2112 AFD - ok
11:22:38.0062 2112 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:22:38.0062 2112 agp440 - ok
11:22:38.0062 2112 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:22:38.0062 2112 agpCPQ - ok
11:22:38.0078 2112 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:22:38.0078 2112 Aha154x - ok
11:22:38.0093 2112 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:22:38.0093 2112 aic78u2 - ok
11:22:38.0109 2112 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:22:38.0109 2112 aic78xx - ok
11:22:38.0156 2112 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:22:38.0156 2112 Alerter - ok
11:22:38.0203 2112 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:22:38.0203 2112 ALG - ok
11:22:38.0203 2112 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:&#

Edited by winston66, 08 November 2012 - 12:16 PM.


#18 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 08 November 2012 - 02:12 PM

*edit* Sorry I missed that you edited the post. I'll update my instructions and post back when I've reviewed the TDSSKiller logs.

Edited by ler, 08 November 2012 - 02:18 PM.


#19 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 08 November 2012 - 02:41 PM

ler

Hi,

Now that I can paste the TDSS Killer logs from the c/: location let me know if you want the one that won't paste from desktop dated 6th November and scanned after all the other things that you asked for.

Regards,


winston 66

Edited by winston66, 08 November 2012 - 02:42 PM.


#20 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 09 November 2012 - 05:21 PM

Hi,

Incidentally, I have looked in the history section of microsoft security essentials and the trojan virus that i mentioned earlier is quarantined there.

Can you tell me the name of the threat and the path of the quarantined file?

Now that I can paste the TDSS Killer logs from the c/: location let me know if you want the one that won't paste from desktop dated 6th November and scanned after all the other things that you asked for.

Yes, please post this TDSSKiller log as well.

=====

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

In your next post I'd like to see the recent TDSSKiller log and the OTL log. :thumbup:

#21 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 10 November 2012 - 03:47 AM

Hi ler

The history in microsft security essentials shows:

Quarantined items:

Trojan:DOS/Sinowal.Q

Alert level severe

Date 10/11/2012 9:07

Recommended action:
Items

file:C:\TDSSKiller_Quarantine\30.10.2012\mbr0000\mbr0000\tsk0000.dta
file:C:\TDSSKiller_Quarantine\30.10.2012\mbr0000\mbr0000\tsk0001.dta

Interestingly it would not let me copy and paste the two file references. It would highlight blue but not copy- exactly what happened to the desktop TDSSKiller the other day.

Can I now delete all of this from the quarantine ?

It appears I ran the TDSSKiller 5 times on the 6th prersumably in an attempt to get a log to copy and paste.

1/

12:05:13.0531 3580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:05:13.0984 3580 ============================================================
12:05:13.0984 3580 Current date / time: 2012/11/06 12:05:13.0984
12:05:13.0984 3580 SystemInfo:
12:05:13.0984 3580
12:05:13.0984 3580 OS Version: 5.1.2600 ServicePack: 3.0
12:05:13.0984 3580 Product type: Workstation
12:05:13.0984 3580 ComputerName: ACER-926C8D0979
12:05:13.0984 3580 UserName: Eddie Hooper
12:05:13.0984 3580 Windows directory: C:\WINDOWS
12:05:13.0984 3580 System windows directory: C:\WINDOWS
12:05:13.0984 3580 Processor architecture: Intel x86
12:05:13.0984 3580 Number of processors: 1
12:05:13.0984 3580 Page size: 0x1000
12:05:13.0984 3580 Boot type: Normal boot
12:05:13.0984 3580 ============================================================
12:05:14.0437 3580 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:05:14.0484 3580 ============================================================
12:05:14.0484 3580 \Device\Harddisk0\DR0:
12:05:14.0484 3580 MBR partitions:
12:05:14.0484 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
12:05:14.0484 3580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
12:05:14.0484 3580 ============================================================
12:05:14.0531 3580 C: <-> \Device\Harddisk0\DR0\Partition1
12:05:14.0578 3580 D: <-> \Device\Harddisk0\DR0\Partition2
12:05:14.0578 3580 ============================================================
12:05:14.0578 3580 Initialize success
12:05:14.0578 3580 ============================================================
12:05:24.0953 0812 ============================================================
12:05:24.0953 0812 Scan started
12:05:24.0953 0812 Mode: Manual;
12:05:24.0953 0812 ============================================================
12:05:25.0562 0812 ================ Scan system memory ========================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan services =============================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan global ===============================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan MBR ==================================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan VBR ==================================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ============================================================
12:05:25.0562 0812 Scan finished
12:05:25.0562 0812 ============================================================
12:05:25.0578 2168 Detected object count: 0
12:05:25.0578 2168 Actual detected object count: 0
12:05:37.0078 1284 ============================================================
12:05:37.0078 1284 Scan started
12:05:37.0078 1284 Mode: Manual;
12:05:37.0078 1284 ============================================================
12:05:37.0171 1284 ================ Scan system memory ========================
12:05:37.0171 1284 System memory - ok
12:05:37.0171 1284 ================ Scan services =============================
12:05:37.0328 1284 Abiosdsk - ok
12:05:37.0359 1284 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:05:37.0359 1284 abp480n5 - ok
12:05:37.0375 1284 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:37.0375 1284 ACPI - ok
12:05:37.0390 1284 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:05:37.0390 1284 ACPIEC - ok
12:05:37.0468 1284 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:05:37.0484 1284 AdobeFlashPlayerUpdateSvc - ok
12:05:37.0515 1284 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:05:37.0515 1284 adpu160m - ok
12:05:37.0531 1284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:05:37.0546 1284 aec - ok
12:05:37.0593 1284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:05:37.0593 1284 AFD - ok
12:05:37.0609 1284 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:05:37.0609 1284 agp440 - ok
12:05:37.0625 1284 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:05:37.0625 1284 agpCPQ - ok
12:05:37.0625 1284 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:05:37.0625 1284 Aha154x - ok
12:05:37.0640 1284 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:05:37.0640 1284 aic78u2 - ok
12:05:37.0656 1284 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:05:37.0656 1284 aic78xx - ok
12:05:37.0687 1284 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:05:37.0687 1284 Alerter - ok
12:05:37.0718 1284 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:05:37.0718 1284 ALG - ok
12:05:37.0734 1284 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:05:37.0734 1284 AliIde - ok
12:05:37.0734 1284 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:05:37.0734 1284 alim1541 - ok
12:05:37.0750 1284 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:05:37.0750 1284 amdagp - ok
12:05:37.0750 1284 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:05:37.0750 1284 amsint - ok
12:05:37.0796 1284 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:05:37.0796 1284 ApfiltrService - ok
12:05:37.0828 1284 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:05:37.0828 1284 AppMgmt - ok
12:05:37.0906 1284 [ 41074707BA49D02E240C7B960217AABE ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
12:05:37.0937 1284 AR5416 - ok
12:05:37.0968 1284 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:05:37.0968 1284 Arp1394 - ok
12:05:37.0984 1284 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:05:37.0984 1284 asc - ok
12:05:37.0984 1284 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:05:37.0984 1284 asc3350p - ok
12:05:38.0000 1284 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:05:38.0000 1284 asc3550 - ok
12:05:38.0125 1284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:05:38.0140 1284 aspnet_state - ok
12:05:38.0171 1284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:38.0171 1284 AsyncMac - ok
12:05:38.0187 1284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:38.0187 1284 atapi - ok
12:05:38.0187 1284 Atdisk - ok
12:05:38.0218 1284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:38.0218 1284 Atmarpc - ok
12:05:38.0250 1284 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:05:38.0250 1284 AudioSrv - ok
12:05:38.0265 1284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:38.0265 1284 audstub - ok
12:05:38.0296 1284 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:05:38.0296 1284 b57w2k - ok
12:05:38.0421 1284 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:05:38.0421 1284 BcmSqlStartupSvc - ok
12:05:38.0437 1284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:05:38.0437 1284 Beep - ok
12:05:38.0484 1284 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:05:38.0500 1284 BITS - ok
12:05:38.0546 1284 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:05:38.0546 1284 Browser - ok
12:05:38.0562 1284 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
12:05:38.0562 1284 BUNAgentSvc - ok
12:05:38.0578 1284 catchme - ok
12:05:38.0609 1284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:05:38.0609 1284 cbidf - ok
12:05:38.0625 1284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:38.0625 1284 cbidf2k - ok
12:05:38.0656 1284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:05:38.0656 1284 CCDECODE - ok
12:05:38.0656 1284 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:05:38.0656 1284 cd20xrnt - ok
12:05:38.0687 1284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:38.0687 1284 Cdaudio - ok
12:05:38.0703 1284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:38.0703 1284 Cdfs - ok
12:05:38.0718 1284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:38.0718 1284 Cdrom - ok
12:05:38.0734 1284 Changer - ok
12:05:38.0781 1284 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:05:38.0781 1284 CiSvc - ok
12:05:38.0812 1284 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:05:38.0812 1284 ClipSrv - ok
12:05:38.0843 1284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:38.0890 1284 clr_optimization_v2.0.50727_32 - ok
12:05:38.0921 1284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:05:38.0921 1284 CmBatt - ok
12:05:38.0921 1284 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:05:38.0921 1284 CmdIde - ok
12:05:38.0937 1284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:05:38.0937 1284 Compbatt - ok
12:05:38.0937 1284 COMSysApp - ok
12:05:38.0968 1284 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:05:38.0968 1284 Cpqarray - ok
12:05:39.0015 1284 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:05:39.0015 1284 CryptSvc - ok
12:05:39.0015 1284 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:05:39.0031 1284 dac2w2k - ok
12:05:39.0031 1284 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:05:39.0031 1284 dac960nt - ok
12:05:39.0093 1284 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:05:39.0093 1284 DcomLaunch - ok
12:05:39.0140 1284 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:05:39.0140 1284 Dhcp - ok
12:05:39.0140 1284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:39.0140 1284 Disk - ok
12:05:39.0187 1284 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
12:05:39.0187 1284 DKbFltr - ok
12:05:39.0203 1284 dmadmin - ok
12:05:39.0250 1284 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:05:39.0265 1284 dmboot - ok
12:05:39.0296 1284 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:05:39.0296 1284 dmio - ok
12:05:39.0312 1284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:05:39.0312 1284 dmload - ok
12:05:39.0328 1284 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:05:39.0343 1284 dmserver - ok
12:05:39.0390 1284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:05:39.0390 1284 DMusic - ok
12:05:39.0437 1284 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:05:39.0437 1284 Dnscache - ok
12:05:39.0468 1284 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:05:39.0468 1284 Dot3svc - ok
12:05:39.0484 1284 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:05:39.0484 1284 dpti2o - ok
12:05:39.0500 1284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:39.0500 1284 drmkaud - ok
12:05:39.0531 1284 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:05:39.0531 1284 EapHost - ok
12:05:39.0546 1284 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:05:39.0546 1284 ERSvc - ok
12:05:39.0562 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:05:39.0578 1284 Eventlog - ok
12:05:39.0625 1284 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:05:39.0625 1284 EventSystem - ok
12:05:39.0656 1284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:39.0656 1284 Fastfat - ok
12:05:39.0687 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:05:39.0687 1284 FastUserSwitchingCompatibility - ok
12:05:39.0703 1284 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:05:39.0718 1284 Fax - ok
12:05:39.0734 1284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:05:39.0734 1284 Fdc - ok
12:05:39.0750 1284 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:05:39.0750 1284 Fips - ok
12:05:39.0765 1284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:05:39.0765 1284 Flpydisk - ok
12:05:39.0781 1284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:05:39.0781 1284 FltMgr - ok
12:05:39.0828 1284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:39.0828 1284 FontCache3.0.0.0 - ok
12:05:39.0828 1284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:39.0828 1284 Fs_Rec - ok
12:05:39.0843 1284 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:39.0843 1284 Ftdisk - ok
12:05:39.0906 1284 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:05:39.0906 1284 GoogleDesktopManager-080708-050100 - ok
12:05:39.0921 1284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:39.0921 1284 Gpc - ok
12:05:39.0968 1284 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:05:39.0968 1284 gusvc - ok
12:05:39.0984 1284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:40.0000 1284 HDAudBus - ok
12:05:40.0046 1284 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:05:40.0046 1284 helpsvc - ok
12:05:40.0062 1284 HidServ - ok
12:05:40.0078 1284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:40.0078 1284 HidUsb - ok
12:05:40.0125 1284 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:05:40.0125 1284 hkmsvc - ok
12:05:40.0171 1284 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:05:40.0171 1284 hpn - ok
12:05:40.0218 1284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:40.0234 1284 HTTP - ok
12:05:40.0265 1284 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:05:40.0265 1284 HTTPFilter - ok
12:05:40.0281 1284 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:05:40.0281 1284 i2omgmt - ok
12:05:40.0296 1284 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:05:40.0296 1284 i2omp - ok
12:05:40.0343 1284 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:40.0343 1284 i8042prt - ok
12:05:40.0437 1284 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:05:40.0437 1284 IAANTMON - ok
12:05:40.0625 1284 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:05:40.0781 1284 ialm - ok
12:05:40.0796 1284 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:05:40.0796 1284 iaStor - ok
12:05:40.0890 1284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:40.0906 1284 idsvc - ok
12:05:40.0937 1284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:40.0953 1284 Imapi - ok
12:05:40.0984 1284 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:05:41.0000 1284 ImapiService - ok
12:05:41.0031 1284 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:05:41.0031 1284 ini910u - ok
12:05:41.0187 1284 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:05:41.0296 1284 IntcAzAudAddService - ok
12:05:41.0312 1284 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:05:41.0312 1284 IntelIde - ok
12:05:41.0312 1284 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:41.0328 1284 intelppm - ok
12:05:41.0343 1284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:05:41.0343 1284 Ip6Fw - ok
12:05:41.0375 1284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:41.0375 1284 IpFilterDriver - ok
12:05:41.0406 1284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:41.0406 1284 IpInIp - ok
12:05:41.0437 1284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:41.0437 1284 IpNat - ok
12:05:41.0453 1284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:41.0453 1284 IPSec - ok
12:05:41.0484 1284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:41.0484 1284 IRENUM - ok
12:05:41.0500 1284 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:41.0500 1284 isapnp - ok
12:05:41.0515 1284 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
12:05:41.0515 1284 Iviaspi - ok
12:05:41.0593 1284 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:05:41.0593 1284 IviRegMgr - ok
12:05:41.0656 1284 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:05:41.0656 1284 JavaQuickStarterService - ok
12:05:41.0687 1284 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:41.0687 1284 Kbdclass - ok
12:05:41.0718 1284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:05:41.0718 1284 kmixer - ok
12:05:41.0750 1284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:41.0750 1284 KSecDD - ok
12:05:41.0796 1284 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:05:41.0796 1284 LanmanServer - ok
12:05:41.0843 1284 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:05:41.0843 1284 lanmanworkstation - ok
12:05:41.0843 1284 lbrtfdc - ok
12:05:41.0921 1284 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:05:41.0921 1284 LightScribeService - ok
12:05:41.0953 1284 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:05:41.0953 1284 LmHosts - ok
12:05:42.0000 1284 [ A57A3954408687063780055B1EF58296 ] MEMOQDRV C:\WINDOWS\system32\DRIVERS\memoqdrv.sys
12:05:42.0000 1284 MEMOQDRV - ok
12:05:42.0031 1284 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:05:42.0031 1284 Messenger - ok
12:05:42.0078 1284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:42.0078 1284 mnmdd - ok
12:05:42.0093 1284 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:05:42.0109 1284 mnmsrvc - ok
12:05:42.0125 1284 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:05:42.0125 1284 Modem - ok
12:05:42.0156 1284 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:42.0156 1284 Mouclass - ok
12:05:42.0203 1284 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:42.0203 1284 mouhid - ok
12:05:42.0218 1284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:42.0218 1284 MountMgr - ok
12:05:42.0265 1284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:42.0265 1284 MozillaMaintenance - ok
12:05:42.0296 1284 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:05:42.0312 1284 MpFilter - ok
12:05:42.0328 1284 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:05:42.0328 1284 mraid35x - ok
12:05:42.0328 1284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:42.0343 1284 MRxDAV - ok
12:05:42.0375 1284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:42.0375 1284 MRxSmb - ok
12:05:42.0421 1284 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:05:42.0421 1284 MSDTC - ok
12:05:42.0421 1284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:05:42.0437 1284 Msfs - ok
12:05:42.0437 1284 MSIServer - ok
12:05:42.0468 1284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:42.0468 1284 MSKSSRV - ok
12:05:42.0531 1284 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:05:42.0531 1284 MsMpSvc - ok
12:05:42.0562 1284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:42.0562 1284 MSPCLOCK - ok
12:05:42.0578 1284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:42.0578 1284 MSPQM - ok
12:05:42.0609 1284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:42.0609 1284 mssmbios - ok
12:05:42.0656 1284 MSSQL$MSSMLBIZ - ok
12:05:42.0703 1284 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:05:42.0703 1284 MSSQLServerADHelper - ok
12:05:42.0734 1284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:05:42.0734 1284 MSTEE - ok
12:05:42.0750 1284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:05:42.0750 1284 Mup - ok
12:05:42.0781 1284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:05:42.0781 1284 NABTSFEC - ok
12:05:42.0812 1284 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:05:42.0812 1284 napagent - ok
12:05:42.0843 1284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:05:42.0843 1284 NDIS - ok
12:05:42.0875 1284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:05:42.0875 1284 NdisIP - ok
12:05:42.0921 1284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:42.0921 1284 NdisTapi - ok
12:05:42.0937 1284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:42.0937 1284 Ndisuio - ok
12:05:42.0937 1284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:42.0953 1284 NdisWan - ok
12:05:42.0984 1284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:42.0984 1284 NDProxy - ok
12:05:42.0984 1284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:42.0984 1284 NetBIOS - ok
12:05:43.0000 1284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:43.0015 1284 NetBT - ok
12:05:43.0046 1284 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:05:43.0046 1284 NetDDE - ok
12:05:43.0062 1284 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:05:43.0062 1284 NetDDEdsdm - ok
12:05:43.0109 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:05:43.0109 1284 Netlogon - ok
12:05:43.0125 1284 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:05:43.0125 1284 Netman - ok
12:05:43.0171 1284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:43.0187 1284 NetTcpPortSharing - ok
12:05:43.0203 1284 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:05:43.0203 1284 NIC1394 - ok
12:05:43.0234 1284 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:05:43.0234 1284 Nla - ok
12:05:43.0250 1284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:05:43.0250 1284 Npfs - ok
12:05:43.0281 1284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:43.0296 1284 Ntfs - ok
12:05:43.0343 1284 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:05:43.0343 1284 NTIBackupSvc - ok
12:05:43.0359 1284 [ 5535174933A08BB8F1CEE26DFFB930E4 ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
12:05:43.0359 1284 NTIDrvr - ok
12:05:43.0406 1284 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:05:43.0406 1284 NTISchedulerSvc - ok
12:05:43.0421 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:05:43.0421 1284 NtLmSsp - ok
12:05:43.0484 1284 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:05:43.0484 1284 NtmsSvc - ok
12:05:43.0500 1284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:05:43.0515 1284 Null - ok
12:05:43.0531 1284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:43.0531 1284 NwlnkFlt - ok
12:05:43.0546 1284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:43.0546 1284 NwlnkFwd - ok
12:05:43.0656 1284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:05:43.0671 1284 odserv - ok
12:05:43.0703 1284 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:05:43.0703 1284 ohci1394 - ok
12:05:43.0843 1284 [ FD209F8C2562C351F7A25B4FFCD8F856 ] Orange update Core Service C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
12:05:43.0875 1284 Orange update Core Service - ok
12:05:43.0921 1284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:43.0921 1284 ose - ok
12:05:43.0953 1284 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:05:43.0953 1284 Parport - ok
12:05:43.0953 1284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:43.0953 1284 PartMgr - ok
12:05:43.0984 1284 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:43.0984 1284 ParVdm - ok
12:05:44.0000 1284 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:44.0000 1284 PCI - ok
12:05:44.0000 1284 PCIDump - ok
12:05:44.0015 1284 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:44.0015 1284 PCIIde - ok
12:05:44.0015 1284 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:05:44.0015 1284 Pcmcia - ok
12:05:44.0031 1284 PDCOMP - ok
12:05:44.0031 1284 PDFRAME - ok
12:05:44.0046 1284 PDRELI - ok
12:05:44.0046 1284 PDRFRAME - ok
12:05:44.0062 1284 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:05:44.0062 1284 perc2 - ok
12:05:44.0062 1284 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:05:44.0078 1284 perc2hib - ok
12:05:44.0140 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:05:44.0140 1284 PlugPlay - ok
12:05:44.0156 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:05:44.0156 1284 PolicyAgent - ok
12:05:44.0171 1284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:44.0171 1284 PptpMiniport - ok
12:05:44.0171 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:05:44.0187 1284 ProtectedStorage - ok
12:05:44.0187 1284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:44.0187 1284 PSched - ok
12:05:44.0234 1284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:05:44.0234 1284 PSI_SVC_2 - ok
12:05:44.0250 1284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:44.0250 1284 Ptilink - ok
12:05:44.0250 1284 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:05:44.0250 1284 ql1080 - ok
12:05:44.0265 1284 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:05:44.0265 1284 Ql10wnt - ok
12:05:44.0281 1284 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:05:44.0281 1284 ql12160 - ok
12:05:44.0296 1284 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:05:44.0296 1284 ql1240 - ok
12:05:44.0312 1284 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:05:44.0312 1284 ql1280 - ok
12:05:44.0328 1284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:44.0328 1284 RasAcd - ok
12:05:44.0375 1284 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:05:44.0375 1284 RasAuto - ok
12:05:44.0390 1284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:44.0406 1284 Rasl2tp - ok
12:05:44.0421 1284 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:05:44.0421 1284 RasMan - ok
12:05:44.0437 1284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:44.0437 1284 RasPppoe - ok
12:05:44.0453 1284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:44.0453 1284 Raspti - ok
12:05:44.0468 1284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:44.0484 1284 Rdbss - ok
12:05:44.0484 1284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:44.0484 1284 RDPCDD - ok
12:05:44.0500 1284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:44.0500 1284 rdpdr - ok
12:05:44.0562 1284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:44.0562 1284 RDPWD - ok
12:05:44.0593 1284 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:05:44.0593 1284 RDSessMgr - ok
12:05:44.0625 1284 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:44.0625 1284 redbook - ok
12:05:44.0671 1284 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:05:44.0671 1284 regi - ok
12:05:44.0718 1284 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:05:44.0718 1284 RemoteAccess - ok
12:05:44.0718 1284 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:05:44.0718 1284 RemoteRegistry - ok
12:05:44.0765 1284 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:05:44.0765 1284 RpcLocator - ok
12:05:44.0796 1284 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:05:44.0812 1284 RpcSs - ok
12:05:44.0828 1284 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:05:44.0828 1284 RSVP - ok
12:05:44.0859 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:05:44.0859 1284 SamSs - ok
12:05:44.0890 1284 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:05:44.0890 1284 SCardSvr - ok
12:05:44.0906 1284 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:05:44.0921 1284 Schedule - ok
12:05:44.0953 1284 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:05:44.0953 1284 sdbus - ok
12:05:44.0984 1284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:44.0984 1284 Secdrv - ok
12:05:44.0984 1284 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:05:44.0984 1284 seclogon - ok
12:05:45.0000 1284 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:05:45.0000 1284 SENS - ok
12:05:45.0031 1284 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:05:45.0031 1284 Serial - ok
12:05:45.0046 1284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:45.0046 1284 Sfloppy - ok
12:05:45.0109 1284 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:05:45.0109 1284 SharedAccess - ok
12:05:45.0140 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:05:45.0140 1284 ShellHWDetection - ok
12:05:45.0140 1284 Simbad - ok
12:05:45.0203 1284 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:05:45.0203 1284 sisagp - ok
12:05:45.0218 1284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:05:45.0218 1284 SLIP - ok
12:05:45.0250 1284 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:05:45.0250 1284 Sparrow - ok
12:05:45.0265 1284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:05:45.0281 1284 splitter - ok
12:05:45.0312 1284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:05:45.0312 1284 Spooler - ok
12:05:45.0343 1284 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:05:45.0343 1284 SQLBrowser - ok
12:05:45.0390 1284 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:05:45.0390 1284 SQLWriter - ok
12:05:45.0406 1284 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:45.0406 1284 sr - ok
12:05:45.0421 1284 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:05:45.0437 1284 srservice - ok
12:05:45.0453 1284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:45.0453 1284 Srv - ok
12:05:45.0484 1284 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:05:45.0484 1284 SSDPSRV - ok
12:05:45.0531 1284 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:05:45.0531 1284 stisvc - ok
12:05:45.0562 1284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:05:45.0562 1284 streamip - ok
12:05:45.0578 1284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:45.0593 1284 swenum - ok
12:05:45.0593 1284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:05:45.0593 1284 swmidi - ok
12:05:45.0609 1284 SwPrv - ok
12:05:45.0609 1284 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:05:45.0625 1284 symc810 - ok
12:05:45.0625 1284 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:05:45.0625 1284 symc8xx - ok
12:05:45.0640 1284 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:05:45.0640 1284 sym_hi - ok
12:05:45.0656 1284 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:05:45.0656 1284 sym_u3 - ok
12:05:45.0656 1284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:45.0656 1284 sysaudio - ok
12:05:45.0703 1284 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:05:45.0718 1284 SysmonLog - ok
12:05:45.0718 1284 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:05:45.0734 1284 TapiSrv - ok
12:05:45.0765 1284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:45.0765 1284 Tcpip - ok
12:05:45.0796 1284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:45.0796 1284 TDPIPE - ok
12:05:45.0828 1284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:45.0828 1284 TDTCP - ok
12:05:45.0859 1284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:45.0859 1284 TermDD - ok
12:05:45.0875 1284 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:05:45.0890 1284 TermService - ok
12:05:45.0906 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:05:45.0921 1284 Themes - ok
12:05:45.0937 1284 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:05:45.0953 1284 TlntSvr - ok
12:05:45.0984 1284 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:05:45.0984 1284 TosIde - ok
12:05:46.0015 1284 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\WINDOWS\system32\DRIVERS\TpChoice.sys
12:05:46.0015 1284 TpChoice - ok
12:05:46.0046 1284 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:05:46.0046 1284 TrkWks - ok
12:05:46.0062 1284 [ 5E3966A0D9B57531264FC0C835021FA1 ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
12:05:46.0062 1284 UBHelper - ok
12:05:46.0078 1284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:05:46.0078 1284 Udfs - ok
12:05:46.0093 1284 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:05:46.0093 1284 ultra - ok
12:05:46.0140 1284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:05:46.0140 1284 Update - ok
12:05:46.0171 1284 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:05:46.0171 1284 upnphost - ok
12:05:46.0203 1284 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:05:46.0203 1284 UPS - ok
12:05:46.0234 1284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:46.0234 1284 usbccgp - ok
12:05:46.0250 1284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:46.0250 1284 usbehci - ok
12:05:46.0250 1284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:46.0265 1284 usbhub - ok
12:05:46.0265 1284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:05:46.0265 1284 usbprint - ok
12:05:46.0296 1284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:46.0296 1284 usbscan - ok
12:05:46.0296 1284 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:46.0296 1284 USBSTOR - ok
12:05:46.0328 1284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:46.0328 1284 usbuhci - ok
12:05:46.0359 1284 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:05:46.0359 1284 usbvideo - ok
12:05:46.0390 1284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:05:46.0390 1284 VgaSave - ok
12:05:46.0390 1284 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:05:46.0406 1284 viaagp - ok
12:05:46.0406 1284 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:05:46.0406 1284 ViaIde - ok
12:05:46.0421 1284 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:46.0421 1284 VolSnap - ok
12:05:46.0453 1284 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:05:46.0468 1284 VSS - ok
12:05:46.0500 1284 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:05:46.0500 1284 W32Time - ok
12:05:46.0515 1284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:46.0515 1284 Wanarp - ok
12:05:46.0531 1284 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:05:46.0546 1284 Wdf01000 - ok
12:05:46.0562 1284 WDICA - ok
12:05:46.0578 1284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:46.0578 1284 wdmaud - ok
12:05:46.0593 1284 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:05:46.0593 1284 WebClient - ok
12:05:46.0671 1284 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:05:46.0671 1284 winmgmt - ok
12:05:46.0734 1284 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:05:46.0734 1284 WmdmPmSN - ok
12:05:46.0765 1284 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:05:46.0781 1284 Wmi - ok
12:05:46.0781 1284 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:05:46.0781 1284 WmiAcpi - ok
12:05:46.0828 1284 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:05:46.0828 1284 WmiApSrv - ok
12:05:46.0859 1284 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:05:46.0859 1284 WS2IFSL - ok
12:05:46.0890 1284 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:05:46.0890 1284 wscsvc - ok
12:05:46.0921 1284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:05:46.0921 1284 WSTCODEC - ok
12:05:46.0953 1284 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:05:46.0953 1284 wuauserv - ok
12:05:46.0984 1284 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:05:47.0000 1284 WZCSVC - ok
12:05:47.0031 1284 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:05:47.0031 1284 xmlprov - ok
12:05:47.0046 1284 ================ Scan global ===============================
12:05:47.0093 1284 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:05:47.0140 1284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:47.0156 1284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:47.0187 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:05:47.0187 1284 [Global] - ok
12:05:47.0187 1284 ================ Scan MBR ==================================
12:05:47.0203 1284 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
12:05:49.0531 1284 \Device\Harddisk0\DR0 - ok
12:05:49.0546 1284 ================ Scan VBR ==================================
12:05:49.0546 1284 [ BC4749E89EE9915D0E2FC08C0D2D40B6 ] \Device\Harddisk0\DR0\Partition1
12:05:49.0546 1284 \Device\Harddisk0\DR0\Partition1 - ok
12:05:49.0593 1284 [ 11857727105556DFE3CE603245B0CD86 ] \Device\Harddisk0\DR0\Partition2
12:05:49.0593 1284 \Device\Harddisk0\DR0\Partition2 - ok
12:05:49.0593 1284 ============================================================
12:05:49.0593 1284 Scan finished
12:05:49.0593 1284 ============================================================
12:05:49.0609 1288 Detected object count: 0
12:05:49.0609 1288 Actual detected object count: 0
12:05:56.0046 4044 Deinitialize success


2/



12:08:37.0812 0488 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:08:39.0000 0488 ============================================================
12:08:39.0000 0488 Current date / time: 2012/11/06 12:08:39.0000
12:08:39.0000 0488 SystemInfo:
12:08:39.0000 0488
12:08:39.0000 0488 OS Version: 5.1.2600 ServicePack: 3.0
12:08:39.0000 0488 Product type: Workstation
12:08:39.0000 0488 ComputerName: ACER-926C8D0979
12:08:39.0000 0488 UserName: Eddie Hooper
12:08:39.0000 0488 Windows directory: C:\WINDOWS
12:08:39.0000 0488 System windows directory: C:\WINDOWS
12:08:39.0000 0488 Processor architecture: Intel x86
12:08:39.0000 0488 Number of processors: 1
12:08:39.0000 0488 Page size: 0x1000
12:08:39.0000 0488 Boot type: Normal boot
12:08:39.0000 0488 ============================================================
12:08:39.0312 0488 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:08:39.0359 0488 ============================================================
12:08:39.0359 0488 \Device\Harddisk0\DR0:
12:08:39.0359 0488 MBR partitions:
12:08:39.0359 0488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
12:08:39.0359 0488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
12:08:39.0359 0488 ============================================================
12:08:39.0406 0488 C: <-> \Device\Harddisk0\DR0\Partition1
12:08:39.0437 0488 D: <-> \Device\Harddisk0\DR0\Partition2
12:08:39.0453 0488 ============================================================
12:08:39.0453 0488 Initialize success
12:08:39.0453 0488 ============================================================
12:09:08.0078 2724 ============================================================
12:09:08.0078 2724 Scan started
12:09:08.0078 2724 Mode: Manual;
12:09:08.0078 2724 ============================================================
12:09:08.0187 2724 ================ Scan system memory ========================
12:09:08.0187 2724 Scan interrupted by user!
12:09:08.0187 2724 ================ Scan services =============================
12:09:08.0187 2724 Scan interrupted by user!
12:09:08.0187 2724 ================ Scan global ===============================
12:09:08.0187 2724 Scan interrupted by user!
12:09:08.0187 2724 ================ Scan MBR ==================================
12:09:08.0187 2724 Scan interrupted by user!
12:09:08.0187 2724 ================ Scan VBR ==================================
12:09:08.0187 2724 Scan interrupted by user!
12:09:08.0187 2724 ============================================================
12:09:08.0187 2724 Scan finished
12:09:08.0187 2724 ============================================================
12:09:08.0203 1248 Detected object count: 0
12:09:08.0203 1248 Actual detected object count: 0
12:09:12.0531 2780 ============================================================
12:09:12.0531 2780 Scan started
12:09:12.0531 2780 Mode: Manual;
12:09:12.0531 2780 ============================================================
12:09:12.0562 2780 ================ Scan system memory ========================
12:09:12.0562 2780 System memory - ok
12:09:12.0562 2780 ================ Scan services =============================
12:09:12.0734 2780 Abiosdsk - ok
12:09:12.0734 2780 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:09:12.0734 2780 abp480n5 - ok
12:09:12.0765 2780 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:09:12.0765 2780 ACPI - ok
12:09:12.0781 2780 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:09:12.0781 2780 ACPIEC - ok
12:09:12.0875 2780 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:09:12.0875 2780 AdobeFlashPlayerUpdateSvc - ok
12:09:12.0890 2780 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:09:12.0890 2780 adpu160m - ok
12:09:12.0937 2780 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:09:12.0937 2780 aec - ok
12:09:12.0984 2780 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:09:12.0984 2780 AFD - ok
12:09:13.0000 2780 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:09:13.0000 2780 agp440 - ok
12:09:13.0000 2780 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:09:13.0000 2780 agpCPQ - ok
12:09:13.0015 2780 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:09:13.0015 2780 Aha154x - ok
12:09:13.0031 2780 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:09:13.0031 2780 aic78u2 - ok
12:09:13.0046 2780 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:09:13.0046 2780 aic78xx - ok
12:09:13.0062 2780 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:09:13.0062 2780 Alerter - ok
12:09:13.0093 2780 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:09:13.0093 2780 ALG - ok
12:09:13.0109 2780 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:09:13.0109 2780 AliIde - ok
12:09:13.0109 2780 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

#22 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 10 November 2012 - 03:54 AM

Hi ler

The history in microsft security essentials shows:

Quarantined items:

Trojan:DOS/Sinowal.Q

Alert level severe

Date 10/11/2012 9:07

Recommended action:
Items

file:C:\TDSSKiller_Quarantine\30.10.2012\mbr0000\mbr0000\tsk0000.dta
file:C:\TDSSKiller_Quarantine\30.10.2012\mbr0000\mbr0000\tsk0001.dta

Interestingly it would not let me copy and paste the two file references. It would highlight blue but not copy- exactly what happened to the desktop TDSSKiller the other day.

Can I now delete all of this from the quarantine ?

It appears I ran the TDSSKiller 5 times on the 6th presumably in an attempt to get a log to copy and paste.
I have included the first scan if you require the others please let me know:

1/

12:05:13.0531 3580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:05:13.0984 3580 ============================================================
12:05:13.0984 3580 Current date / time: 2012/11/06 12:05:13.0984
12:05:13.0984 3580 SystemInfo:
12:05:13.0984 3580
12:05:13.0984 3580 OS Version: 5.1.2600 ServicePack: 3.0
12:05:13.0984 3580 Product type: Workstation
12:05:13.0984 3580 ComputerName: ACER-926C8D0979
12:05:13.0984 3580 UserName: Eddie Hooper
12:05:13.0984 3580 Windows directory: C:\WINDOWS
12:05:13.0984 3580 System windows directory: C:\WINDOWS
12:05:13.0984 3580 Processor architecture: Intel x86
12:05:13.0984 3580 Number of processors: 1
12:05:13.0984 3580 Page size: 0x1000
12:05:13.0984 3580 Boot type: Normal boot
12:05:13.0984 3580 ============================================================
12:05:14.0437 3580 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:05:14.0484 3580 ============================================================
12:05:14.0484 3580 \Device\Harddisk0\DR0:
12:05:14.0484 3580 MBR partitions:
12:05:14.0484 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
12:05:14.0484 3580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
12:05:14.0484 3580 ============================================================
12:05:14.0531 3580 C: <-> \Device\Harddisk0\DR0\Partition1
12:05:14.0578 3580 D: <-> \Device\Harddisk0\DR0\Partition2
12:05:14.0578 3580 ============================================================
12:05:14.0578 3580 Initialize success
12:05:14.0578 3580 ============================================================
12:05:24.0953 0812 ============================================================
12:05:24.0953 0812 Scan started
12:05:24.0953 0812 Mode: Manual;
12:05:24.0953 0812 ============================================================
12:05:25.0562 0812 ================ Scan system memory ========================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan services =============================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan global ===============================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan MBR ==================================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ================ Scan VBR ==================================
12:05:25.0562 0812 Scan interrupted by user!
12:05:25.0562 0812 ============================================================
12:05:25.0562 0812 Scan finished
12:05:25.0562 0812 ============================================================
12:05:25.0578 2168 Detected object count: 0
12:05:25.0578 2168 Actual detected object count: 0
12:05:37.0078 1284 ============================================================
12:05:37.0078 1284 Scan started
12:05:37.0078 1284 Mode: Manual;
12:05:37.0078 1284 ============================================================
12:05:37.0171 1284 ================ Scan system memory ========================
12:05:37.0171 1284 System memory - ok
12:05:37.0171 1284 ================ Scan services =============================
12:05:37.0328 1284 Abiosdsk - ok
12:05:37.0359 1284 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:05:37.0359 1284 abp480n5 - ok
12:05:37.0375 1284 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:05:37.0375 1284 ACPI - ok
12:05:37.0390 1284 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:05:37.0390 1284 ACPIEC - ok
12:05:37.0468 1284 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:05:37.0484 1284 AdobeFlashPlayerUpdateSvc - ok
12:05:37.0515 1284 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:05:37.0515 1284 adpu160m - ok
12:05:37.0531 1284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:05:37.0546 1284 aec - ok
12:05:37.0593 1284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:05:37.0593 1284 AFD - ok
12:05:37.0609 1284 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:05:37.0609 1284 agp440 - ok
12:05:37.0625 1284 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:05:37.0625 1284 agpCPQ - ok
12:05:37.0625 1284 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:05:37.0625 1284 Aha154x - ok
12:05:37.0640 1284 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:05:37.0640 1284 aic78u2 - ok
12:05:37.0656 1284 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:05:37.0656 1284 aic78xx - ok
12:05:37.0687 1284 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:05:37.0687 1284 Alerter - ok
12:05:37.0718 1284 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:05:37.0718 1284 ALG - ok
12:05:37.0734 1284 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:05:37.0734 1284 AliIde - ok
12:05:37.0734 1284 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:05:37.0734 1284 alim1541 - ok
12:05:37.0750 1284 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:05:37.0750 1284 amdagp - ok
12:05:37.0750 1284 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:05:37.0750 1284 amsint - ok
12:05:37.0796 1284 [ E8885F571251A058DCA0F058341B04C1 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:05:37.0796 1284 ApfiltrService - ok
12:05:37.0828 1284 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:05:37.0828 1284 AppMgmt - ok
12:05:37.0906 1284 [ 41074707BA49D02E240C7B960217AABE ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
12:05:37.0937 1284 AR5416 - ok
12:05:37.0968 1284 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:05:37.0968 1284 Arp1394 - ok
12:05:37.0984 1284 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:05:37.0984 1284 asc - ok
12:05:37.0984 1284 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:05:37.0984 1284 asc3350p - ok
12:05:38.0000 1284 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:05:38.0000 1284 asc3550 - ok
12:05:38.0125 1284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:05:38.0140 1284 aspnet_state - ok
12:05:38.0171 1284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:05:38.0171 1284 AsyncMac - ok
12:05:38.0187 1284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:05:38.0187 1284 atapi - ok
12:05:38.0187 1284 Atdisk - ok
12:05:38.0218 1284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:05:38.0218 1284 Atmarpc - ok
12:05:38.0250 1284 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:05:38.0250 1284 AudioSrv - ok
12:05:38.0265 1284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:05:38.0265 1284 audstub - ok
12:05:38.0296 1284 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:05:38.0296 1284 b57w2k - ok
12:05:38.0421 1284 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:05:38.0421 1284 BcmSqlStartupSvc - ok
12:05:38.0437 1284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:05:38.0437 1284 Beep - ok
12:05:38.0484 1284 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:05:38.0500 1284 BITS - ok
12:05:38.0546 1284 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:05:38.0546 1284 Browser - ok
12:05:38.0562 1284 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
12:05:38.0562 1284 BUNAgentSvc - ok
12:05:38.0578 1284 catchme - ok
12:05:38.0609 1284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:05:38.0609 1284 cbidf - ok
12:05:38.0625 1284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:05:38.0625 1284 cbidf2k - ok
12:05:38.0656 1284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:05:38.0656 1284 CCDECODE - ok
12:05:38.0656 1284 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:05:38.0656 1284 cd20xrnt - ok
12:05:38.0687 1284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:05:38.0687 1284 Cdaudio - ok
12:05:38.0703 1284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:05:38.0703 1284 Cdfs - ok
12:05:38.0718 1284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:05:38.0718 1284 Cdrom - ok
12:05:38.0734 1284 Changer - ok
12:05:38.0781 1284 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:05:38.0781 1284 CiSvc - ok
12:05:38.0812 1284 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:05:38.0812 1284 ClipSrv - ok
12:05:38.0843 1284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:38.0890 1284 clr_optimization_v2.0.50727_32 - ok
12:05:38.0921 1284 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:05:38.0921 1284 CmBatt - ok
12:05:38.0921 1284 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:05:38.0921 1284 CmdIde - ok
12:05:38.0937 1284 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:05:38.0937 1284 Compbatt - ok
12:05:38.0937 1284 COMSysApp - ok
12:05:38.0968 1284 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:05:38.0968 1284 Cpqarray - ok
12:05:39.0015 1284 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:05:39.0015 1284 CryptSvc - ok
12:05:39.0015 1284 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:05:39.0031 1284 dac2w2k - ok
12:05:39.0031 1284 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:05:39.0031 1284 dac960nt - ok
12:05:39.0093 1284 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:05:39.0093 1284 DcomLaunch - ok
12:05:39.0140 1284 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:05:39.0140 1284 Dhcp - ok
12:05:39.0140 1284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:05:39.0140 1284 Disk - ok
12:05:39.0187 1284 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
12:05:39.0187 1284 DKbFltr - ok
12:05:39.0203 1284 dmadmin - ok
12:05:39.0250 1284 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:05:39.0265 1284 dmboot - ok
12:05:39.0296 1284 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:05:39.0296 1284 dmio - ok
12:05:39.0312 1284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:05:39.0312 1284 dmload - ok
12:05:39.0328 1284 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:05:39.0343 1284 dmserver - ok
12:05:39.0390 1284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:05:39.0390 1284 DMusic - ok
12:05:39.0437 1284 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:05:39.0437 1284 Dnscache - ok
12:05:39.0468 1284 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:05:39.0468 1284 Dot3svc - ok
12:05:39.0484 1284 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:05:39.0484 1284 dpti2o - ok
12:05:39.0500 1284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:05:39.0500 1284 drmkaud - ok
12:05:39.0531 1284 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:05:39.0531 1284 EapHost - ok
12:05:39.0546 1284 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:05:39.0546 1284 ERSvc - ok
12:05:39.0562 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:05:39.0578 1284 Eventlog - ok
12:05:39.0625 1284 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:05:39.0625 1284 EventSystem - ok
12:05:39.0656 1284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:05:39.0656 1284 Fastfat - ok
12:05:39.0687 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:05:39.0687 1284 FastUserSwitchingCompatibility - ok
12:05:39.0703 1284 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
12:05:39.0718 1284 Fax - ok
12:05:39.0734 1284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:05:39.0734 1284 Fdc - ok
12:05:39.0750 1284 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:05:39.0750 1284 Fips - ok
12:05:39.0765 1284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:05:39.0765 1284 Flpydisk - ok
12:05:39.0781 1284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:05:39.0781 1284 FltMgr - ok
12:05:39.0828 1284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:39.0828 1284 FontCache3.0.0.0 - ok
12:05:39.0828 1284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:05:39.0828 1284 Fs_Rec - ok
12:05:39.0843 1284 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:05:39.0843 1284 Ftdisk - ok
12:05:39.0906 1284 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:05:39.0906 1284 GoogleDesktopManager-080708-050100 - ok
12:05:39.0921 1284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:05:39.0921 1284 Gpc - ok
12:05:39.0968 1284 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:05:39.0968 1284 gusvc - ok
12:05:39.0984 1284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:05:40.0000 1284 HDAudBus - ok
12:05:40.0046 1284 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:05:40.0046 1284 helpsvc - ok
12:05:40.0062 1284 HidServ - ok
12:05:40.0078 1284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:05:40.0078 1284 HidUsb - ok
12:05:40.0125 1284 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:05:40.0125 1284 hkmsvc - ok
12:05:40.0171 1284 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:05:40.0171 1284 hpn - ok
12:05:40.0218 1284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:05:40.0234 1284 HTTP - ok
12:05:40.0265 1284 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:05:40.0265 1284 HTTPFilter - ok
12:05:40.0281 1284 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:05:40.0281 1284 i2omgmt - ok
12:05:40.0296 1284 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:05:40.0296 1284 i2omp - ok
12:05:40.0343 1284 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:05:40.0343 1284 i8042prt - ok
12:05:40.0437 1284 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:05:40.0437 1284 IAANTMON - ok
12:05:40.0625 1284 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:05:40.0781 1284 ialm - ok
12:05:40.0796 1284 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:05:40.0796 1284 iaStor - ok
12:05:40.0890 1284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:40.0906 1284 idsvc - ok
12:05:40.0937 1284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:05:40.0953 1284 Imapi - ok
12:05:40.0984 1284 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:05:41.0000 1284 ImapiService - ok
12:05:41.0031 1284 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:05:41.0031 1284 ini910u - ok
12:05:41.0187 1284 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:05:41.0296 1284 IntcAzAudAddService - ok
12:05:41.0312 1284 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:05:41.0312 1284 IntelIde - ok
12:05:41.0312 1284 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:05:41.0328 1284 intelppm - ok
12:05:41.0343 1284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:05:41.0343 1284 Ip6Fw - ok
12:05:41.0375 1284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:05:41.0375 1284 IpFilterDriver - ok
12:05:41.0406 1284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:05:41.0406 1284 IpInIp - ok
12:05:41.0437 1284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:05:41.0437 1284 IpNat - ok
12:05:41.0453 1284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:05:41.0453 1284 IPSec - ok
12:05:41.0484 1284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:05:41.0484 1284 IRENUM - ok
12:05:41.0500 1284 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:05:41.0500 1284 isapnp - ok
12:05:41.0515 1284 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
12:05:41.0515 1284 Iviaspi - ok
12:05:41.0593 1284 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:05:41.0593 1284 IviRegMgr - ok
12:05:41.0656 1284 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:05:41.0656 1284 JavaQuickStarterService - ok
12:05:41.0687 1284 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:05:41.0687 1284 Kbdclass - ok
12:05:41.0718 1284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:05:41.0718 1284 kmixer - ok
12:05:41.0750 1284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:05:41.0750 1284 KSecDD - ok
12:05:41.0796 1284 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:05:41.0796 1284 LanmanServer - ok
12:05:41.0843 1284 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:05:41.0843 1284 lanmanworkstation - ok
12:05:41.0843 1284 lbrtfdc - ok
12:05:41.0921 1284 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:05:41.0921 1284 LightScribeService - ok
12:05:41.0953 1284 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:05:41.0953 1284 LmHosts - ok
12:05:42.0000 1284 [ A57A3954408687063780055B1EF58296 ] MEMOQDRV C:\WINDOWS\system32\DRIVERS\memoqdrv.sys
12:05:42.0000 1284 MEMOQDRV - ok
12:05:42.0031 1284 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:05:42.0031 1284 Messenger - ok
12:05:42.0078 1284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:05:42.0078 1284 mnmdd - ok
12:05:42.0093 1284 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:05:42.0109 1284 mnmsrvc - ok
12:05:42.0125 1284 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:05:42.0125 1284 Modem - ok
12:05:42.0156 1284 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:05:42.0156 1284 Mouclass - ok
12:05:42.0203 1284 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:05:42.0203 1284 mouhid - ok
12:05:42.0218 1284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:05:42.0218 1284 MountMgr - ok
12:05:42.0265 1284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:42.0265 1284 MozillaMaintenance - ok
12:05:42.0296 1284 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:05:42.0312 1284 MpFilter - ok
12:05:42.0328 1284 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:05:42.0328 1284 mraid35x - ok
12:05:42.0328 1284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:05:42.0343 1284 MRxDAV - ok
12:05:42.0375 1284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:05:42.0375 1284 MRxSmb - ok
12:05:42.0421 1284 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:05:42.0421 1284 MSDTC - ok
12:05:42.0421 1284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:05:42.0437 1284 Msfs - ok
12:05:42.0437 1284 MSIServer - ok
12:05:42.0468 1284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:05:42.0468 1284 MSKSSRV - ok
12:05:42.0531 1284 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:05:42.0531 1284 MsMpSvc - ok
12:05:42.0562 1284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:05:42.0562 1284 MSPCLOCK - ok
12:05:42.0578 1284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:05:42.0578 1284 MSPQM - ok
12:05:42.0609 1284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:05:42.0609 1284 mssmbios - ok
12:05:42.0656 1284 MSSQL$MSSMLBIZ - ok
12:05:42.0703 1284 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:05:42.0703 1284 MSSQLServerADHelper - ok
12:05:42.0734 1284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:05:42.0734 1284 MSTEE - ok
12:05:42.0750 1284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:05:42.0750 1284 Mup - ok
12:05:42.0781 1284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:05:42.0781 1284 NABTSFEC - ok
12:05:42.0812 1284 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:05:42.0812 1284 napagent - ok
12:05:42.0843 1284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:05:42.0843 1284 NDIS - ok
12:05:42.0875 1284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:05:42.0875 1284 NdisIP - ok
12:05:42.0921 1284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:05:42.0921 1284 NdisTapi - ok
12:05:42.0937 1284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:05:42.0937 1284 Ndisuio - ok
12:05:42.0937 1284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:05:42.0953 1284 NdisWan - ok
12:05:42.0984 1284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:05:42.0984 1284 NDProxy - ok
12:05:42.0984 1284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:05:42.0984 1284 NetBIOS - ok
12:05:43.0000 1284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:05:43.0015 1284 NetBT - ok
12:05:43.0046 1284 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:05:43.0046 1284 NetDDE - ok
12:05:43.0062 1284 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:05:43.0062 1284 NetDDEdsdm - ok
12:05:43.0109 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:05:43.0109 1284 Netlogon - ok
12:05:43.0125 1284 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:05:43.0125 1284 Netman - ok
12:05:43.0171 1284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:43.0187 1284 NetTcpPortSharing - ok
12:05:43.0203 1284 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:05:43.0203 1284 NIC1394 - ok
12:05:43.0234 1284 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:05:43.0234 1284 Nla - ok
12:05:43.0250 1284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:05:43.0250 1284 Npfs - ok
12:05:43.0281 1284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:05:43.0296 1284 Ntfs - ok
12:05:43.0343 1284 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:05:43.0343 1284 NTIBackupSvc - ok
12:05:43.0359 1284 [ 5535174933A08BB8F1CEE26DFFB930E4 ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
12:05:43.0359 1284 NTIDrvr - ok
12:05:43.0406 1284 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:05:43.0406 1284 NTISchedulerSvc - ok
12:05:43.0421 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:05:43.0421 1284 NtLmSsp - ok
12:05:43.0484 1284 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:05:43.0484 1284 NtmsSvc - ok
12:05:43.0500 1284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:05:43.0515 1284 Null - ok
12:05:43.0531 1284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:05:43.0531 1284 NwlnkFlt - ok
12:05:43.0546 1284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:05:43.0546 1284 NwlnkFwd - ok
12:05:43.0656 1284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:05:43.0671 1284 odserv - ok
12:05:43.0703 1284 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:05:43.0703 1284 ohci1394 - ok
12:05:43.0843 1284 [ FD209F8C2562C351F7A25B4FFCD8F856 ] Orange update Core Service C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
12:05:43.0875 1284 Orange update Core Service - ok
12:05:43.0921 1284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:43.0921 1284 ose - ok
12:05:43.0953 1284 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:05:43.0953 1284 Parport - ok
12:05:43.0953 1284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:05:43.0953 1284 PartMgr - ok
12:05:43.0984 1284 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:05:43.0984 1284 ParVdm - ok
12:05:44.0000 1284 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:05:44.0000 1284 PCI - ok
12:05:44.0000 1284 PCIDump - ok
12:05:44.0015 1284 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:05:44.0015 1284 PCIIde - ok
12:05:44.0015 1284 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:05:44.0015 1284 Pcmcia - ok
12:05:44.0031 1284 PDCOMP - ok
12:05:44.0031 1284 PDFRAME - ok
12:05:44.0046 1284 PDRELI - ok
12:05:44.0046 1284 PDRFRAME - ok
12:05:44.0062 1284 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:05:44.0062 1284 perc2 - ok
12:05:44.0062 1284 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:05:44.0078 1284 perc2hib - ok
12:05:44.0140 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:05:44.0140 1284 PlugPlay - ok
12:05:44.0156 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:05:44.0156 1284 PolicyAgent - ok
12:05:44.0171 1284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:05:44.0171 1284 PptpMiniport - ok
12:05:44.0171 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:05:44.0187 1284 ProtectedStorage - ok
12:05:44.0187 1284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:44.0187 1284 PSched - ok
12:05:44.0234 1284 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:05:44.0234 1284 PSI_SVC_2 - ok
12:05:44.0250 1284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:44.0250 1284 Ptilink - ok
12:05:44.0250 1284 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:05:44.0250 1284 ql1080 - ok
12:05:44.0265 1284 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:05:44.0265 1284 Ql10wnt - ok
12:05:44.0281 1284 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:05:44.0281 1284 ql12160 - ok
12:05:44.0296 1284 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:05:44.0296 1284 ql1240 - ok
12:05:44.0312 1284 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:05:44.0312 1284 ql1280 - ok
12:05:44.0328 1284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:44.0328 1284 RasAcd - ok
12:05:44.0375 1284 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:05:44.0375 1284 RasAuto - ok
12:05:44.0390 1284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:44.0406 1284 Rasl2tp - ok
12:05:44.0421 1284 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:05:44.0421 1284 RasMan - ok
12:05:44.0437 1284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:44.0437 1284 RasPppoe - ok
12:05:44.0453 1284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:44.0453 1284 Raspti - ok
12:05:44.0468 1284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:44.0484 1284 Rdbss - ok
12:05:44.0484 1284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:44.0484 1284 RDPCDD - ok
12:05:44.0500 1284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:05:44.0500 1284 rdpdr - ok
12:05:44.0562 1284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:44.0562 1284 RDPWD - ok
12:05:44.0593 1284 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:05:44.0593 1284 RDSessMgr - ok
12:05:44.0625 1284 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:44.0625 1284 redbook - ok
12:05:44.0671 1284 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:05:44.0671 1284 regi - ok
12:05:44.0718 1284 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:05:44.0718 1284 RemoteAccess - ok
12:05:44.0718 1284 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:05:44.0718 1284 RemoteRegistry - ok
12:05:44.0765 1284 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:05:44.0765 1284 RpcLocator - ok
12:05:44.0796 1284 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:05:44.0812 1284 RpcSs - ok
12:05:44.0828 1284 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:05:44.0828 1284 RSVP - ok
12:05:44.0859 1284 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:05:44.0859 1284 SamSs - ok
12:05:44.0890 1284 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:05:44.0890 1284 SCardSvr - ok
12:05:44.0906 1284 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:05:44.0921 1284 Schedule - ok
12:05:44.0953 1284 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:05:44.0953 1284 sdbus - ok
12:05:44.0984 1284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:05:44.0984 1284 Secdrv - ok
12:05:44.0984 1284 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:05:44.0984 1284 seclogon - ok
12:05:45.0000 1284 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:05:45.0000 1284 SENS - ok
12:05:45.0031 1284 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:05:45.0031 1284 Serial - ok
12:05:45.0046 1284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:05:45.0046 1284 Sfloppy - ok
12:05:45.0109 1284 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:05:45.0109 1284 SharedAccess - ok
12:05:45.0140 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:05:45.0140 1284 ShellHWDetection - ok
12:05:45.0140 1284 Simbad - ok
12:05:45.0203 1284 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:05:45.0203 1284 sisagp - ok
12:05:45.0218 1284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:05:45.0218 1284 SLIP - ok
12:05:45.0250 1284 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:05:45.0250 1284 Sparrow - ok
12:05:45.0265 1284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:05:45.0281 1284 splitter - ok
12:05:45.0312 1284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:05:45.0312 1284 Spooler - ok
12:05:45.0343 1284 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:05:45.0343 1284 SQLBrowser - ok
12:05:45.0390 1284 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:05:45.0390 1284 SQLWriter - ok
12:05:45.0406 1284 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:05:45.0406 1284 sr - ok
12:05:45.0421 1284 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:05:45.0437 1284 srservice - ok
12:05:45.0453 1284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:05:45.0453 1284 Srv - ok
12:05:45.0484 1284 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:05:45.0484 1284 SSDPSRV - ok
12:05:45.0531 1284 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:05:45.0531 1284 stisvc - ok
12:05:45.0562 1284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:05:45.0562 1284 streamip - ok
12:05:45.0578 1284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:05:45.0593 1284 swenum - ok
12:05:45.0593 1284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:05:45.0593 1284 swmidi - ok
12:05:45.0609 1284 SwPrv - ok
12:05:45.0609 1284 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:05:45.0625 1284 symc810 - ok
12:05:45.0625 1284 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:05:45.0625 1284 symc8xx - ok
12:05:45.0640 1284 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:05:45.0640 1284 sym_hi - ok
12:05:45.0656 1284 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:05:45.0656 1284 sym_u3 - ok
12:05:45.0656 1284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:45.0656 1284 sysaudio - ok
12:05:45.0703 1284 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:05:45.0718 1284 SysmonLog - ok
12:05:45.0718 1284 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:05:45.0734 1284 TapiSrv - ok
12:05:45.0765 1284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:05:45.0765 1284 Tcpip - ok
12:05:45.0796 1284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:05:45.0796 1284 TDPIPE - ok
12:05:45.0828 1284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:05:45.0828 1284 TDTCP - ok
12:05:45.0859 1284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:05:45.0859 1284 TermDD - ok
12:05:45.0875 1284 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:05:45.0890 1284 TermService - ok
12:05:45.0906 1284 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:05:45.0921 1284 Themes - ok
12:05:45.0937 1284 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:05:45.0953 1284 TlntSvr - ok
12:05:45.0984 1284 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:05:45.0984 1284 TosIde - ok
12:05:46.0015 1284 [ 3AFFF25EAE28188FA4ECD292658BE31B ] TpChoice C:\WINDOWS\system32\DRIVERS\TpChoice.sys
12:05:46.0015 1284 TpChoice - ok
12:05:46.0046 1284 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:05:46.0046 1284 TrkWks - ok
12:05:46.0062 1284 [ 5E3966A0D9B57531264FC0C835021FA1 ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
12:05:46.0062 1284 UBHelper - ok
12:05:46.0078 1284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:05:46.0078 1284 Udfs - ok
12:05:46.0093 1284 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:05:46.0093 1284 ultra - ok
12:05:46.0140 1284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:05:46.0140 1284 Update - ok
12:05:46.0171 1284 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:05:46.0171 1284 upnphost - ok
12:05:46.0203 1284 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:05:46.0203 1284 UPS - ok
12:05:46.0234 1284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:05:46.0234 1284 usbccgp - ok
12:05:46.0250 1284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:05:46.0250 1284 usbehci - ok
12:05:46.0250 1284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:05:46.0265 1284 usbhub - ok
12:05:46.0265 1284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:05:46.0265 1284 usbprint - ok
12:05:46.0296 1284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:05:46.0296 1284 usbscan - ok
12:05:46.0296 1284 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:05:46.0296 1284 USBSTOR - ok
12:05:46.0328 1284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:05:46.0328 1284 usbuhci - ok
12:05:46.0359 1284 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:05:46.0359 1284 usbvideo - ok
12:05:46.0390 1284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:05:46.0390 1284 VgaSave - ok
12:05:46.0390 1284 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:05:46.0406 1284 viaagp - ok
12:05:46.0406 1284 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:05:46.0406 1284 ViaIde - ok
12:05:46.0421 1284 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:05:46.0421 1284 VolSnap - ok
12:05:46.0453 1284 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:05:46.0468 1284 VSS - ok
12:05:46.0500 1284 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:05:46.0500 1284 W32Time - ok
12:05:46.0515 1284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:05:46.0515 1284 Wanarp - ok
12:05:46.0531 1284 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:05:46.0546 1284 Wdf01000 - ok
12:05:46.0562 1284 WDICA - ok
12:05:46.0578 1284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:05:46.0578 1284 wdmaud - ok
12:05:46.0593 1284 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:05:46.0593 1284 WebClient - ok
12:05:46.0671 1284 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:05:46.0671 1284 winmgmt - ok
12:05:46.0734 1284 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:05:46.0734 1284 WmdmPmSN - ok
12:05:46.0765 1284 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:05:46.0781 1284 Wmi - ok
12:05:46.0781 1284 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:05:46.0781 1284 WmiAcpi - ok
12:05:46.0828 1284 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:05:46.0828 1284 WmiApSrv - ok
12:05:46.0859 1284 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:05:46.0859 1284 WS2IFSL - ok
12:05:46.0890 1284 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:05:46.0890 1284 wscsvc - ok
12:05:46.0921 1284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:05:46.0921 1284 WSTCODEC - ok
12:05:46.0953 1284 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:05:46.0953 1284 wuauserv - ok
12:05:46.0984 1284 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:05:47.0000 1284 WZCSVC - ok
12:05:47.0031 1284 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:05:47.0031 1284 xmlprov - ok
12:05:47.0046 1284 ================ Scan global ===============================
12:05:47.0093 1284 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:05:47.0140 1284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:47.0156 1284 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:05:47.0187 1284 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:05:47.0187 1284 [Global] - ok
12:05:47.0187 1284 ================ Scan MBR ==================================
12:05:47.0203 1284 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
12:05:49.0531 1284 \Device\Harddisk0\DR0 - ok
12:05:49.0546 1284 ================ Scan VBR ==================================
12:05:49.0546 1284 [ BC4749E89EE9915D0E2FC08C0D2D40B6 ] \Device\Harddisk0\DR0\Partition1
12:05:49.0546 1284 \Device\Harddisk0\DR0\Partition1 - ok
12:05:49.0593 1284 [ 11857727105556DFE3CE603245B0CD86 ] \Device\Harddisk0\DR0\Partition2
12:05:49.0593 1284 \Device\Harddisk0\DR0\Partition2 - ok
12:05:49.0593 1284 ============================================================
12:05:49.0593 1284 Scan finished
12:05:49.0593 1284 ============================================================
12:05:49.0609 1288 Detected object count: 0
12:05:49.0609 1288 Actual detected object count: 0
12:05:56.0046 4044 Deinitialize suc



The OTL scans are here:

OTL Extras logfile created on: 10/11/2012 10:03:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eddie Hooper\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

952.80 Mb Total Physical Memory | 600.82 Mb Available Physical Memory | 63.06% Memory free
2.24 Gb Paging File | 1.89 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 52.78 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 69.48 Gb Free Space | 99.77% Space Free | Partition Type: NTFS

Computer Name: ACER-926C8D0979 | User Name: Eddie Hooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters

Edited by winston66, 10 November 2012 - 04:28 AM.


#23 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 12 November 2012 - 06:29 AM

Hi winston66,

Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\SearchScopes\{7CBE9A18-A251-4C13-89CD-CF8531B4627D}: "URL" = http://websearch.ask...apn_dtid=OSJ000
    CHR - Extension: No name found = C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid\1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf\1.0_1\
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP"=-
    "65533:TCP"=-
    "52344:TCP"=-

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

====

  • Please download aswMBR.exe to your Desktop. Visit this Webpage for the download link, and instructions for running the tool.
  • Please download latest definitions by confirming the dialog.
  • When finished please run a Scan only, at this time, and then click on Save log, and save the results to your Desktop.
  • Please include aswMBR.txt in your next reply for further review.


#24 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 12 November 2012 - 12:07 PM

Hi ler,

I enclose the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CBE9A18-A251-4C13-89CD-CF8531B4627D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7CBE9A18-A251-4C13-89CD-CF8531B4627D}\ not found.
C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid\1.0_0\icons folder moved successfully.
C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid\1.0_0 folder moved successfully.
C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf\1.0_1\icons folder moved successfully.
C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf\1.0_1 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Eddie Hooper
->Temp folder emptied: 1393848 bytes
->Temporary Internet Files folder emptied: 1218423 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80621526 bytes
->Google Chrome cache emptied: 53744555 bytes
->Flash cache emptied: 3138 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 43988 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 234654 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 142677 bytes

Total Files Cleaned = 131.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11122012_180220

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_5b8.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




and here is the MBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 18:09:17
-----------------------------
18:09:17.000 OS Version: Windows 5.1.2600 Service Pack 3
18:09:17.000 Number of processors: 1 586 0x170A
18:09:17.000 ComputerName: ACER-926C8D0979 UserName: Eddie Hooper
18:09:18.515 Initialize success
18:12:43.625 AVAST engine defs: 12111200
18:12:48.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:12:48.281 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
18:12:48.359 Disk 0 MBR read successfully
18:12:48.359 Disk 0 MBR scan
18:12:48.484 Disk 0 unknown MBR code
18:12:48.500 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
18:12:48.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
18:12:48.578 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
18:12:48.625 Disk 0 scanning sectors +312578048
18:12:48.656 Disk 0 malicious Win32:MBRoot code @ sector 312578051 !
18:12:48.734 Disk 0 scanning C:\WINDOWS\system32\drivers
18:12:57.984 Service scanning
18:13:17.078 Modules scanning
18:13:24.812 Disk 0 trace - called modules:
18:13:24.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:13:24.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b604c8]
18:13:24.875 3 CLASSPNP.SYS[f76d2fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b1e028]
18:13:25.343 AVAST engine scan C:\WINDOWS
18:13:36.421 AVAST engine scan C:\WINDOWS\system32
18:16:40.046 AVAST engine scan C:\WINDOWS\system32\drivers
18:16:56.062 AVAST engine scan C:\Documents and Settings\Eddie Hooper
18:19:55.609 AVAST engine scan C:\Documents and Settings\All Users
18:20:36.250 Scan finished successfully
18:24:20.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat"
18:24:20.781 The log file has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\aswMBR.txt"



Kind regards,

winston 66

Edited by winston66, 12 November 2012 - 12:27 PM.


#25 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 13 November 2012 - 03:34 PM

Hi winston66,

Please go to http://www.virustotal.com , click on Choose File, and upload the following file for analysis:

C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat

Then click Scan it!. Allow the file to be scanned, and then please copy/paste the link to the results here for me to see.

====

Please re-run aswMBR, click FixMBR and confirm the warning dialog.

Please click the drop-down list near AV Scan and select (none), then click Scan.

When finished please click Fix if possible. Save the log to your Desktop by clicking Save log and enclose it in your reply.

ler

#26 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 13 November 2012 - 04:45 PM

Hi ler,

I enclose the result of the virustotal scan. Looks like we caught one !


VirusTotal
SHA256: 5987cba64be16f11792cd6cb3533c18ea5a509fd8095049601928f4421c53eaf
File name: MBR.dat
Detection ratio: 1 / 44
Analysis date: 2012-11-13 21:40:30 UTC ( 0 minutes ago )
0
0
More details

Analysis
Comments
Votes
Additional information

Antivirus Result Update
Agnitum - 20121113
AhnLab-V3 - 20121113
AntiVir - 20121113
Antiy-AVL - 20121113
Avast - 20121113
AVG - 20121113
BitDefender - 20121113
ByteHero - 20121110
CAT-QuickHeal - 20121113
ClamAV - 20121113
Commtouch - 20121113
Comodo - 20121113
DrWeb - 20121113
Emsisoft - 20121113
eSafe - 20121112
ESET-NOD32 - 20121113
F-Prot - 20121113
F-Secure - 20121113
Fortinet - 20121113
GData - 20121113
Ikarus - 20121113
Jiangmin - 20121113
K7AntiVirus - 20121110
Kaspersky - 20121113
Kingsoft - 20121112
McAfee - 20121113
McAfee-GW-Edition - 20121113
Microsoft - 20121113
MicroWorld-eScan - 20121113
Norman - 20121112
nProtect - 20121113
Panda - 20121113
PCTools - 20121113
Rising - 20121113
Sophos - 20121113
SUPERAntiSpyware - 20121113
Symantec - 20121113
TheHacker - 20121113
TotalDefense - 20121113
TrendMicro - 20121113
TrendMicro-HouseCall - 20121113
VBA32 suspected of Unknown.BootVirus 20121112
VIPRE - 20121113
ViRobot - 20121113


Reference the aswMBR. When I run the program and the black window opens with white type I presume you do not want me to scan first but go straight to click FixMBR ?

When I do this the warning window states that I could damage partition files and cause them to become inaccessible.
Are you sure you want to fix MBR ?

Is it okay to proceed with this action ?

Best wishes,

winston 66

Edited by winston66, 13 November 2012 - 05:06 PM.


#27 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 14 November 2012 - 02:56 PM

Reference the aswMBR. When I run the program and the black window opens with white type I presume you do not want me to scan first but go straight to click FixMBR ?

Correct :thumbup:

When I do this the warning window states that I could damage partition files and cause them to become inaccessible.
Are you sure you want to fix MBR ?

Is it okay to proceed with this action ?

Please go ahead. The file MBR.dat on your Desktop contains a backup copy. You can restore your old MBR at any time :thumbup:

#28 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 14 November 2012 - 04:01 PM

Hi ler and thanks for the info.

I enclose the aswMBR log below:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 21:38:40
-----------------------------
21:38:40.015 OS Version: Windows 5.1.2600 Service Pack 3
21:38:40.015 Number of processors: 1 586 0x170A
21:38:40.015 ComputerName: ACER-926C8D0979 UserName: Eddie Hooper
21:38:40.453 Initialize success
21:47:39.125 AVAST engine defs: 12111401
21:47:54.437 Verifying
21:48:04.484 Disk 0 Windows 501 MBR fixed successfully
21:48:55.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:55.296 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:48:55.328 Disk 0 MBR read successfully
21:48:55.328 Disk 0 MBR scan
21:48:55.406 Disk 0 Windows XP default MBR code
21:48:55.515 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
21:48:55.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
21:48:55.562 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
21:48:55.578 Disk 0 scanning sectors +312578048
21:48:55.609 Disk 0 malicious Win32:MBRoot code @ sector 312578051 !
21:48:55.796 Disk 0 scanning C:\WINDOWS\system32\drivers
21:49:04.875 Service scanning
21:49:28.625 Modules scanning
21:49:36.640 Disk 0 trace - called modules:
21:49:36.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:49:36.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b603d0]
21:49:36.718 3 CLASSPNP.SYS[f76d2fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b1e028]
21:49:36.718 Scan finished successfully
21:49:56.375 Disk 0 MBR read successfully
21:49:56.390 Disk 0 scanning sectors +312578048
21:49:56.421 Disk 0 malicious Win32:MBRoot code @ sector 312578051 !
21:49:56.437 Disk 0 sector 312578051 cleaned
21:49:56.437 Verifying disinfection
21:50:06.531 Infection fixed successfully - please reboot ASAP
21:50:23.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat"
21:50:23.625 The log file has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\aswMBR.txt"


Kind regards,

winston 66

ler
I thought it might be helpful to run the scan one more time and enclose the log here:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 22:02:41
-----------------------------
22:02:41.171 OS Version: Windows 5.1.2600 Service Pack 3
22:02:41.171 Number of processors: 1 586 0x170A
22:02:41.171 ComputerName: ACER-926C8D0979 UserName: Eddie Hooper
22:02:41.578 Initialize success
22:02:55.734 AVAST engine defs: 12111401
22:03:03.359 Verifying
22:03:13.406 Disk 0 Windows 501 MBR fixed successfully
22:03:30.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:30.656 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
22:03:30.656 Disk 0 MBR read successfully
22:03:30.671 Disk 0 MBR scan
22:03:30.734 Disk 0 Windows XP default MBR code
22:03:30.781 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
22:03:30.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
22:03:30.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
22:03:30.859 Disk 0 scanning sectors +312578048
22:03:30.953 Disk 0 scanning C:\WINDOWS\system32\drivers
22:03:39.250 Service scanning
22:03:58.062 Modules scanning
22:04:04.437 Disk 0 trace - called modules:
22:04:04.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:04:04.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b603d0]
22:04:04.500 3 CLASSPNP.SYS[f76d2fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b1e028]
22:04:04.515 Scan finished successfully
22:04:50.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat"
22:04:50.828 The log file has been saved successfully to "C:\Documents and Settings\Eddie Hooper\Desktop\aswMBR.txt"



So it looks as if that malicious Win32 has gone.
I am still unable to change to firefox as my start page but the pc seems to boot up okay. The only out of the ordinary start up is that i get a couple of new hardware detected windows opening.

Look forward to hearing your thoughts,

regards,

winston 66

Edited by winston66, 14 November 2012 - 04:11 PM.


#29 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 15 November 2012 - 03:38 PM

Hey winston66,

aswMBR looks fine.

Please download SystemLook and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    prefs.js
    
    :dir
    %userprofile%\Desktop /md5
    %programfiles%\Mozilla Firefox /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#30 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 15 November 2012 - 04:57 PM

Hi ler,

and thanks once again for the info and help.

I enclose the latest log below:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:52 on 15/11/2012 by Eddie Hooper
Administrator - Elevation successful

========== filefind ==========

Searching for "prefs.js"
C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\prefs.js --a---- 5127 bytes [21:50 15/11/2012] [21:50 15/11/2012] 4916CFA9A44939978CDE1C6ADD69BF74

========== dir ==========

C:\Documents and Settings\Eddie Hooper\Desktop - Parameters: "/md5"

---Files---
aswMBR.exe --a---- 4732416 bytes [17:08 12/11/2012] [17:09 12/11/2012] BE3AB4803C963BE0357541EC3B17D443
aswMBR.txt --a---- 8246 bytes [17:24 12/11/2012] [21:04 14/11/2012] ACE7EBD17C788C85F5D48A37117D9364
attach.txt --a---- 16990 bytes [11:50 31/10/2012] [12:10 31/10/2012] AB5150043FDF695FFEB0A0882EF29334
avgremover.log --a---- 122164 bytes [18:44 03/11/2012] [18:44 03/11/2012] 08C531DD157B295EA5B2B97F2F7C8D4A
avg_remover_stf_x86_2012_2125.exe --a---- 1973368 bytes [18:44 03/11/2012] [18:44 03/11/2012] 9D01A11C3C74A887F68759A04DD35D71
checkup.txt --a---- 1332 bytes [12:12 31/10/2012] [12:12 31/10/2012] 024F89994F6A8DE5A53CB4743084E354
dds.txt --a---- 16946 bytes [11:50 31/10/2012] [12:10 31/10/2012] FA1D86089B25B00CE8A5E0B4490963B8
Extras.Txt --a---- 48936 bytes [09:08 10/11/2012] [09:08 10/11/2012] 61D1FD3A5BA6D2B5E34C2278A6B87D1E
GetOpenClipboardwindow.zip --a---- 4181 bytes [09:32 07/11/2012] [09:32 07/11/2012] E9CFCB52DAD88CC19330AB72C06B9715
Google Chrome.lnk --a---- 2341 bytes [12:34 25/04/2011] [08:22 10/11/2012] 5EABE90578FEA6FDC32367C7F3A2E59E
mbam-log-2012-10-31 (12-27-28).txt --a---- 1948 bytes [11:47 31/10/2012] [11:47 31/10/2012] 985CF0F971203F8EA8C64096321C8E30
MBR.dat --a---- 512 bytes [17:24 12/11/2012] [21:04 14/11/2012] 420362C9A3D96998C5402145E774B489
OTL.exe --a---- 602112 bytes [08:55 10/11/2012] [08:55 10/11/2012] 4ADCFEE16EE9978F06157634669D36FB
OTL.Txt --a---- 83912 bytes [09:25 10/11/2012] [09:18 10/11/2012] 6D9FF70060CBD5ED0EF7508431B74C7C
Parental Control.url --a---- 127 bytes [11:29 25/04/2011] [16:06 13/07/2011] 6906331D2D876908E5B0DE11EC53421B
R0001.wav --a---- 57404 bytes [16:13 07/06/2011] [16:13 07/06/2011] B55D40A692E5AA028B2A276FAEDF0EB4
SystemLook.exe --a---- 139264 bytes [21:51 15/11/2012] [21:51 15/11/2012] DEDB5F9E28EE2C9363E83A2A94BA83B9
SystemLook.txt --a---- 378 bytes [21:52 15/11/2012] [21:52 15/11/2012] F9D180B1E3FF48A61ED73D13C8408ECC
tdsskiller.exe --a---- 2213976 bytes [17:03 08/11/2012] [17:03 08/11/2012] EBC984F0CE40E0DAF0454D806EC2A7EC
VoiceManager.exe --a---- 1506304 bytes [16:07 07/06/2011] [08:31 14/11/2008] 28740D8D53B02D79E14CE452DE4795A1
Windows Media Player.lnk --a---- 790 bytes [20:19 25/04/2011] [16:13 07/06/2011] BF61A4EF6F9E8E98A149FBEBF9456BC5

---Folders---
GetOpenClipboardwindow d------ [09:33 07/11/2012]

C:\Program Files\Mozilla Firefox - Parameters: "/s"

---Files---
AccessibleMarshal.dll --a---- 18912 bytes [11:01 29/10/2012] [17:50 24/10/2012]
application.ini --a---- 463 bytes [11:01 29/10/2012] [17:50 24/10/2012]
blocklist.xml --a---- 30601 bytes [11:01 29/10/2012] [17:50 24/10/2012]
breakpadinjector.dll --a---- 73696 bytes [11:01 29/10/2012] [17:50 24/10/2012]
chrome.manifest --a---- 36 bytes [11:01 29/10/2012] [17:50 24/10/2012]
crashreporter-override.ini --a---- 783 bytes [11:01 29/10/2012] [17:50 24/10/2012]
crashreporter.exe --a---- 116192 bytes [11:01 29/10/2012] [17:50 24/10/2012]
crashreporter.ini --a---- 4003 bytes [11:01 29/10/2012] [17:50 24/10/2012]
D3DCompiler_43.dll --a---- 2106216 bytes [11:01 29/10/2012] [17:50 24/10/2012]
d3dx9_43.dll --a---- 1998168 bytes [11:01 29/10/2012] [17:50 24/10/2012]
dependentlibs.list --a---- 183 bytes [11:01 29/10/2012] [17:50 24/10/2012]
firefox.exe --a---- 917984 bytes [11:01 29/10/2012] [17:50 24/10/2012]
freebl3.chk --a---- 478 bytes [11:01 29/10/2012] [17:50 24/10/2012]
freebl3.dll --a---- 258528 bytes [11:01 29/10/2012] [17:50 24/10/2012]
gkmedias.dll --a---- 2560480 bytes [11:01 29/10/2012] [17:50 24/10/2012]
install.log --a---- 23156 bytes [11:01 29/10/2012] [11:01 29/10/2012]
libEGL.dll --a---- 80864 bytes [11:01 29/10/2012] [17:50 24/10/2012]
libGLESv2.dll --a---- 416224 bytes [11:01 29/10/2012] [17:50 24/10/2012]
maintenanceservice.exe --a---- 115168 bytes [11:01 29/10/2012] [17:50 24/10/2012]
maintenanceservice_installer.exe --a---- 192600 bytes [11:01 29/10/2012] [17:50 24/10/2012]
mozalloc.dll --a---- 15840 bytes [11:01 29/10/2012] [17:50 24/10/2012]
mozglue.dll --a---- 124384 bytes [11:01 29/10/2012] [17:50 24/10/2012]
mozjs.dll --a---- 2295264 bytes [11:01 29/10/2012] [17:50 24/10/2012]
mozsqlite3.dll --a---- 816608 bytes [11:01 29/10/2012] [17:50 24/10/2012]
msvcp100.dll --a---- 421200 bytes [11:01 29/10/2012] [17:50 24/10/2012]
msvcr100.dll --a---- 770384 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nspr4.dll --a---- 172000 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nss3.dll --a---- 638432 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nssckbi.dll --a---- 370656 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nssdbm3.chk --a---- 478 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nssdbm3.dll --a---- 96224 bytes [11:01 29/10/2012] [17:50 24/10/2012]
nssutil3.dll --a---- 92640 bytes [11:01 29/10/2012] [17:50 24/10/2012]
omni.ja --a---- 8792750 bytes [11:01 29/10/2012] [17:50 24/10/2012]
platform.ini --a---- 142 bytes [11:01 29/10/2012] [17:50 24/10/2012]
plc4.dll --a---- 21472 bytes [11:01 29/10/2012] [17:50 24/10/2012]
plds4.dll --a---- 20960 bytes [11:01 29/10/2012] [17:50 24/10/2012]
plugin-container.exe --a---- 16864 bytes [11:01 29/10/2012] [17:50 24/10/2012]
precomplete --a---- 1772 bytes [11:01 29/10/2012] [17:50 24/10/2012]
removed-files --a---- 35999 bytes [11:01 29/10/2012] [16:07 24/10/2012]
smime3.dll --a---- 91104 bytes [11:01 29/10/2012] [17:50 24/10/2012]
softokn3.chk --a---- 478 bytes [11:01 29/10/2012] [17:50 24/10/2012]
softokn3.dll --a---- 155104 bytes [11:01 29/10/2012] [17:50 24/10/2012]
ssl3.dll --a---- 145376 bytes [11:01 29/10/2012] [17:50 24/10/2012]
update-settings.ini --a---- 132 bytes [11:01 29/10/2012] [17:50 24/10/2012]
updater.exe --a---- 270816 bytes [11:01 29/10/2012] [17:50 24/10/2012]
updater.ini --a---- 1245 bytes [11:01 29/10/2012] [17:50 24/10/2012]
webapp-uninstaller.exe --a---- 157272 bytes [11:01 29/10/2012] [17:50 24/10/2012]
webapprt-stub.exe --a---- 96224 bytes [11:01 29/10/2012] [17:50 24/10/2012]
xpcom.dll --a---- 19424 bytes [11:01 29/10/2012] [17:50 24/10/2012]
xul.dll --a---- 14676448 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\components d------ [11:01 29/10/2012]
binary.manifest --a---- 34 bytes [11:01 29/10/2012] [17:50 24/10/2012]
browsercomps.dll --a---- 261600 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\defaults d------ [11:01 29/10/2012]

C:\Program Files\Mozilla Firefox\defaults\pref d------ [11:01 29/10/2012]
channel-prefs.js --a---- 345 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\dictionaries d------ [11:01 29/10/2012]
en-US.aff --a---- 3274 bytes [11:01 29/10/2012] [17:50 24/10/2012]
en-US.dic --a---- 624100 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\distribution d------ [11:01 29/10/2012]
distribution.ini --a---- 436 bytes [11:01 29/10/2012] [00:44 25/10/2012]

C:\Program Files\Mozilla Firefox\extensions d------ [11:01 29/10/2012]

C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} d------ [11:01 29/10/2012]
icon.png --a---- 2185 bytes [11:01 29/10/2012] [17:50 24/10/2012]
install.rdf --a---- 1325 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\searchplugins d------ [11:01 29/10/2012]
amazondotcom.xml --a---- 1607 bytes [11:01 29/10/2012] [17:50 24/10/2012]
bing.xml --a---- 2465 bytes [11:01 29/10/2012] [17:50 24/10/2012]
eBay.xml --a---- 1344 bytes [11:01 29/10/2012] [17:50 24/10/2012]
google.xml --a---- 3581 bytes [11:01 29/10/2012] [17:50 24/10/2012]
twitter.xml --a---- 2058 bytes [11:01 29/10/2012] [17:50 24/10/2012]
wikipedia.xml --a---- 1391 bytes [11:01 29/10/2012] [17:50 24/10/2012]
yahoo.xml --a---- 1309 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\uninstall d------ [11:01 29/10/2012]
helper.exe --a---- 889848 bytes [11:01 29/10/2012] [17:50 24/10/2012]
shortcuts_log.ini --a---- 322 bytes [11:01 29/10/2012] [11:01 29/10/2012]
uninstall.log --a---- 1983 bytes [11:01 29/10/2012] [11:01 29/10/2012]

C:\Program Files\Mozilla Firefox\webapprt d------ [11:01 29/10/2012]
omni.ja --a---- 16131 bytes [11:01 29/10/2012] [17:50 24/10/2012]
webapprt.ini --a---- 495 bytes [11:01 29/10/2012] [17:50 24/10/2012]

C:\Program Files\Mozilla Firefox\webapprt\components d------ [11:01 29/10/2012]

-= EOF =-


Kind regards,

winston66

#31 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 16 November 2012 - 12:34 PM

Hi winston66,

Please run OTL.exe.
  • Copy the commands in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    IE - HKCU\..\SearchScopes,DefaultScope = {814C76CB-2623-43F4-AAD0-58A0E5190A20}
    FF - user.js..browser.startup.homepage: "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_FF"
    FF - user.js..browser.search.selectedEngine: "Orange"
    FF - user.js..keyword.URL: "http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="
    
    :Files
    C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js
    
    :Commands
    [EmptyTemp]
    
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please let me know if this resolves your start page problem :thumbup:

#32 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 16 November 2012 - 01:28 PM

Hi ler,

I have re run the OTL program and paste the log below.

Unfortunately the start page is still the Orange one.

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\FireFox\Profiles\vn7h6agv.default\user.js moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\user.js not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Eddie Hooper
->Temp folder emptied: 71221799 bytes
->Temporary Internet Files folder emptied: 70249938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59410044 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 21404 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3371903 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15107546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 209.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162012_185456

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Apologies if I should have mentioned this before, but I believe I picked up the virus (es) about a year ago when I used to post on some bulletin boards. In trying to help someone with a problem I stupidly gave out my e mail address and there after I seemed to experience problems.
It also appeared that the same group of posters knew when I was merely looking at a bulletin board as they would all suddenly appear wherever I was reading. It was as if they could track me.
Would the type of virus you have found have these capabilities and are there any specific security measures you would recommend.
I also have another laptop which appears to function okay (windows 7) but is there a possibility that something is lurking there as well.

I look forward to receiving your thoughts and as always, thanks very much for your assistance.

Best wishes,

winston 66

#33 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 17 November 2012 - 12:26 PM

ler Hi,

and some good news on the home page.

I removed all the orange programs from the computer. I don't really use them and I reasoned that I can always re instal at a later date.

I have entered http://www.google.co.uk/firefox in the homepage window under tools/options and that seems to work.

I get the firefox start page with a google seasrch option on start up.

I look forward to your comments on this and yesterday's post.

Kind regards,

winston 66

#34 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 18 November 2012 - 05:15 AM

Hi,

I stupidly gave out my e mail address and there after I seemed to experience problems.

Giving out your email address makes you an easy target for spammers. However it will not infect your machine. Did you receive emails with suspicious links in it? Or did you open a suspicious attachment?

Would the type of virus you have found have these capabilities and are there any specific security measures you would recommend.

The main infection was a Sinowal.b bootkit. This kind of infection is known to steal passwords. I don't think it is used to track people's activity. You can find more information here.

I'll provide instructions for additional security measures when everything is clean :thumbup:

I get the firefox start page with a google seasrch option on start up.

Good work! I'll check the OTL log to make sure everything's gone.

====

Your logs show leftovers from a previous AVG AntiVirus FREE 2013 installation. Please rightclick AVGRemover, use Save Link As to save it to your Desktop and run it. Please read the warning dialog and confirm.

====

  • Please close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following:

    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will create a log file. Please post its content in your reply


#35 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 18 November 2012 - 10:32 AM

Hi ler,

I've run the avg remover as requested and scanned the code that you asked me to with OTL.
The log is posted below:

OTL logfile created on: 18/11/2012 16:21:45 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eddie Hooper\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

952.80 Mb Total Physical Memory | 133.23 Mb Available Physical Memory | 13.98% Memory free
2.24 Gb Paging File | 1.53 Gb Available in Paging File | 68.12% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 51.77 Gb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 68.93 Gb Free Space | 98.98% Space Free | Partition Type: NTFS

Computer Name: ACER-926C8D0979 | User Name: Eddie Hooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 19:11:17 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Eddie Hooper\Local Settings\Temp\RtkBtMnt.exe
PRC - [2012/11/10 09:55:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eddie Hooper\Desktop\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/01/19 20:35:59 | 058,503,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\SQLServer2005ExpressSP4-KB2463332-x86-ENU.exe
PRC - [2010/12/11 09:57:58 | 057,447,776 | ---- | M] (Microsoft Corporation) -- d:\1a92056f6dd191777ecc7d\hotfixexpress\files\sqlexpr.exe
PRC - [2010/12/10 18:29:30 | 002,151,264 | ---- | M] (Microsoft Corporation) -- d:\918d74e447fda8d7fb55\setup.exe
PRC - [2010/12/10 17:55:14 | 002,542,944 | ---- | M] (Microsoft Corporation) -- d:\1a92056f6dd191777ecc7d\hotfix.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/28 23:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2008/08/07 14:29:58 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/07/25 03:48:10 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/08 17:18:40 | 000,466,944 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/08 01:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/08 01:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 16:21:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\Installer\MSI22.tmp
MOD - [2012/11/15 23:06:15 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d1e023bc\mscorlib.dll
MOD - [2012/11/15 23:06:13 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_002bd310\system.drawing.dll
MOD - [2012/11/15 23:06:07 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_9578ad2c\system.xml.dll
MOD - [2012/11/15 23:06:04 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_2747e738\system.windows.forms.dll
MOD - [2012/11/15 23:05:54 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7a2a298b\system.dll
MOD - [2012/11/15 23:05:40 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/11/15 23:05:39 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/10/29 12:20:01 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/08/19 07:24:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/08/19 07:24:30 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008/07/08 17:18:40 | 000,466,944 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2008/04/04 11:00:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/02/29 06:44:22 | 001,024,000 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
MOD - [2008/02/29 06:44:20 | 000,098,304 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
MOD - [2008/02/29 06:44:20 | 000,061,440 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
MOD - [2005/10/20 16:20:24 | 000,208,896 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 12:18:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/29 12:05:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/05/08 01:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/01/09 20:03:06 | 000,018,304 | R--- | M] (BCPC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\memoqdrv.sys -- (MEMOQDRV)
DRV - [2009/06/22 20:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/01/10 03:38:36 | 000,190,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/14 01:11:16 | 004,754,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/03/19 22:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/12/26 06:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r..._defaultPage_IE
IE - HKCU\..\SearchScopes,DefaultScope = {814C76CB-2623-43F4-AAD0-58A0E5190A20}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r...a={searchTerms}
IE - HKCU\..\SearchScopes\{FF331F9B-6B24-4A35-A54A-3C1E3BB9EDE6}: "URL" = http://www.google.co...ie7&rlz=1I7ACAW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Orange"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox"
FF - prefs.js..keyword.URL: "http://r.orange.fr/r..._orange?rdata="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 12:01:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/29 12:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Extensions
[2012/11/17 18:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\extensions
[2012/11/17 18:02:11 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla\Firefox\Profiles\vn7h6agv.default\searchplugins\orange.xml
[2012/10/29 12:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://r.orange.fr/r..._defaultPage_CH
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://r.orange.fr/r..._defaultPage_CH
CHR - Extension: No name found = C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf\1.0_1\

O1 HOSTS File: ([2012/11/06 11:53:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1d970ed5-3eda-438d-bffd-715931e2775b} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4211D83-58D2-4459-8306-EB771B467B5A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ACERTX.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACERTX.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/03 11:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 16:18:38 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eddie Hooper\Desktop\avg_remover_stf_x86_2013_2706.exe
[2012/11/15 23:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/11/12 18:08:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Eddie Hooper\Desktop\aswMBR.exe
[2012/11/12 18:02:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/10 09:55:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eddie Hooper\Desktop\OTL.exe
[2012/11/08 18:03:10 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eddie Hooper\Desktop\tdsskiller.exe
[2012/11/07 10:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eddie Hooper\Desktop\GetOpenClipboardwindow
[2012/11/06 13:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/06 12:07:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/04 10:52:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/04 10:45:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/04 10:45:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/04 10:45:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/04 10:45:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/03 19:44:06 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eddie Hooper\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/11/03 09:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/11/02 13:48:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/02 13:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/02 12:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/11/02 12:38:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/10/31 12:49:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eddie Hooper\Start Menu\Programs\Administrative Tools
[2012/10/30 11:12:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/29 15:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eddie Hooper\Application Data\Malwarebytes
[2012/10/29 15:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/29 14:35:31 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/10/29 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/29 14:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/10/29 12:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/10/29 12:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/10/29 12:05:32 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/29 12:05:31 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/29 12:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\Mozilla
[2012/10/29 12:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eddie Hooper\Application Data\Mozilla
[2012/10/29 12:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/29 12:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/29 12:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/29 11:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/29 11:51:34 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/10/29 11:51:21 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/10/29 11:51:21 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/10/29 11:51:21 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/10/29 11:29:34 | 000,000,000 | ---D | C] -- C:\$AVG

========== Files - Modified Within 30 Days ==========

[2012/11/18 16:27:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/18 16:19:03 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008UA.job
[2012/11/18 16:18:41 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eddie Hooper\Desktop\avg_remover_stf_x86_2013_2706.exe
[2012/11/18 16:17:27 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/11/18 16:16:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/18 16:16:56 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 19:09:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/16 18:51:24 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 23:02:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/15 23:01:20 | 000,493,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 23:01:20 | 000,091,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 22:51:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Desktop\SystemLook.exe
[2012/11/15 22:49:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/14 22:04:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat
[2012/11/12 18:09:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Eddie Hooper\Desktop\aswMBR.exe
[2012/11/10 09:55:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eddie Hooper\Desktop\OTL.exe
[2012/11/10 09:22:14 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Desktop\Google Chrome.lnk
[2012/11/10 09:22:14 | 000,002,319 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/10 09:19:01 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3921896784-1015831755-3862374435-1008Core.job
[2012/11/08 18:03:13 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Eddie Hooper\Desktop\tdsskiller.exe
[2012/11/07 10:32:22 | 000,004,181 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Desktop\GetOpenClipboardwindow.zip
[2012/11/06 11:53:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/04 10:52:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/03 19:44:07 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Eddie Hooper\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/10/29 14:32:03 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/29 12:31:18 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/10/29 12:10:16 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/10/29 12:05:32 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/29 12:05:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/29 12:01:07 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/29 12:01:07 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/29 11:56:15 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\dt.dat
[2012/10/22 09:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 09:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Files Created - No Company Name ==========

[2012/11/15 22:51:32 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Desktop\SystemLook.exe
[2012/11/12 18:24:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Desktop\MBR.dat
[2012/11/07 10:32:22 | 000,004,181 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Desktop\GetOpenClipboardwindow.zip
[2012/11/04 10:52:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/04 10:52:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/04 10:45:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/04 10:45:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/04 10:45:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/04 10:45:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/04 10:45:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/29 14:41:54 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/29 14:32:03 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/10/29 14:31:55 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/29 12:10:15 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/10/29 12:10:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/29 12:05:34 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/29 12:01:07 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/29 12:01:07 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/29 12:01:06 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/29 11:56:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\dt.dat
[2012/02/23 11:51:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/23 10:44:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/29 10:20:44 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/29 10:20:44 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/29 10:20:44 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/29 10:20:44 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/29 10:20:44 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/29 10:20:44 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/29 10:20:44 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/29 10:20:44 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/29 10:20:44 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/29 10:20:44 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/04/29 10:20:44 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/29 10:20:44 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/29 10:20:44 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/29 10:20:44 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/29 10:20:44 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/29 10:20:44 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/04/29 10:20:44 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/04/29 10:20:44 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/29 10:20:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/25 21:20:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/04/25 21:20:16 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC0.dat
[2011/04/25 21:20:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2011/04/25 21:20:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2011/04/25 21:20:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/04/25 20:39:01 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[2011/04/25 20:38:18 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2011/04/25 12:33:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Eddie Hooper\Local Settings\Application Data\fusioncache.dat
[2011/04/25 12:29:35 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2011/04/25 12:27:54 | 000,024,576 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe

========== ZeroAccess Check ==========

[2008/08/19 07:20:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/11/04 11:06:52 | 000,002,247 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/06 11:32:31 | 000,002,301 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/11/06 12:00:24 | 000,001,325 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2008/07/03 11:05:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/25 21:15:09 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/11/04 10:52:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2008/07/03 03:48:26 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/11/06 11:56:11 | 000,014,247 | ---- | M] () -- C:\ComboFix.txt
[2008/07/03 11:05:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/05/31 13:05:36 | 010,580,992 | ---- | M] () -- C:\EJ & RP Hooper.QBW
[2012/11/18 16:16:56 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/03 11:05:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/03 11:05:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 05:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/11/18 16:16:55 | 1497,366,528 | -HS- | M] () -- C:\pagefile.sys
[2009/07/22 19:18:24 | 000,007,329 | -HS- | M] () -- C:\Patch.rev
[2008/08/19 08:51:58 | 000,000,074 | RHS- | M] () -- C:\preload.aaa
[2008/08/19 08:51:58 | 000,000,074 | RHS- | M] () -- C:\Preload.rev
[2011/04/25 21:20:41 | 000,000,593 | ---- | M] () -- C:\RHDSetup.log
[2012/10/30 11:13:04 | 000,098,464 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_30.10.2012_11.12.00_log.txt
[2012/10/30 11:17:34 | 000,097,410 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_30.10.2012_11.15.15_log.txt
[2012/10/30 11:23:02 | 000,097,410 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_30.10.2012_11.22.28_log.txt
[2012/11/06 12:05:56 | 000,097,320 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.11.2012_12.05.13_log.txt
[2012/11/06 12:09:24 | 000,097,236 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.11.2012_12.08.37_log.txt
[2012/11/06 12:20:22 | 000,094,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.11.2012_12.19.16_log.txt
[2012/11/06 12:22:43 | 000,094,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.11.2012_12.20.59_log.txt
[2012/11/06 12:57:19 | 000,094,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.11.2012_12.54.15_log.txt
[2012/11/07 10:10:41 | 000,023,090 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_07.11.2012_10.09.42_log.txt
[2012/11/07 10:13:26 | 000,097,306 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_07.11.2012_10.11.45_log.txt
[2012/11/08 18:19:48 | 000,094,966 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.11.2012_18.04.03_log.txt
[2011/04/25 12:30:19 | 000,491,118 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-11-18 15:25:09

< End of report >

With best wishes

winston 66

#36 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 20 November 2012 - 02:59 AM

Hi winston66,

The OTL log looks good!

`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)

I recommend that you defragment your C: Drive. You can find a brief howto here.

Java™ 6 Update 37
Java version out of Date!

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:
  • Please go to the below link and download the latest version:
http://www.java.com/en/download/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel >Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Posted Image
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Please let me know if there are any further problems with your computer. :thumbup:

#37 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 20 November 2012 - 07:54 AM

Hi ler

I fragmented the disc when you flagged it up up right at the beginning of the thread via my computer/properties/tools/defragment now.
Do I need to do it again or is your advice a repeat of the earlier one ?

I have un installed the old Java and installed Java 7 version 9.
I am not using this computer other than for fulfilling the instructions that you have sent.
It now boots up quickly and appears to be functioning normally.
If you are happy that we have eradicated the major issues then so am I.

I am very grateful for the time you have dedicated to resolving the problems and it has certainly been an education on my part.

The only worry that I have is whether or not the rootkiller virus has entered and is lurking on my windows 7 laptop.
If it doesn't take up too much time can you please advise what steps I need to take to make sure it isn't lurking there as well.

Many thanks.

Best wishes,

winston 66

#38 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 20 November 2012 - 05:32 PM

I fragmented the disc when you flagged it up up right at the beginning of the thread via my computer/properties/tools/defragment now.
Do I need to do it again or is your advice a repeat of the earlier one ?

That's alright. Please keep in mind to defragment your partitions regularly. High fragmentation slows down your system.

I am very grateful for the time you have dedicated to resolving the problems and it has certainly been an education on my part.

You're welcome :thumbup:

The only worry that I have is whether or not the rootkiller virus has entered and is lurking on my windows 7 laptop.
If it doesn't take up too much time can you please advise what steps I need to take to make sure it isn't lurking there as well.

The best would be to start a new topic and post MBAM, DDS and the Security check log.

====

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

====

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes
====

To remove the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Please delete all the tools, files and folders from your Desktop that were created during the removal. Please empty the Recycle Bin to ban them permanently from your system :thumbup:

====

At least one infection that was present at your computer is known to steal sensitive data. I strongly suggest you change all your passwords now. Please be sure you choose strong passwords. You can find more information about what makes a password secure here.

====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:


Avira Free Antivirus
avast! Free Antivirus
Microsoft Security Essentials
AVG Antivirus Free

In addition to an antivirus I recommend using a firewall with HIPS (Host Intrusion Prevention Systems). A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:


Comodo Firewall Free
Online Armor Free

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system. Programs like Filehippo.com's Update Checker or Secunia PSI can help you tracking and updating outdated software.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:


WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
SiteAdvisor from McAfee warns you of known malicious sites.
Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust. NoScript is a popular Firefox addon, ScriptNo a popular Google Chrome addon.

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

#39 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 21 November 2012 - 03:14 AM

ler

Once again many many thanks for your assistance in cleaning the computer.
I will complete the tidying up operations this morning and instal the relevant programs that you have advised.
I will start a new log for the windows 7 laptop.
Once again thanks very much for the assistance.
Kind regards,

winston 66

ps Do I start the new log under the malware section or the pc troubleshooting section.
pps On start up of firefox a window appeared stating that another program on the computer wants to instal the Ask toolbar. I said no but in view of your previous comments re Ask is this suspicious ?
Kind regards,

winston 66

I've checked in control panel and Ask toolbar and Ask toolbar updater are both there ???

Best wishes

winston 66

reference your scareware information:

On my windows 7 laptop I have just received the following e mail:

contsct @ goglemedia.com
(suspected spam) serious message concerning you ----- ------

It's obviously a play on google and for the moment I've put it in the spam folder.
What could/would have happened if I had opened it ?

Kind regards,

winston 66

Edited by winston66, 21 November 2012 - 05:33 AM.


#40 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 24 November 2012 - 01:42 AM

ler Hi,

I don't know if you have missed my post of 21st November. You are probably very busy.

Kind regards,

winston 66

#41 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 24 November 2012 - 03:50 AM

Sorry, I missed your post. I will have a reply for you soon.

Edited by ler, 24 November 2012 - 03:59 AM.


#42 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 24 November 2012 - 12:59 PM

I don't know if you have missed my post of 21st November.

Sorry for that :sorry:

Do I start the new log under the malware section or the pc troubleshooting section.

I'd post in the malware section :thumbup:

What could/would have happened if I had opened it ?

Most of these emails are phishing mails. These mails usually contain one or more links to a faked website and try to make you entering certain account credentials there. Any data entered on these websites goes straight to the cyber criminals.

On start up of firefox a window appeared stating that another program on the computer wants to instal the Ask toolbar. I said no but in view of your previous comments re Ask is this suspicious ?

Did it say what program wanted to install Ask Toolbar?

I've checked in control panel and Ask toolbar and Ask toolbar updater are both there ???

Please uninstall both. Did you install any new software recently?

ler

#43 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 24 November 2012 - 04:11 PM

ler

Thanks for the reply and advice.
It did not state which program wanted to install Ask.
I will un install them both as before and the only work I,ve done on this computer is in connection with your help to clean it.

Kind regards,

winston 66

#44 winston66

winston66

    Member

  • Full Member
  • Pip
  • 81 posts

Posted 28 November 2012 - 01:50 PM

Hi ler

Right if you are happy with things it looks as if we have mission accomplished.

I have had to switch to this laptop as the other one is blocked and it appears to be operating smoothly and without problems.

I would like to express once again my sincere thanks for your help.

A little early but have a good Christmas and a Happy New Year.

Best wishes

winston 66

#45 ler

ler

    SWI Junkie

  • Helper Trainee+
  • PipPipPipPip
  • 318 posts

Posted 15 December 2012 - 03:49 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button