Both IE and Firefox redirecting links

DenverDeveloper · July 19, 2012

I downloaded and ran the latest Malwarebytes. It found several things, which I cleaned, and then rebooted. Still happening. Note, too, that I found a few obvious registry entries that I fixed already via Hijackthis, and which will not show up in the hijackthis log I'm posting below, since they're already "fixed". But if they might be helpful... here they are:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=1ruiDlFG5J6C5mE5TgOFGNP2WWg

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23012

Okay, so here are the two logs:

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/1/2006 3:17:53 PM

System Uptime: 7/18/2012 9:45:13 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FF049

Processor: Genuine Intel® CPU T2250 @ 1.73GHz |

Microprocessor | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 107 GiB total, 21.664 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: HP LaserJet P4515

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: Hewlett-Packard

Name: HP LaserJet P4515

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\PRINTER\0000

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\PRINTER\0000

Service:

.

==== System Restore Points ===================

.

RP1515: 4/20/2012 7:29:43 AM - Software Distribution Service

3.0

RP1516: 4/22/2012 9:50:19 PM - System Checkpoint

RP1517: 4/23/2012 3:00:18 AM - Software Distribution Service

3.0

RP1518: 4/23/2012 6:17:26 AM - Removed Java 6 Update 11

RP1519: 4/23/2012 6:18:09 AM - Installed Java 6 Update 31

RP1520: 4/24/2012 3:00:19 AM - Software Distribution Service

3.0

RP1521: 4/25/2012 3:00:19 AM - Software Distribution Service

3.0

RP1522: 4/25/2012 9:54:38 PM - Software Distribution Service

3.0

RP1523: 4/27/2012 5:07:49 AM - Software Distribution Service

3.0

RP1524: 4/28/2012 8:22:37 AM - Software Distribution Service

3.0

RP1525: 4/30/2012 7:20:04 AM - Software Distribution Service

3.0

RP1526: 5/1/2012 7:00:21 AM - Software Distribution Service

3.0

RP1527: 5/2/2012 6:44:38 AM - Software Distribution Service

3.0

RP1528: 5/3/2012 3:00:19 AM - Software Distribution Service

3.0

RP1529: 5/4/2012 3:00:19 AM - Software Distribution Service

3.0

RP1530: 5/5/2012 3:00:19 AM - Software Distribution Service

3.0

RP1531: 5/6/2012 3:00:19 AM - Software Distribution Service

3.0

RP1532: 5/7/2012 3:00:18 AM - Software Distribution Service

3.0

RP1533: 5/8/2012 3:00:19 AM - Software Distribution Service

3.0

RP1534: 5/9/2012 3:00:18 AM - Software Distribution Service

3.0

RP1535: 5/11/2012 3:00:29 AM - Software Distribution Service

3.0

RP1536: 5/12/2012 3:45:02 AM - System Checkpoint

RP1537: 5/13/2012 3:54:03 AM - System Checkpoint

RP1538: 5/14/2012 4:54:03 AM - System Checkpoint

RP1539: 5/15/2012 5:54:07 AM - System Checkpoint

RP1540: 5/16/2012 6:54:06 AM - System Checkpoint

RP1541: 5/17/2012 3:00:19 AM - Software Distribution Service

3.0

RP1542: 5/18/2012 3:00:19 AM - Software Distribution Service

3.0

RP1543: 5/19/2012 3:00:19 AM - Software Distribution Service

3.0

RP1544: 5/20/2012 3:00:20 AM - Software Distribution Service

3.0

RP1545: 5/21/2012 3:00:19 AM - Software Distribution Service

3.0

RP1546: 5/22/2012 3:00:19 AM - Software Distribution Service

3.0

RP1547: 5/23/2012 3:00:19 AM - Software Distribution Service

3.0

RP1548: 5/24/2012 3:00:19 AM - Software Distribution Service

3.0

RP1549: 5/25/2012 3:00:19 AM - Software Distribution Service

3.0

RP1550: 5/26/2012 3:00:20 AM - Software Distribution Service

3.0

RP1551: 5/27/2012 3:00:19 AM - Software Distribution Service

3.0

RP1552: 5/28/2012 3:00:18 AM - Software Distribution Service

3.0

RP1553: 5/29/2012 3:00:18 AM - Software Distribution Service

3.0

RP1554: 5/30/2012 3:00:20 AM - Software Distribution Service

3.0

RP1555: 5/31/2012 3:00:19 AM - Software Distribution Service

3.0

RP1556: 6/1/2012 3:00:19 AM - Software Distribution Service

3.0

RP1557: 6/2/2012 3:00:20 AM - Software Distribution Service

3.0

RP1558: 6/3/2012 3:00:21 AM - Software Distribution Service

3.0

RP1559: 6/4/2012 3:00:19 AM - Software Distribution Service

3.0

RP1560: 6/5/2012 3:00:20 AM - Software Distribution Service

3.0

RP1561: 6/6/2012 3:00:19 AM - Software Distribution Service

3.0

RP1562: 6/7/2012 3:00:19 AM - Software Distribution Service

3.0

RP1563: 6/8/2012 3:00:19 AM - Software Distribution Service

3.0

RP1564: 6/9/2012 3:00:19 AM - Software Distribution Service

3.0

RP1565: 6/10/2012 3:00:18 AM - Software Distribution Service

3.0

RP1566: 6/10/2012 9:35:19 AM - Software Distribution Service

3.0

RP1567: 6/11/2012 11:35:29 AM - System Checkpoint

RP1568: 6/12/2012 3:00:19 AM - Software Distribution Service

3.0

RP1569: 6/13/2012 3:00:18 AM - Software Distribution Service

3.0

RP1570: 6/14/2012 3:40:58 AM - System Checkpoint

RP1571: 6/15/2012 3:45:28 AM - System Checkpoint

RP1572: 6/16/2012 4:45:28 AM - System Checkpoint

RP1573: 6/17/2012 3:00:19 AM - Software Distribution Service

3.0

RP1574: 6/18/2012 3:00:19 AM - Software Distribution Service

3.0

RP1575: 6/19/2012 3:00:19 AM - Software Distribution Service

3.0

RP1576: 6/20/2012 3:00:19 AM - Software Distribution Service

3.0

RP1577: 6/21/2012 3:00:19 AM - Software Distribution Service

3.0

RP1578: 6/22/2012 3:00:19 AM - Software Distribution Service

3.0

RP1579: 6/23/2012 3:00:19 AM - Software Distribution Service

3.0

RP1580: 6/24/2012 3:00:19 AM - Software Distribution Service

3.0

RP1581: 6/25/2012 3:00:18 AM - Software Distribution Service

3.0

RP1582: 6/26/2012 3:00:19 AM - Software Distribution Service

3.0

RP1583: 6/27/2012 3:00:18 AM - Software Distribution Service

3.0

RP1584: 6/28/2012 3:00:20 AM - Software Distribution Service

3.0

RP1585: 6/29/2012 3:00:20 AM - Software Distribution Service

3.0

RP1586: 6/30/2012 3:00:19 AM - Software Distribution Service

3.0

RP1587: 7/1/2012 3:00:18 AM - Software Distribution Service

3.0

RP1588: 7/2/2012 3:00:19 AM - Software Distribution Service

3.0

RP1589: 7/3/2012 3:00:18 AM - Software Distribution Service

3.0

RP1590: 7/4/2012 3:00:18 AM - Software Distribution Service

3.0

RP1591: 7/5/2012 3:00:18 AM - Software Distribution Service

3.0

RP1592: 7/6/2012 3:00:18 AM - Software Distribution Service

3.0

RP1593: 7/7/2012 3:00:19 AM - Software Distribution Service

3.0

RP1594: 7/8/2012 3:00:18 AM - Software Distribution Service

3.0

RP1595: 7/9/2012 3:00:19 AM - Software Distribution Service

3.0

RP1596: 7/10/2012 3:00:18 AM - Software Distribution Service

3.0

RP1597: 7/11/2012 3:00:22 AM - Software Distribution Service

3.0

RP1598: 7/12/2012 3:30:20 AM - System Checkpoint

RP1599: 7/13/2012 4:30:20 AM - System Checkpoint

RP1600: 7/14/2012 3:00:19 AM - Software Distribution Service

3.0

RP1601: 7/15/2012 3:00:19 AM - Software Distribution Service

3.0

RP1602: 7/16/2012 3:00:19 AM - Software Distribution Service

3.0

RP1603: 7/17/2012 3:00:19 AM - Software Distribution Service

3.0

RP1604: 7/18/2012 3:00:21 AM - Software Distribution Service

3.0

RP1605: 7/18/2012 2:59:27 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

8000A809

8000A809_eDocs

8000A809_Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader X (10.1.3)

Amazon MP3 Downloader 1.0.15

America Online (Choose which version to remove)

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Connectivity Services

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BlackBerry Desktop Software 4.1

Bonjour

BPDSoftware

BPDSoftware_Ini

Broadcom Management Programs

BufferChm

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA3

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

ConverterLite 0.1

Crayon Physics Deluxe - release 53

Crayon Physics Deluxe Demo - release 52

Critical Update for Windows Media Player 11 (KB959772)

Crystal Reports Basic for Visual Studio 2008

Data Junction 6.5 Enterprise

Dell Support 3.2

Dell System Restore

DeviceDiscovery

Digital Content Portal

Digital Line Detect

DJ Engine 6.5 Enterprise

EarthLink Setup Files

FlipShare

Google Desktop

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.5.0.457

GPBaseService2

HD View

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix 2055 for SQL Server 2000 ENU (KB960082)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2008 Professional Edition

- ENU (KB2538241)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 12.0

HP Imaging Device Functions 12.0

HP Officejet Pro 8000 A809 Series

HP Smart Web Printing

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

ISOMagic 4.0 (Remove only)

iTunes

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 31

Java 6 Update 7

Learn2 Player (Uninstall Only)

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

mCore

MCU

mDrWiFi

MediaDirect

mHlpDell

Microsoft .NET Compact Framework 2.0 SP2

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Device Emulator version 3.0 - ENU

Microsoft Document Explorer 2008

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Live Meeting 2007

Microsoft Office Outlook 2003 with Business Contact Manager

Update

Microsoft Office Professional Edition 2003

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3

(SP3)

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft SQL Server 2000 Sample Database Scripts

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Analysis Services

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Reporting Services

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server Compact 3.5 for Devices ENU

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Database Publishing Wizard 1.3

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2008 Professional Edition - ENU

Service Pack 1 (KB945140)

Microsoft Visual Studio Web Authoring Component

Microsoft Windows SDK for Visual Studio 2008 .NET Framework

Tools - enu

Microsoft Windows SDK for Visual Studio 2008 Headers and

Libraries

Microsoft Windows SDK for Visual Studio 2008 SDK Reference

Assemblies and IntelliSense

Microsoft Windows SDK for Visual Studio 2008 SP1 Tools

Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools

mIWA

mLogView

mMHouse

MobileMe Control Panel

Modem Helper

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

MSDN Library for Visual Studio 2008 - ENU

mSSO

MSVCRT

MSVCSetup

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

mWlsSafe

mWMI

mXML

myPrintMileage (Officejet Pro 8000 A809)

mZConfig

Netflix Movie Viewer

NetWaiting

Network

NetZeroInstallers

OutlookAddinSetup

OverDrive Media Console

PL/SQL Developer

PokerStars

PokerStars.net

ProductContext

Qualxserve Service Agreement

QuickSet

QuickTime

RealPlayer Basic

Safari

ScanWizard 5

SearchAssist

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for Microsoft .NET Framework 3.5 SP1

(KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1

(KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672)

32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785)

32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Visual Studio 2008 Professional

Edition - ENU (KB2251487)

Security Update for Microsoft Visual Studio 2008 Professional

Edition - ENU (KB2669970)

Security Update for Microsoft Visual Studio 2008 Professional

Edition - ENU (KB972222)

Security Update for Microsoft Visual Studio 2008 Professional

Edition - ENU (KB973675)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training

(KB898458)

Security Update for Step By Step Interactive Training

(KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976323)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Shop for HP Supplies

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Sonic DLA

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

SQL Server System CLR Types

Status

Symantec AntiVirus

Synaptics Pointing Device Driver

TextPad 4.7

Toolbox

TrayApp

TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and

Utility

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Visual Studio Web Authoring Component

(KB945140)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Viewpoint Media Player

Visual C++ 2008 IA64 Runtime - (v9.0.30729)

Visual C++ 2008 IA64 Runtime - v9.0.30729.01

Visual C++ 2008 x64 Runtime - (v9.0.30729)

Visual C++ 2008 x64 Runtime - v9.0.30729.01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)

Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 2008 x86 Runtime - v9.0.30729.4148

Visual C++ 2008 x86 Runtime - v9.0.30729.6161

Visual Studio 2005 Tools for Office Second Edition Runtime

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime Service

Pack 1 (KB949258)

VOIP321

WebFldrs XP

WebReg

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB894476

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Mobile 5.0 SDK R2 for Pocket PC

Windows Mobile 5.0 SDK R2 for Smartphone

Windows XP Service Pack 3

WinZip 16.0

XML Paper Specification Shared Components Pack 1.0

Yontoo Layers Runtime 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

7/18/2012 9:49:56 PM, error: Service Control Manager [7009]

- Timeout (30000 milliseconds) waiting for the FlipShare

Service service to connect.

7/18/2012 9:49:56 PM, error: Service Control Manager [7000]

- The FlipShare Service service failed to start due to the

following error: The service did not respond to the start or

control request in a timely fashion.

7/18/2012 9:40:12 AM, error: DCOM [10016] - The

application-specific permission settings do not grant Local

Activation permission for the COM Server application with

CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT

AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security

permission can be modified using the Component Services

administrative tool.

7/16/2012 5:19:53 PM, error: MRxSmb [8003] - The master

browser has received a server announcement from the computer

ACER that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{E57D75DF-CC1E-45EC-97BC. The

master browser is stopping or an election is being forced.

7/11/2012 3:27:08 AM, error: Service Control Manager [7000]

- The ASPI32 service failed to start due to the following

error: The system cannot find the file specified.

7/11/2012 3:26:01 AM, error: FW1 [1] - FW1: FW-1: module VPN

is registered twice

.

==== End Of File ===========================

And dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by gabe at 22:08:47 on 2012-07-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2269 [GMT -6:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\Program Files\Philips\VOIP321\VOIP321.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\TextPad 4\TextPad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRunOnce: [iETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

StartupFolder: c:\docume~1\gabe\startm~1\programs\startup\voip321.lnk - c:\program files\philips\voip321\VOIP321.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard

5\ScannerFinder.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql

server\80\tools\binn\sqlmangr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} -

hxxps://training.reports.targetsite.com/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=ei3p51zvunn1mt55capvgb45&Co

ntrolID=fc47e59acd704681a63e55d867fde2eb&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E57D75DF-CC1E-45EC-97BC-15C3401C5285} : DhcpNameServer = 192.168.0.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ckpNotify - ckpNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\gabe\application data\mozilla\firefox\profiles\9icxbd7h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 6f8a07da-ad67-4396-b475-52aa38b2b691

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2009-6-14 339328]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2009-6-14 55168]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2009-8-3 191848]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2009-8-3 169320]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-1 1966008]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-29 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2009-12-15 684280]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2012-6-1 106656]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-29 2245624]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120713.004\naveng.sys [2012-7-13 87928]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120713.004\navex15.sys [2012-7-13 1589752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-28 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe

[2012-4-26 113120]

S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-2-13 187392]

S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-2-13 254464]

S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-11-28 215040]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-9-1 116664]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-4-26 28944]

S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\apache\apache\Apache.exe [2002-4-18 4096]

S4 OracleServiceGABE;OracleServiceGABE;c:\oracle\ora92\bin\oracle.exe gabe --> c:\oracle\ora92\bin\ORACLE.EXE GABE [?]

S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.4\reporting

services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]

.

=============== Created Last 30 ================

.

2012-07-18 20:59:35 388096 ----a-r- c:\documents and settings\gabe\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-07-18 20:59:31 -------- d-----w- c:\program files\Trend Micro

2012-07-16 22:40:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-07-16 22:40:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 21:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 12:18:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-23 12:18:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFAF4B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8afb693c]; MOV EAX, [0x8afb6ab0]; PUSH EBX; PUSH

ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8B134AB8]

3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000007e[0x8B1405F8]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8B0DDD98]

\Driver\atapi[0x8B09B218] -> IRP_MJ_CREATE -> 0x8AFAF4B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP

MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AFAF2E2

user & kernel MBR OK

copy of MBR has been found in sector 227689245

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:11:29.82 ===============

Any help you can provide would be very much appreciated.

Thanks!

DD

DenverDeveloper · July 19, 2012

Oh, and to add one other thing: The behavior seems very much like that described in the post "Infected- redirects google links" - Now that I notice, it seems like it may just be the google links that are redirecting.

screen317 · July 19, 2012

Hi and welcome to Malwarebytes.

Ensure that Word Wrap is off in Notepad.

Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
Execute the file TDSSKiller.exe by double-clicking on it.
Wait for the scan and disinfection process to be over.
When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

DenverDeveloper · July 19, 2012

Hi screen317,

Thanks so much for your help! And sorry about the word wrap.

I'm going to break this post up into parts, since the whole thing is too long for one post.

TDSSKiller found two threats. You didn't mention if I should clean them or not, so at first, after running the tool, I just closed it without chosing to kill the threat.

Here's the log from running it that first time without killing the threat it found:

12:57:04.0015 5568 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

12:57:04.0656 5568 ============================================================

12:57:04.0656 5568 Current date / time: 2012/07/19 12:57:04.0656

12:57:04.0656 5568 SystemInfo:

12:57:04.0656 5568

12:57:04.0656 5568 OS Version: 5.1.2600 ServicePack: 3.0

12:57:04.0656 5568 Product type: Workstation

12:57:04.0656 5568 ComputerName: GOHOME

12:57:04.0656 5568 UserName: gabe

12:57:04.0656 5568 Windows directory: C:\WINDOWS

12:57:04.0656 5568 System windows directory: C:\WINDOWS

12:57:04.0656 5568 Processor architecture: Intel x86

12:57:04.0656 5568 Number of processors: 2

12:57:04.0656 5568 Page size: 0x1000

12:57:04.0656 5568 Boot type: Normal boot

12:57:04.0656 5568 ============================================================

12:57:08.0984 5568 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:57:08.0984 5568 ============================================================

12:57:08.0984 5568 \Device\Harddisk0\DR0:

12:57:08.0984 5568 MBR partitions:

12:57:08.0984 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xD50CFD2

12:57:09.0000 5568 ============================================================

12:57:09.0437 5568 C: <-> \Device\Harddisk0\DR0\Partition0

12:57:09.0437 5568 ============================================================

12:57:09.0437 5568 Initialize success

12:57:09.0437 5568 ============================================================

12:57:21.0562 3716 ============================================================

12:57:21.0562 3716 Scan started

12:57:21.0562 3716 Mode: Manual;

12:57:21.0562 3716 ============================================================

12:57:22.0125 3716 Abiosdsk - ok

12:57:22.0171 3716 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

12:57:22.0187 3716 abp480n5 - ok

12:57:22.0250 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:57:22.0359 3716 ACPI - ok

12:57:22.0375 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:57:22.0375 3716 ACPIEC - ok

12:57:22.0390 3716 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

12:57:22.0406 3716 adpu160m - ok

12:57:22.0421 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:57:22.0437 3716 aec - ok

12:57:22.0484 3716 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

12:57:22.0500 3716 AegisP - ok

12:57:22.0546 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:57:22.0562 3716 AFD - ok

12:57:22.0578 3716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

12:57:22.0640 3716 agp440 - ok

12:57:22.0656 3716 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

12:57:22.0656 3716 agpCPQ - ok

12:57:22.0671 3716 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

12:57:22.0687 3716 Aha154x - ok

12:57:22.0718 3716 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

12:57:22.0734 3716 aic78u2 - ok

12:57:22.0734 3716 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

12:57:22.0750 3716 aic78xx - ok

12:57:22.0796 3716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

12:57:22.0812 3716 Alerter - ok

12:57:22.0828 3716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

12:57:22.0843 3716 ALG - ok

12:57:22.0875 3716 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

12:57:22.0937 3716 AliIde - ok

12:57:22.0937 3716 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

12:57:22.0953 3716 alim1541 - ok

12:57:22.0953 3716 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

12:57:22.0968 3716 amdagp - ok

12:57:22.0968 3716 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

12:57:22.0984 3716 amsint - ok

12:57:23.0234 3716 AOL ACS (8fa646f0e639d9a8c8b98e217d471dc0) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

12:57:23.0281 3716 AOL ACS - ok

12:57:23.0328 3716 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

12:57:23.0468 3716 APPDRV - ok

12:57:23.0578 3716 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

12:57:23.0593 3716 Apple Mobile Device - ok

12:57:23.0671 3716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

12:57:23.0687 3716 AppMgmt - ok

12:57:23.0734 3716 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:57:23.0750 3716 Arp1394 - ok

12:57:23.0796 3716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

12:57:23.0812 3716 asc - ok

12:57:23.0812 3716 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

12:57:23.0828 3716 asc3350p - ok

12:57:23.0828 3716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

12:57:23.0843 3716 asc3550 - ok

12:57:23.0890 3716 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

12:57:23.0906 3716 ASCTRM - ok

12:57:23.0921 3716 ASPI32 - ok

12:57:24.0046 3716 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:57:24.0140 3716 aspnet_state - ok

12:57:24.0171 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:57:24.0171 3716 AsyncMac - ok

12:57:24.0187 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:57:24.0187 3716 atapi - ok

12:57:24.0203 3716 Atdisk - ok

12:57:24.0218 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:57:24.0234 3716 Atmarpc - ok

12:57:24.0296 3716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

12:57:24.0296 3716 AudioSrv - ok

12:57:24.0343 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:57:24.0343 3716 audstub - ok

12:57:24.0375 3716 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

12:57:24.0390 3716 bcm4sbxp - ok

12:57:24.0437 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:57:24.0453 3716 Beep - ok

12:57:24.0531 3716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

12:57:24.0593 3716 BITS - ok

12:57:24.0703 3716 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

12:57:24.0734 3716 Bonjour Service - ok

12:57:24.0781 3716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

12:57:24.0796 3716 Browser - ok

12:57:24.0812 3716 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

12:57:24.0828 3716 cbidf - ok

12:57:24.0828 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:57:24.0828 3716 cbidf2k - ok

12:57:24.0937 3716 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe

12:57:25.0015 3716 CCALib8 - ok

12:57:25.0093 3716 ccEvtMgr (e403a2d0f451500ff12638c19cffc87c) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

12:57:25.0109 3716 ccEvtMgr - ok

12:57:25.0140 3716 ccSetMgr (64ca18128973124df92d516d50c03aef) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

12:57:25.0171 3716 ccSetMgr - ok

12:57:25.0187 3716 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

12:57:25.0234 3716 cd20xrnt - ok

12:57:25.0265 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:57:25.0281 3716 Cdaudio - ok

12:57:25.0328 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:57:25.0343 3716 Cdfs - ok

12:57:25.0390 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:57:25.0484 3716 Cdrom - ok

12:57:25.0484 3716 Changer - ok

12:57:25.0546 3716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

12:57:25.0546 3716 CiSvc - ok

12:57:25.0562 3716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

12:57:25.0578 3716 ClipSrv - ok

12:57:25.0718 3716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:57:25.0765 3716 clr_optimization_v2.0.50727_32 - ok

12:57:25.0796 3716 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:57:25.0812 3716 CmBatt - ok

12:57:25.0859 3716 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

12:57:25.0875 3716 CmdIde - ok

12:57:25.0906 3716 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:57:25.0921 3716 Compbatt - ok

12:57:25.0921 3716 COMSysApp - ok

12:57:25.0937 3716 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

12:57:25.0937 3716 Cpqarray - ok

12:57:25.0984 3716 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\WINDOWS\system32\drivers\omdrv.sys

12:57:26.0015 3716 CP_OMDRV - ok

12:57:26.0046 3716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

12:57:26.0062 3716 CryptSvc - ok

12:57:26.0109 3716 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

12:57:26.0125 3716 ctxusbm - ok

12:57:26.0171 3716 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

12:57:26.0171 3716 CVirtA - ok

12:57:26.0203 3716 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

12:57:26.0218 3716 dac2w2k - ok

12:57:26.0218 3716 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

12:57:26.0234 3716 dac960nt - ok

12:57:26.0312 3716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:57:26.0328 3716 DcomLaunch - ok

12:57:26.0437 3716 DefWatch (213153e1ee098feef56098536b2a6dd7) C:\Program Files\Symantec AntiVirus\DefWatch.exe

12:57:26.0453 3716 DefWatch - ok

12:57:26.0500 3716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

12:57:26.0500 3716 Dhcp - ok

12:57:26.0546 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:57:26.0562 3716 Disk - ok

12:57:26.0562 3716 dmadmin - ok

12:57:26.0625 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:57:26.0656 3716 dmboot - ok

12:57:26.0718 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:57:26.0734 3716 dmio - ok

12:57:26.0765 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:57:26.0765 3716 dmload - ok

12:57:26.0812 3716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

12:57:26.0843 3716 dmserver - ok

12:57:26.0859 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:57:26.0859 3716 DMusic - ok

12:57:26.0906 3716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

12:57:26.0921 3716 Dnscache - ok

12:57:26.0968 3716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

12:57:26.0984 3716 Dot3svc - ok

12:57:26.0984 3716 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

12:57:27.0000 3716 dpti2o - ok

12:57:27.0015 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:57:27.0031 3716 drmkaud - ok

12:57:27.0046 3716 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

12:57:27.0062 3716 drvmcdb - ok

12:57:27.0078 3716 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

12:57:27.0093 3716 drvnddm - ok

12:57:27.0187 3716 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

12:57:27.0203 3716 DSproct - ok

12:57:27.0218 3716 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

12:57:27.0234 3716 E100B - ok

12:57:27.0265 3716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

12:57:27.0265 3716 EapHost - ok

12:57:27.0390 3716 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:57:27.0453 3716 eeCtrl - ok

12:57:27.0500 3716 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:57:27.0515 3716 EraserUtilRebootDrv - ok

12:57:27.0562 3716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

12:57:27.0578 3716 ERSvc - ok

12:57:27.0625 3716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:57:27.0640 3716 Eventlog - ok

12:57:27.0734 3716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

12:57:27.0765 3716 EventSystem - ok

12:57:27.0812 3716 EvtEng (f96e450937bad69fe4804d46829aa5c7) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

12:57:27.0828 3716 EvtEng - ok

12:57:27.0875 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:57:27.0953 3716 Fastfat - ok

12:57:28.0000 3716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:57:28.0046 3716 FastUserSwitchingCompatibility - ok

12:57:28.0093 3716 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

12:57:28.0125 3716 Fax - ok

12:57:28.0140 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:57:28.0156 3716 Fdc - ok

12:57:28.0171 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:57:28.0187 3716 Fips - ok

12:57:28.0312 3716 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

12:57:28.0359 3716 FlipShare Service - ok

12:57:28.0515 3716 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

12:57:28.0593 3716 FlipShareServer - ok

12:57:28.0796 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:57:28.0796 3716 Flpydisk - ok

12:57:28.0859 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:57:28.0937 3716 FltMgr - ok

12:57:29.0031 3716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:57:29.0046 3716 FontCache3.0.0.0 - ok

12:57:29.0078 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:57:29.0078 3716 Fs_Rec - ok

12:57:29.0109 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:57:29.0125 3716 Ftdisk - ok

12:57:29.0390 3716 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\WINDOWS\system32\DRIVERS\fw.sys

12:57:29.0468 3716 FW1 - ok

12:57:29.0640 3716 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

12:57:29.0656 3716 GEARAspiWDM - ok

12:57:29.0703 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:57:29.0750 3716 Gpc - ok

12:57:29.0906 3716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:57:29.0906 3716 gupdate - ok

12:57:29.0906 3716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

12:57:29.0906 3716 gupdatem - ok

12:57:29.0968 3716 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

12:57:29.0984 3716 gusvc - ok

12:57:30.0046 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:57:30.0062 3716 HDAudBus - ok

12:57:30.0140 3716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:57:30.0156 3716 helpsvc - ok

12:57:30.0156 3716 HidServ - ok

12:57:30.0218 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:57:30.0218 3716 HidUsb - ok

12:57:30.0265 3716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

12:57:30.0281 3716 hkmsvc - ok

12:57:30.0312 3716 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

12:57:30.0312 3716 hpn - ok

12:57:30.0437 3716 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

12:57:30.0437 3716 hpqcxs08 - ok

12:57:30.0484 3716 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

12:57:30.0500 3716 hpqddsvc - ok

12:57:30.0609 3716 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

12:57:30.0625 3716 HPSLPSVC - ok

12:57:30.0671 3716 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

12:57:30.0687 3716 HPZid412 - ok

12:57:30.0734 3716 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

12:57:30.0734 3716 HPZipr12 - ok

12:57:30.0781 3716 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

12:57:30.0796 3716 HPZius12 - ok

12:57:30.0953 3716 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

12:57:30.0984 3716 HSF_DPV - ok

12:57:31.0015 3716 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

12:57:31.0031 3716 HSXHWAZL - ok

12:57:31.0093 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:57:31.0109 3716 HTTP - ok

12:57:31.0140 3716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

12:57:31.0156 3716 HTTPFilter - ok

12:57:31.0218 3716 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:57:31.0218 3716 i2omgmt - ok

12:57:31.0250 3716 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

12:57:31.0250 3716 i2omp - ok

12:57:31.0281 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:57:31.0359 3716 i8042prt - ok

12:57:31.0578 3716 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

12:57:31.0625 3716 ialm - ok

12:57:31.0796 3716 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

12:57:31.0812 3716 IDriverT - ok

12:57:32.0015 3716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:57:32.0062 3716 idsvc - ok

12:57:32.0203 3716 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

12:57:32.0218 3716 IISADMIN - ok

12:57:32.0281 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:57:32.0328 3716 Imapi - ok

12:57:32.0390 3716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

12:57:32.0406 3716 ImapiService - ok

12:57:32.0453 3716 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

12:57:32.0468 3716 ini910u - ok

12:57:32.0500 3716 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:57:32.0500 3716 IntelIde - ok

12:57:32.0546 3716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:57:32.0562 3716 intelppm - ok

12:57:32.0578 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:57:32.0593 3716 Ip6Fw - ok

12:57:32.0609 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:57:32.0625 3716 IpFilterDriver - ok

12:57:32.0656 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:57:32.0671 3716 IpInIp - ok

12:57:32.0687 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:57:32.0718 3716 IpNat - ok

12:57:32.0859 3716 iPod Service (e8e568ea584973dfd99aac7d00a16287) C:\Program Files\iPod\bin\iPodService.exe

12:57:32.0890 3716 iPod Service - ok

12:57:32.0921 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:57:32.0968 3716 IPSec - ok

12:57:32.0984 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:57:32.0984 3716 IRENUM - ok

12:57:33.0015 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:57:33.0062 3716 isapnp - ok

12:57:33.0234 3716 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

12:57:33.0265 3716 JavaQuickStarterService - ok

12:57:33.0296 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:57:33.0296 3716 Kbdclass - ok

12:57:33.0343 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:57:33.0343 3716 kbdhid - ok

12:57:33.0390 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:57:33.0390 3716 kmixer - ok

12:57:33.0421 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:57:33.0437 3716 KSecDD - ok

12:57:33.0484 3716 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

12:57:33.0500 3716 LanmanServer - ok

12:57:33.0562 3716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

12:57:33.0609 3716 lanmanworkstation - ok

12:57:33.0609 3716 lbrtfdc - ok

12:57:33.0937 3716 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

12:57:34.0109 3716 LiveUpdate - ok

12:57:34.0250 3716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

12:57:34.0250 3716 LmHosts - ok

12:57:34.0375 3716 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

12:57:34.0406 3716 MDM - ok

12:57:34.0515 3716 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

12:57:34.0515 3716 mdmxsdk - ok

12:57:34.0546 3716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

12:57:34.0546 3716 Messenger - ok

12:57:34.0578 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:57:34.0593 3716 mnmdd - ok

12:57:34.0625 3716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

12:57:34.0640 3716 mnmsrvc - ok

12:57:34.0656 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:57:34.0687 3716 Modem - ok

12:57:34.0734 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:57:34.0750 3716 Mouclass - ok

12:57:34.0765 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:57:34.0781 3716 mouhid - ok

12:57:34.0843 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:57:34.0843 3716 MountMgr - ok

12:57:34.0937 3716 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:57:34.0984 3716 MozillaMaintenance - ok

12:57:35.0015 3716 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

12:57:35.0031 3716 mraid35x - ok

12:57:35.0046 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:57:35.0062 3716 MRxDAV - ok

12:57:35.0125 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:57:35.0218 3716 MRxSmb - ok

12:57:35.0265 3716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

12:57:35.0265 3716 MSDTC - ok

12:57:35.0296 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:57:35.0312 3716 Msfs - ok

12:57:35.0468 3716 msftesql (64149160ccbae488d61abe3f46e8a95f) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe

12:57:35.0484 3716 msftesql - ok

12:57:35.0500 3716 MSIServer - ok

12:57:35.0531 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:57:35.0531 3716 MSKSSRV - ok

12:57:35.0578 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:57:35.0578 3716 MSPCLOCK - ok

12:57:35.0593 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:57:35.0609 3716 MSPQM - ok

12:57:35.0640 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:57:35.0640 3716 mssmbios - ok

12:57:36.0515 3716 MSSQL$MICROSOFTSMLBIZ (1b959a0614d575d0ab3b09095f0a8b83) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

12:57:36.0968 3716 MSSQL$MICROSOFTSMLBIZ - ok

12:57:37.0140 3716 MSSQL$SQLEXPRESS - ok

12:57:37.0234 3716 MSSQLSERVER - ok

12:57:37.0281 3716 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

12:57:37.0296 3716 MSSQLServerADHelper - ok

12:57:41.0859 3716 MSSQLServerOLAPService (0d85a542737cb25314caf92af896dd0d) C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe

12:57:42.0515 3716 MSSQLServerOLAPService - ok

12:57:42.0921 3716 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe

12:57:43.0140 3716 msvsmon90 - ok

12:57:43.0328 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:57:43.0343 3716 Mup - ok

12:57:43.0406 3716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

12:57:43.0421 3716 napagent - ok

12:57:43.0562 3716 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\naveng.sys

12:57:43.0578 3716 NAVENG - ok

12:57:43.0703 3716 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\navex15.sys

12:57:43.0765 3716 NAVEX15 - ok

12:57:43.0953 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:57:44.0093 3716 NDIS - ok

12:57:44.0125 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:57:44.0125 3716 NdisTapi - ok

12:57:44.0140 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:57:44.0156 3716 Ndisuio - ok

12:57:44.0171 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:57:44.0265 3716 NdisWan - ok

12:57:44.0328 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:57:44.0343 3716 NDProxy - ok

12:57:44.0406 3716 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

12:57:44.0406 3716 Net Driver HPZ12 - ok

12:57:44.0437 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:57:44.0453 3716 NetBIOS - ok

12:57:44.0500 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:57:44.0625 3716 NetBT - ok

12:57:44.0671 3716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:57:44.0734 3716 NetDDE - ok

12:57:44.0750 3716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

12:57:44.0750 3716 NetDDEdsdm - ok

12:57:44.0781 3716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:57:44.0796 3716 Netlogon - ok

12:57:44.0828 3716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

12:57:44.0828 3716 Netman - ok

12:57:45.0031 3716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:57:45.0046 3716 NetTcpPortSharing - ok

12:57:45.0062 3716 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:57:45.0125 3716 NIC1394 - ok

12:57:45.0281 3716 NICCONFIGSVC (3855171a89280fc7860dd17760754603) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

12:57:45.0312 3716 NICCONFIGSVC - ok

12:57:45.0375 3716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

12:57:45.0390 3716 Nla - ok

12:57:45.0421 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:57:45.0421 3716 Npfs - ok

12:57:45.0515 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:57:45.0531 3716 Ntfs - ok

12:57:45.0593 3716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:57:45.0593 3716 NtLmSsp - ok

12:57:45.0656 3716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

12:57:45.0687 3716 NtmsSvc - ok

12:57:45.0718 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:57:45.0734 3716 Null - ok

12:57:45.0890 3716 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:57:45.0968 3716 nv - ok

12:57:46.0156 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:57:46.0171 3716 NwlnkFlt - ok

12:57:46.0187 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:57:46.0203 3716 NwlnkFwd - ok

12:57:46.0250 3716 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:57:46.0328 3716 ohci1394 - ok

12:57:46.0421 3716 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

12:57:46.0437 3716 omci - ok

12:57:46.0531 3716 OracleMTSRecoveryService - ok

12:57:46.0578 3716 OracleOraHome92Agent (b602c8d5554fcb17dfeddcf5696ce8c6) C:\oracle\ora92\bin\agntsrvc.exe

12:57:46.0609 3716 OracleOraHome92Agent - ok

12:57:46.0656 3716 OracleOraHome92ClientCache (0503ac4bc3581bcc782ef8b38c3fd059) C:\oracle\ora92\BIN\ONRSD.EXE

12:57:46.0703 3716 OracleOraHome92ClientCache - ok

12:57:46.0796 3716 OracleOraHome92HTTPServer (5c5afa3dc62a19e00728bdb11c0300a9) C:\oracle\ora92\Apache\Apache\apache.exe

12:57:46.0875 3716 OracleOraHome92HTTPServer - ok

12:57:46.0921 3716 OracleOraHome92PagingServer (52633eaecf84968cfc655529e79a292d) C:\oracle\ora92/bin/pagntsrv.exe

12:57:46.0921 3716 Suspicious file (Hidden): C:\oracle\ora92/bin/pagntsrv.exe. md5: 52633eaecf84968cfc655529e79a292d

12:57:46.0921 3716 OracleOraHome92PagingServer ( HiddenFile.Multi.Generic ) - warning

12:57:46.0921 3716 OracleOraHome92PagingServer - detected HiddenFile.Multi.Generic (1)

12:57:46.0953 3716 OracleOraHome92SNMPPeerEncapsulator (97e6db836d56f649443af3a9b4ecbf92) C:\oracle\ora92\BIN\ENCSVC.EXE

12:57:47.0000 3716 OracleOraHome92SNMPPeerEncapsulator - ok

12:57:47.0062 3716 OracleOraHome92SNMPPeerMasterAgent (df1c2a07329712b70f130c8f6c0963ac) C:\oracle\ora92\BIN\AGNTSVC.EXE

12:57:47.0093 3716 OracleOraHome92SNMPPeerMasterAgent - ok

12:57:47.0093 3716 OracleOraHome92TNSListener - ok

12:57:47.0093 3716 OracleServiceGABE - ok

12:57:47.0203 3716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:57:47.0281 3716 ose - ok

12:57:47.0328 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:57:47.0343 3716 Parport - ok

12:57:47.0375 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:57:47.0375 3716 PartMgr - ok

12:57:47.0437 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:57:47.0437 3716 ParVdm - ok

12:57:47.0453 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:57:47.0453 3716 PCI - ok

12:57:47.0468 3716 PCIDump - ok

12:57:47.0484 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:57:47.0500 3716 PCIIde - ok

12:57:47.0531 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:57:47.0562 3716 Pcmcia - ok

12:57:47.0562 3716 PDCOMP - ok

12:57:47.0562 3716 PDFRAME - ok

12:57:47.0578 3716 PDRELI - ok

12:57:47.0578 3716 PDRFRAME - ok

12:57:47.0578 3716 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

12:57:47.0656 3716 perc2 - ok

12:57:47.0656 3716 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

12:57:47.0656 3716 perc2hib - ok

12:57:47.0718 3716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

12:57:47.0734 3716 PlugPlay - ok

12:57:47.0765 3716 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

12:57:47.0781 3716 Pml Driver HPZ12 - ok

12:57:47.0828 3716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:57:47.0828 3716 PolicyAgent - ok

12:57:47.0875 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:57:47.0937 3716 PptpMiniport - ok

12:57:47.0937 3716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:57:47.0937 3716 ProtectedStorage - ok

12:57:47.0968 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:57:47.0968 3716 PSched - ok

12:57:48.0015 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:57:48.0015 3716 Ptilink - ok

12:57:48.0078 3716 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:57:48.0093 3716 PxHelp20 - ok

12:57:48.0125 3716 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

12:57:48.0203 3716 ql1080 - ok

12:57:48.0203 3716 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

12:57:48.0218 3716 Ql10wnt - ok

12:57:48.0234 3716 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

12:57:48.0265 3716 ql12160 - ok

12:57:48.0281 3716 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

12:57:48.0281 3716 ql1240 - ok

12:57:48.0296 3716 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

12:57:48.0312 3716 ql1280 - ok

12:57:48.0343 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:57:48.0343 3716 RasAcd - ok

12:57:48.0406 3716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

12:57:48.0421 3716 RasAuto - ok

12:57:48.0468 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:57:48.0468 3716 Rasl2tp - ok

12:57:48.0515 3716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

12:57:48.0546 3716 RasMan - ok

12:57:48.0546 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:57:48.0609 3716 RasPppoe - ok

12:57:48.0640 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:57:48.0656 3716 Raspti - ok

12:57:48.0671 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:57:48.0703 3716 Rdbss - ok

12:57:48.0703 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:57:48.0703 3716 RDPCDD - ok

12:57:48.0734 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:57:48.0765 3716 rdpdr - ok

12:57:48.0781 3716 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

12:57:48.0875 3716 RDPWD - ok

12:57:48.0906 3716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

12:57:48.0953 3716 RDSessMgr - ok

12:57:48.0968 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:57:49.0031 3716 redbook - ok

12:57:49.0140 3716 RegSrvc (6210679582240d54cc7fcc6278ca8b04) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

12:57:49.0171 3716 RegSrvc - ok

12:57:49.0218 3716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

12:57:49.0234 3716 RemoteAccess - ok

12:57:49.0281 3716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

12:57:49.0296 3716 RemoteRegistry - ok

12:57:49.0453 3716 ReportServer (abccdc47fe31ffc6ff18ce6656a8bbb4) C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe

12:57:49.0468 3716 ReportServer - ok

12:57:49.0515 3716 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

12:57:49.0531 3716 rimmptsk - ok

12:57:49.0593 3716 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

12:57:49.0593 3716 RimSerPort - ok

12:57:49.0656 3716 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

12:57:49.0671 3716 rimsptsk - ok

12:57:49.0703 3716 RimUsb (913966a94de5fa40f0948c65221f08cc) C:\WINDOWS\system32\Drivers\RimUsb.sys

12:57:49.0718 3716 RimUsb - ok

12:57:49.0765 3716 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

12:57:49.0781 3716 rismxdp - ok

12:57:49.0812 3716 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

12:57:49.0812 3716 ROOTMODEM - ok

12:57:49.0859 3716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

12:57:49.0890 3716 RpcLocator - ok

12:57:49.0953 3716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

12:57:49.0953 3716 RpcSs - ok

12:57:50.0000 3716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

12:57:50.0031 3716 RSVP - ok

12:57:50.0109 3716 RTL8187B (180a0296bf259c1aeeb8dc100cc87a31) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

12:57:50.0156 3716 RTL8187B - ok

12:57:50.0281 3716 S24EventMonitor (99647323602be0e77a9737e6eada65ba) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

12:57:50.0328 3716 S24EventMonitor - ok

12:57:50.0343 3716 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys

12:57:50.0359 3716 s24trans - ok

12:57:50.0406 3716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

12:57:50.0406 3716 SamSs - ok

12:57:50.0484 3716 SavRoam (735debf79a6da44d56542e12edf51b75) C:\Program Files\Symantec AntiVirus\SavRoam.exe

12:57:50.0515 3716 SavRoam - ok

12:57:50.0546 3716 SAVRT (e768eff5753906272e375282d7a511e0) C:\Program Files\Symantec AntiVirus\savrt.sys

12:57:50.0578 3716 SAVRT - ok

12:57:50.0578 3716 SAVRTPEL (d9d45ad65063e8966acafb1f574c8617) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

12:57:50.0593 3716 SAVRTPEL - ok

12:57:50.0640 3716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

12:57:50.0718 3716 SCardSvr - ok

12:57:51.0125 3716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

12:57:51.0156 3716 Schedule - ok

12:57:51.0171 3716 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

12:57:51.0187 3716 sdbus - ok

12:57:51.0234 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:57:51.0250 3716 Secdrv - ok

12:57:51.0375 3716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

12:57:51.0375 3716 seclogon - ok

12:57:51.0421 3716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

12:57:51.0421 3716 SENS - ok

12:57:51.0468 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:57:51.0500 3716 serenum - ok

12:57:51.0515 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:57:51.0531 3716 Serial - ok

12:57:51.0562 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:57:51.0562 3716 Sfloppy - ok

12:57:51.0625 3716 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

12:57:51.0656 3716 SharedAccess - ok

12:57:51.0687 3716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:57:51.0687 3716 ShellHWDetection - ok

12:57:51.0703 3716 Simbad - ok

12:57:51.0734 3716 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

12:57:51.0750 3716 sisagp - ok

12:57:51.0781 3716 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys

12:57:51.0812 3716 SjyPkt - ok

12:57:51.0890 3716 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

12:57:51.0890 3716 SMTPSVC - ok

12:57:51.0937 3716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

12:57:51.0953 3716 Sparrow - ok

12:57:52.0078 3716 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

12:57:52.0109 3716 SPBBCDrv - ok

12:57:52.0328 3716 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

12:57:52.0390 3716 SPBBCSvc - ok

12:57:52.0546 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:57:52.0562 3716 splitter - ok

12:57:52.0593 3716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

12:57:52.0609 3716 Spooler - ok

12:57:52.0781 3716 SQLAgent$MICROSOFTSMLBIZ (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE

12:57:52.0812 3716 SQLAgent$MICROSOFTSMLBIZ - ok

12:57:52.0937 3716 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:57:52.0984 3716 SQLBrowser - ok

12:57:53.0140 3716 SQLSERVERAGENT (7847ef1db2e289be82cbc70cf4d98ff8) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE

12:57:53.0203 3716 SQLSERVERAGENT - ok

12:57:53.0218 3716 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:57:53.0250 3716 SQLWriter - ok

12:57:53.0281 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:57:53.0296 3716 sr - ok

12:57:53.0359 3716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

12:57:53.0390 3716 srservice - ok

12:57:53.0468 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:57:53.0484 3716 Srv - ok

12:57:53.0578 3716 SR_Service (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

12:57:53.0593 3716 SR_Service - ok

12:57:53.0640 3716 SR_Watchdog (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

12:57:53.0656 3716 SR_Watchdog - ok

12:57:53.0687 3716 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

12:57:53.0687 3716 sscdbhk5 - ok

12:57:53.0718 3716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

12:57:53.0734 3716 SSDPSRV - ok

12:57:53.0734 3716 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

12:57:53.0750 3716 ssrtln - ok

12:57:53.0875 3716 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

12:57:53.0921 3716 STHDA - ok

12:57:53.0984 3716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

12:57:54.0015 3716 stisvc - ok

12:57:54.0093 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:57:54.0109 3716 swenum - ok

12:57:54.0140 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:57:54.0156 3716 swmidi - ok

12:57:54.0156 3716 SwPrv - ok

12:57:54.0468 3716 Symantec AntiVirus (26b3e57f33d3f6fe7e88beac82aeb12a) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

12:57:54.0593 3716 Symantec AntiVirus - ok

12:57:54.0828 3716 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

12:57:54.0828 3716 symc810 - ok

12:57:54.0843 3716 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

12:57:54.0843 3716 symc8xx - ok

12:57:54.0890 3716 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

12:57:54.0906 3716 SymEvent - ok

12:57:54.0921 3716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

12:57:54.0921 3716 sym_hi - ok

12:57:54.0937 3716 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

12:57:54.0937 3716 sym_u3 - ok

12:57:55.0015 3716 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

12:57:55.0031 3716 SynTP - ok

12:57:55.0078 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:57:55.0078 3716 sysaudio - ok

12:57:55.0171 3716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

12:57:55.0187 3716 SysmonLog - ok

12:57:55.0218 3716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

12:57:55.0250 3716 TapiSrv - ok

12:57:55.0328 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:57:55.0343 3716 Tcpip - ok

12:57:55.0390 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:57:55.0406 3716 TDPIPE - ok

12:57:55.0421 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:57:55.0421 3716 TDTCP - ok

12:57:55.0453 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:57:55.0468 3716 TermDD - ok

12:57:55.0500 3716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

12:57:55.0640 3716 TermService - ok

12:57:55.0703 3716 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

12:57:55.0718 3716 tfsnboio - ok

12:57:55.0765 3716 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

12:57:55.0781 3716 tfsncofs - ok

12:57:55.0796 3716 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

12:57:55.0796 3716 tfsndrct - ok

12:57:55.0812 3716 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

12:57:55.0812 3716 tfsndres - ok

12:57:55.0828 3716 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

12:57:55.0843 3716 tfsnifs - ok

12:57:55.0859 3716 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

12:57:55.0875 3716 tfsnopio - ok

12:57:55.0875 3716 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

12:57:55.0890 3716 tfsnpool - ok

12:57:55.0906 3716 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

12:57:55.0921 3716 tfsnudf - ok

12:57:55.0937 3716 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

12:57:55.0953 3716 tfsnudfa - ok

12:57:56.0015 3716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

12:57:56.0015 3716 Themes - ok

12:57:56.0078 3716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

12:57:56.0156 3716 TlntSvr - ok

12:57:56.0187 3716 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

12:57:56.0187 3716 TosIde - ok

12:57:56.0234 3716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

12:57:56.0250 3716 TrkWks - ok

12:57:56.0312 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:57:56.0328 3716 Udfs - ok

12:57:56.0328 3716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

12:57:56.0343 3716 ultra - ok

12:57:56.0406 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:57:56.0421 3716 Update - ok

12:57:56.0468 3716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

12:57:56.0484 3716 upnphost - ok

12:57:56.0500 3716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

12:57:56.0515 3716 UPS - ok

12:57:56.0562 3716 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:57:56.0578 3716 USBAAPL - ok

12:57:56.0593 3716 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

12:57:56.0609 3716 usbaudio - ok

12:57:56.0609 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:57:56.0625 3716 usbccgp - ok

12:57:56.0625 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:57:56.0640 3716 usbehci - ok

12:57:56.0656 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:57:56.0703 3716 usbhub - ok

12:57:56.0718 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:57:56.0734 3716 usbprint - ok

12:57:56.0750 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:57:56.0750 3716 usbscan - ok

12:57:56.0812 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:57:56.0828 3716 USBSTOR - ok

12:57:56.0843 3716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:57:56.0859 3716 usbuhci - ok

12:57:56.0875 3716 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

12:57:56.0890 3716 usb_rndisx - ok

12:57:56.0890 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:57:56.0906 3716 VgaSave - ok

12:57:56.0921 3716 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:57:56.0937 3716 viaagp - ok

12:57:56.0953 3716 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:57:56.0968 3716 ViaIde - ok

12:57:57.0000 3716 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\WINDOWS\system32\DRIVERS\vnasc.sys

12:57:57.0015 3716 VNASC - ok

12:57:57.0031 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:57:57.0046 3716 VolSnap - ok

12:57:57.0125 3716 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\WINDOWS\System32\drivers\vpn.sys

12:57:57.0203 3716 VPN-1 - ok

12:57:57.0203 3716 vsdatant - ok

12:57:57.0265 3716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

12:57:57.0296 3716 VSS - ok

12:57:57.0343 3716 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

12:57:57.0359 3716 w32time - ok

12:57:57.0500 3716 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys

12:57:57.0546 3716 w39n51 - ok

12:57:57.0703 3716 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

12:57:57.0703 3716 W3SVC - ok

12:57:57.0796 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:57:57.0812 3716 Wanarp - ok

12:57:57.0859 3716 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

12:57:57.0875 3716 wanatw - ok

12:57:57.0875 3716 WDICA - ok

12:57:57.0890 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:57:57.0906 3716 wdmaud - ok

12:57:57.0968 3716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

12:57:57.0984 3716 WebClient - ok

12:57:58.0062 3716 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

12:57:58.0093 3716 winachsf - ok

12:57:58.0156 3716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

12:57:58.0187 3716 winmgmt - ok

12:57:58.0296 3716 WLANKEEPER (e876c33293aa5ffa81a1aa28d594712e) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

12:57:58.0328 3716 WLANKEEPER - ok

12:57:58.0375 3716 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

12:57:58.0375 3716 WmdmPmSN - ok

12:57:58.0500 3716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

12:57:58.0515 3716 Wmi - ok

12:57:58.0593 3716 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

12:57:58.0609 3716 WmiAcpi - ok

12:57:58.0656 3716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:57:58.0671 3716 WmiApSrv - ok

12:57:58.0828 3716 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

12:57:58.0890 3716 WMPNetworkSvc - ok

12:57:58.0937 3716 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

12:57:58.0953 3716 wscsvc - ok

12:57:58.0984 3716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

12:57:58.0984 3716 wuauserv - ok

12:57:59.0031 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:57:59.0046 3716 WudfPf - ok

12:57:59.0062 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:57:59.0078 3716 WudfRd - ok

12:57:59.0093 3716 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

12:57:59.0109 3716 WudfSvc - ok

12:57:59.0203 3716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

12:57:59.0218 3716 WZCSVC - ok

12:57:59.0250 3716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

12:57:59.0265 3716 xmlprov - ok

12:57:59.0296 3716 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

12:57:59.0312 3716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

12:57:59.0312 3716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

12:57:59.0343 3716 Boot (0x1200) (76d8ac9683955d21bbe255f22d2403d1) \Device\Harddisk0\DR0\Partition0

12:57:59.0343 3716 \Device\Harddisk0\DR0\Partition0 - ok

12:57:59.0343 3716 ============================================================

12:57:59.0343 3716 Scan finished

12:57:59.0343 3716 ============================================================

12:57:59.0359 1268 Detected object count: 2

12:57:59.0359 1268 Actual detected object count: 2

13:01:49.0765 1268 OracleOraHome92PagingServer ( HiddenFile.Multi.Generic ) - skipped by user

13:01:49.0765 1268 OracleOraHome92PagingServer ( HiddenFile.Multi.Generic ) - User select action: Skip

13:01:50.0609 1268 \Device\Harddisk0\DR0\# - copied to quarantine

13:01:50.0609 1268 \Device\Harddisk0\DR0 - copied to quarantine

13:01:50.0656 1268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:01:50.0671 1268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:01:50.0671 1268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:01:50.0687 1268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:01:51.0296 1268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:01:51.0406 1268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:01:51.0453 1268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:01:51.0484 1268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:01:51.0484 1268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:01:51.0500 1268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:01:51.0500 1268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:01:51.0515 1268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:01:51.0562 1268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:01:51.0562 1268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:01:51.0687 1268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

13:01:51.0750 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:01:51.0781 1268 \Device\Harddisk0\DR0 - ok

13:01:51.0781 1268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:01:59.0906 5768 Deinitialize success

... continued in next post

Gabe

DenverDeveloper · July 19, 2012

Continued from last post...

Then I realized I probably should have cleaned the two threats it found, so I re-ran the scan. It no longer finds the one that looked most suspicious - only the Oracle one. I hope I didn't screw anything up because I didn't clean that bad one the first time! It looks from the log as if it actually was moved to quarantine, even though I didn't say to. So that's good.

Anyway, the second time, I went ahead and cleaned the Oracle hidden file, too. Here's the results from that second run:

13:05:24.0765 5168 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

13:05:25.0984 5168 ============================================================

13:05:25.0984 5168 Current date / time: 2012/07/19 13:05:25.0984

13:05:25.0984 5168 SystemInfo:

13:05:25.0984 5168

13:05:25.0984 5168 OS Version: 5.1.2600 ServicePack: 3.0

13:05:25.0984 5168 Product type: Workstation

13:05:25.0984 5168 ComputerName: GOHOME

13:05:25.0984 5168 UserName: gabe

13:05:25.0984 5168 Windows directory: C:\WINDOWS

13:05:25.0984 5168 System windows directory: C:\WINDOWS

13:05:25.0984 5168 Processor architecture: Intel x86

13:05:25.0984 5168 Number of processors: 2

13:05:25.0984 5168 Page size: 0x1000

13:05:25.0984 5168 Boot type: Normal boot

13:05:25.0984 5168 ============================================================

13:05:26.0453 5168 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:05:26.0453 5168 ============================================================

13:05:26.0453 5168 \Device\Harddisk0\DR0:

13:05:26.0453 5168 MBR partitions:

13:05:26.0453 5168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xD50CFD2

13:05:26.0468 5168 ============================================================

13:05:26.0531 5168 C: <-> \Device\Harddisk0\DR0\Partition0

13:05:26.0531 5168 ============================================================

13:05:26.0531 5168 Initialize success

13:05:26.0531 5168 ============================================================

13:05:30.0750 0448 ============================================================

13:05:30.0750 0448 Scan started

13:05:30.0750 0448 Mode: Manual;

13:05:30.0750 0448 ============================================================

13:05:31.0859 0448 Abiosdsk - ok

13:05:31.0906 0448 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:05:31.0921 0448 abp480n5 - ok

13:05:31.0984 0448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:05:32.0000 0448 ACPI - ok

13:05:32.0015 0448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:05:32.0015 0448 ACPIEC - ok

13:05:32.0031 0448 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:05:32.0046 0448 adpu160m - ok

13:05:32.0062 0448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:05:32.0078 0448 aec - ok

13:05:32.0109 0448 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

13:05:32.0125 0448 AegisP - ok

13:05:32.0171 0448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:05:32.0187 0448 AFD - ok

13:05:32.0203 0448 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:05:32.0218 0448 agp440 - ok

13:05:32.0218 0448 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:05:32.0234 0448 agpCPQ - ok

13:05:32.0234 0448 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:05:32.0250 0448 Aha154x - ok

13:05:32.0281 0448 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:05:32.0281 0448 aic78u2 - ok

13:05:32.0296 0448 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:05:32.0296 0448 aic78xx - ok

13:05:32.0343 0448 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

13:05:32.0359 0448 Alerter - ok

13:05:32.0390 0448 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

13:05:32.0406 0448 ALG - ok

13:05:32.0437 0448 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:05:32.0453 0448 AliIde - ok

13:05:32.0468 0448 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:05:32.0484 0448 alim1541 - ok

13:05:32.0484 0448 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:05:32.0500 0448 amdagp - ok

13:05:32.0515 0448 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:05:32.0531 0448 amsint - ok

13:05:32.0828 0448 AOL ACS (8fa646f0e639d9a8c8b98e217d471dc0) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

13:05:32.0859 0448 AOL ACS - ok

13:05:32.0906 0448 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

13:05:32.0921 0448 APPDRV - ok

13:05:33.0015 0448 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

13:05:33.0062 0448 Apple Mobile Device - ok

13:05:33.0109 0448 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

13:05:33.0125 0448 AppMgmt - ok

13:05:33.0171 0448 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:05:33.0187 0448 Arp1394 - ok

13:05:33.0234 0448 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:05:33.0234 0448 asc - ok

13:05:33.0250 0448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:05:33.0250 0448 asc3350p - ok

13:05:33.0265 0448 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:05:33.0281 0448 asc3550 - ok

13:05:33.0312 0448 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

13:05:33.0328 0448 ASCTRM - ok

13:05:33.0343 0448 ASPI32 - ok

13:05:33.0484 0448 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:05:33.0531 0448 aspnet_state - ok

13:05:33.0562 0448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:05:33.0578 0448 AsyncMac - ok

13:05:33.0593 0448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:05:33.0609 0448 atapi - ok

13:05:33.0609 0448 Atdisk - ok

13:05:33.0640 0448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:05:33.0656 0448 Atmarpc - ok

13:05:33.0703 0448 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

13:05:33.0718 0448 AudioSrv - ok

13:05:33.0750 0448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:05:33.0750 0448 audstub - ok

13:05:33.0781 0448 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

13:05:33.0796 0448 bcm4sbxp - ok

13:05:33.0843 0448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:05:33.0843 0448 Beep - ok

13:05:33.0937 0448 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

13:05:33.0953 0448 BITS - ok

13:05:34.0046 0448 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

13:05:34.0062 0448 Bonjour Service - ok

13:05:34.0093 0448 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

13:05:34.0093 0448 Browser - ok

13:05:34.0125 0448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:05:34.0125 0448 cbidf - ok

13:05:34.0140 0448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:05:34.0140 0448 cbidf2k - ok

13:05:34.0250 0448 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe

13:05:34.0265 0448 CCALib8 - ok

13:05:34.0343 0448 ccEvtMgr (e403a2d0f451500ff12638c19cffc87c) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

13:05:34.0359 0448 ccEvtMgr - ok

13:05:34.0390 0448 ccSetMgr (64ca18128973124df92d516d50c03aef) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

13:05:34.0406 0448 ccSetMgr - ok

13:05:34.0437 0448 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:05:34.0437 0448 cd20xrnt - ok

13:05:34.0484 0448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:05:34.0500 0448 Cdaudio - ok

13:05:34.0531 0448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:05:34.0546 0448 Cdfs - ok

13:05:34.0562 0448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:05:34.0578 0448 Cdrom - ok

13:05:34.0578 0448 Changer - ok

13:05:34.0625 0448 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

13:05:34.0640 0448 CiSvc - ok

13:05:34.0656 0448 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

13:05:34.0671 0448 ClipSrv - ok

13:05:34.0796 0448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:05:34.0843 0448 clr_optimization_v2.0.50727_32 - ok

13:05:34.0859 0448 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

13:05:34.0859 0448 CmBatt - ok

13:05:34.0875 0448 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:05:34.0890 0448 CmdIde - ok

13:05:34.0906 0448 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

13:05:34.0921 0448 Compbatt - ok

13:05:34.0921 0448 COMSysApp - ok

13:05:34.0937 0448 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:05:34.0937 0448 Cpqarray - ok

13:05:34.0984 0448 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\WINDOWS\system32\drivers\omdrv.sys

13:05:35.0000 0448 CP_OMDRV - ok

13:05:35.0031 0448 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

13:05:35.0031 0448 CryptSvc - ok

13:05:35.0093 0448 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

13:05:35.0093 0448 ctxusbm - ok

13:05:35.0140 0448 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

13:05:35.0156 0448 CVirtA - ok

13:05:35.0203 0448 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:05:35.0218 0448 dac2w2k - ok

13:05:35.0218 0448 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:05:35.0234 0448 dac960nt - ok

13:05:35.0312 0448 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:05:35.0312 0448 DcomLaunch - ok

13:05:35.0421 0448 DefWatch (213153e1ee098feef56098536b2a6dd7) C:\Program Files\Symantec AntiVirus\DefWatch.exe

13:05:35.0437 0448 DefWatch - ok

13:05:35.0515 0448 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

13:05:35.0531 0448 Dhcp - ok

13:05:35.0562 0448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:05:35.0562 0448 Disk - ok

13:05:35.0562 0448 dmadmin - ok

13:05:35.0640 0448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:05:35.0656 0448 dmboot - ok

13:05:35.0687 0448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:05:35.0703 0448 dmio - ok

13:05:35.0718 0448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:05:35.0734 0448 dmload - ok

13:05:35.0781 0448 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

13:05:35.0796 0448 dmserver - ok

13:05:35.0828 0448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:05:35.0843 0448 DMusic - ok

13:05:35.0875 0448 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

13:05:35.0890 0448 Dnscache - ok

13:05:35.0937 0448 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

13:05:35.0953 0448 Dot3svc - ok

13:05:35.0953 0448 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:05:35.0968 0448 dpti2o - ok

13:05:35.0984 0448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:05:35.0984 0448 drmkaud - ok

13:05:36.0015 0448 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

13:05:36.0031 0448 drvmcdb - ok

13:05:36.0031 0448 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

13:05:36.0046 0448 drvnddm - ok

13:05:36.0156 0448 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

13:05:36.0156 0448 DSproct - ok

13:05:36.0187 0448 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:05:36.0187 0448 E100B - ok

13:05:36.0218 0448 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

13:05:36.0218 0448 EapHost - ok

13:05:36.0328 0448 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:05:36.0343 0448 eeCtrl - ok

13:05:36.0390 0448 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:05:36.0406 0448 EraserUtilRebootDrv - ok

13:05:36.0437 0448 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

13:05:36.0453 0448 ERSvc - ok

13:05:36.0531 0448 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:05:36.0546 0448 Eventlog - ok

13:05:36.0593 0448 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

13:05:36.0609 0448 EventSystem - ok

13:05:36.0671 0448 EvtEng (f96e450937bad69fe4804d46829aa5c7) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

13:05:36.0687 0448 EvtEng - ok

13:05:36.0734 0448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:05:36.0750 0448 Fastfat - ok

13:05:36.0796 0448 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:05:36.0812 0448 FastUserSwitchingCompatibility - ok

13:05:36.0843 0448 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

13:05:36.0859 0448 Fax - ok

13:05:36.0875 0448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:05:36.0890 0448 Fdc - ok

13:05:36.0906 0448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:05:36.0906 0448 Fips - ok

13:05:37.0015 0448 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

13:05:37.0046 0448 FlipShare Service - ok

13:05:37.0156 0448 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

13:05:37.0203 0448 FlipShareServer - ok

13:05:37.0406 0448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:05:37.0421 0448 Flpydisk - ok

13:05:37.0468 0448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:05:37.0484 0448 FltMgr - ok

13:05:37.0609 0448 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:05:37.0609 0448 FontCache3.0.0.0 - ok

13:05:37.0640 0448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:05:37.0640 0448 Fs_Rec - ok

13:05:37.0671 0448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:05:37.0687 0448 Ftdisk - ok

13:05:37.0875 0448 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\WINDOWS\system32\DRIVERS\fw.sys

13:05:37.0906 0448 FW1 - ok

13:05:38.0109 0448 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

13:05:38.0109 0448 GEARAspiWDM - ok

13:05:38.0187 0448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:05:38.0203 0448 Gpc - ok

13:05:38.0375 0448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

13:05:38.0421 0448 gupdate - ok

13:05:38.0421 0448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

13:05:38.0421 0448 gupdatem - ok

13:05:38.0468 0448 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:05:38.0500 0448 gusvc - ok

13:05:38.0593 0448 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:05:38.0609 0448 HDAudBus - ok

13:05:38.0687 0448 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:05:38.0703 0448 helpsvc - ok

13:05:38.0703 0448 HidServ - ok

13:05:38.0765 0448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:05:38.0781 0448 HidUsb - ok

13:05:38.0828 0448 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

13:05:38.0843 0448 hkmsvc - ok

13:05:38.0875 0448 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:05:38.0890 0448 hpn - ok

13:05:39.0375 0448 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

13:05:39.0390 0448 hpqcxs08 - ok

13:05:39.0453 0448 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

13:05:39.0453 0448 hpqddsvc - ok

13:05:39.0515 0448 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

13:05:39.0531 0448 HPSLPSVC - ok

13:05:39.0593 0448 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:05:39.0609 0448 HPZid412 - ok

13:05:39.0640 0448 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:05:39.0656 0448 HPZipr12 - ok

13:05:39.0687 0448 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:05:39.0703 0448 HPZius12 - ok

13:05:39.0828 0448 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

13:05:39.0843 0448 HSF_DPV - ok

13:05:39.0875 0448 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

13:05:39.0890 0448 HSXHWAZL - ok

13:05:39.0953 0448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:05:39.0968 0448 HTTP - ok

13:05:40.0015 0448 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

13:05:40.0015 0448 HTTPFilter - ok

13:05:40.0078 0448 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:05:40.0078 0448 i2omgmt - ok

13:05:40.0109 0448 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:05:40.0109 0448 i2omp - ok

13:05:40.0140 0448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:05:40.0156 0448 i8042prt - ok

13:05:40.0281 0448 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:05:40.0312 0448 ialm - ok

13:05:40.0484 0448 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

13:05:40.0500 0448 IDriverT - ok

13:05:40.0734 0448 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:05:40.0765 0448 idsvc - ok

13:05:40.0921 0448 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:05:40.0921 0448 IISADMIN - ok

13:05:41.0015 0448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:05:41.0031 0448 Imapi - ok

13:05:41.0078 0448 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

13:05:41.0109 0448 ImapiService - ok

13:05:41.0156 0448 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:05:41.0156 0448 ini910u - ok

13:05:41.0171 0448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:05:41.0187 0448 IntelIde - ok

13:05:41.0218 0448 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:05:41.0218 0448 intelppm - ok

13:05:41.0250 0448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:05:41.0265 0448 Ip6Fw - ok

13:05:41.0281 0448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:05:41.0296 0448 IpFilterDriver - ok

13:05:41.0312 0448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:05:41.0328 0448 IpInIp - ok

13:05:41.0343 0448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:05:41.0359 0448 IpNat - ok

13:05:41.0515 0448 iPod Service (e8e568ea584973dfd99aac7d00a16287) C:\Program Files\iPod\bin\iPodService.exe

13:05:41.0546 0448 iPod Service - ok

13:05:41.0578 0448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:05:41.0593 0448 IPSec - ok

13:05:41.0625 0448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:05:41.0640 0448 IRENUM - ok

13:05:41.0687 0448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:05:41.0703 0448 isapnp - ok

13:05:41.0875 0448 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

13:05:41.0890 0448 JavaQuickStarterService - ok

13:05:41.0906 0448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:05:41.0921 0448 Kbdclass - ok

13:05:41.0937 0448 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:05:41.0937 0448 kbdhid - ok

13:05:41.0968 0448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:05:41.0984 0448 kmixer - ok

13:05:42.0015 0448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:05:42.0015 0448 KSecDD - ok

13:05:42.0062 0448 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

13:05:42.0078 0448 LanmanServer - ok

13:05:42.0140 0448 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

13:05:42.0140 0448 lanmanworkstation - ok

13:05:42.0156 0448 lbrtfdc - ok

13:05:42.0500 0448 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

13:05:42.0546 0448 LiveUpdate - ok

13:05:42.0718 0448 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

13:05:42.0734 0448 LmHosts - ok

13:05:42.0859 0448 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:05:42.0875 0448 MDM - ok

13:05:42.0968 0448 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:05:42.0968 0448 mdmxsdk - ok

13:05:43.0015 0448 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

13:05:43.0031 0448 Messenger - ok

13:05:43.0046 0448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:05:43.0046 0448 mnmdd - ok

13:05:43.0093 0448 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

13:05:43.0109 0448 mnmsrvc - ok

13:05:43.0125 0448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:05:43.0140 0448 Modem - ok

13:05:43.0156 0448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:05:43.0156 0448 Mouclass - ok

13:05:43.0187 0448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:05:43.0187 0448 mouhid - ok

13:05:43.0218 0448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:05:43.0218 0448 MountMgr - ok

13:05:43.0312 0448 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:05:43.0343 0448 MozillaMaintenance - ok

13:05:43.0406 0448 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:05:43.0421 0448 mraid35x - ok

13:05:43.0421 0448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:05:43.0437 0448 MRxDAV - ok

13:05:43.0500 0448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:05:43.0531 0448 MRxSmb - ok

13:05:43.0531 0448 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

13:05:43.0546 0448 MSDTC - ok

13:05:43.0578 0448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:05:43.0578 0448 Msfs - ok

13:05:43.0750 0448 msftesql (64149160ccbae488d61abe3f46e8a95f) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe

13:05:43.0765 0448 msftesql - ok

13:05:43.0765 0448 MSIServer - ok

13:05:43.0796 0448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:05:43.0796 0448 MSKSSRV - ok

13:05:43.0812 0448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:05:43.0828 0448 MSPCLOCK - ok

13:05:43.0843 0448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:05:43.0843 0448 MSPQM - ok

13:05:43.0875 0448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:05:43.0890 0448 mssmbios - ok

13:05:44.0546 0448 MSSQL$MICROSOFTSMLBIZ (1b959a0614d575d0ab3b09095f0a8b83) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

13:05:44.0640 0448 MSSQL$MICROSOFTSMLBIZ - ok

13:05:44.0812 0448 MSSQL$SQLEXPRESS - ok

13:05:44.0921 0448 MSSQLSERVER - ok

13:05:44.0953 0448 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

13:05:44.0968 0448 MSSQLServerADHelper - ok

13:05:46.0562 0448 MSSQLServerOLAPService (0d85a542737cb25314caf92af896dd0d) C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe

13:05:46.0687 0448 MSSQLServerOLAPService - ok

13:05:47.0109 0448 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe

13:05:47.0156 0448 msvsmon90 - ok

13:05:47.0343 0448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:05:47.0359 0448 Mup - ok

13:05:47.0421 0448 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

13:05:47.0437 0448 napagent - ok

13:05:47.0578 0448 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\naveng.sys

13:05:47.0578 0448 NAVENG - ok

13:05:47.0796 0448 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120713.004\navex15.sys

13:05:47.0828 0448 NAVEX15 - ok

13:05:48.0031 0448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:05:48.0046 0448 NDIS - ok

13:05:48.0078 0448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:05:48.0093 0448 NdisTapi - ok

13:05:48.0093 0448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:05:48.0109 0448 Ndisuio - ok

13:05:48.0125 0448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:05:48.0140 0448 NdisWan - ok

13:05:48.0187 0448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:05:48.0203 0448 NDProxy - ok

13:05:48.0234 0448 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

13:05:48.0234 0448 Net Driver HPZ12 - ok

13:05:48.0250 0448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:05:48.0265 0448 NetBIOS - ok

13:05:48.0281 0448 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:05:48.0296 0448 NetBT - ok

13:05:48.0359 0448 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:05:48.0375 0448 NetDDE - ok

13:05:48.0375 0448 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:05:48.0375 0448 NetDDEdsdm - ok

13:05:48.0421 0448 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:05:48.0437 0448 Netlogon - ok

13:05:48.0468 0448 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

13:05:48.0484 0448 Netman - ok

13:05:48.0640 0448 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:05:48.0656 0448 NetTcpPortSharing - ok

13:05:48.0687 0448 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

13:05:48.0703 0448 NIC1394 - ok

13:05:48.0859 0448 NICCONFIGSVC (3855171a89280fc7860dd17760754603) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

13:05:48.0875 0448 NICCONFIGSVC - ok

13:05:48.0937 0448 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

13:05:48.0937 0448 Nla - ok

13:05:48.0953 0448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:05:48.0968 0448 Npfs - ok

13:05:49.0046 0448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:05:49.0062 0448 Ntfs - ok

13:05:49.0125 0448 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:05:49.0125 0448 NtLmSsp - ok

13:05:49.0187 0448 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

13:05:49.0203 0448 NtmsSvc - ok

13:05:49.0250 0448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:05:49.0250 0448 Null - ok

13:05:49.0421 0448 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:05:49.0453 0448 nv - ok

13:05:49.0609 0448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:05:49.0625 0448 NwlnkFlt - ok

13:05:49.0640 0448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:05:49.0640 0448 NwlnkFwd - ok

13:05:49.0687 0448 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

13:05:49.0703 0448 ohci1394 - ok

13:05:49.0750 0448 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

13:05:49.0750 0448 omci - ok

13:05:49.0843 0448 OracleMTSRecoveryService - ok

13:05:49.0906 0448 OracleOraHome92Agent (b602c8d5554fcb17dfeddcf5696ce8c6) C:\oracle\ora92\bin\agntsrvc.exe

13:05:49.0921 0448 OracleOraHome92Agent - ok

13:05:49.0968 0448 OracleOraHome92ClientCache (0503ac4bc3581bcc782ef8b38c3fd059) C:\oracle\ora92\BIN\ONRSD.EXE

13:05:49.0984 0448 OracleOraHome92ClientCache - ok

13:05:50.0046 0448 OracleOraHome92HTTPServer (5c5afa3dc62a19e00728bdb11c0300a9) C:\oracle\ora92\Apache\Apache\apache.exe

13:05:50.0062 0448 OracleOraHome92HTTPServer - ok

13:05:50.0109 0448 OracleOraHome92PagingServer (52633eaecf84968cfc655529e79a292d) C:\oracle\ora92/bin/pagntsrv.exe

13:05:50.0109 0448 Suspicious file (Hidden): C:\oracle\ora92/bin/pagntsrv.exe. md5: 52633eaecf84968cfc655529e79a292d

13:05:50.0109 0448 OracleOraHome92PagingServer ( HiddenFile.Multi.Generic ) - warning

13:05:50.0109 0448 OracleOraHome92PagingServer - detected HiddenFile.Multi.Generic (1)

13:05:50.0156 0448 OracleOraHome92SNMPPeerEncapsulator (97e6db836d56f649443af3a9b4ecbf92) C:\oracle\ora92\BIN\ENCSVC.EXE

13:05:50.0171 0448 OracleOraHome92SNMPPeerEncapsulator - ok

13:05:50.0203 0448 OracleOraHome92SNMPPeerMasterAgent (df1c2a07329712b70f130c8f6c0963ac) C:\oracle\ora92\BIN\AGNTSVC.EXE

13:05:50.0218 0448 OracleOraHome92SNMPPeerMasterAgent - ok

13:05:50.0218 0448 OracleOraHome92TNSListener - ok

13:05:50.0218 0448 OracleServiceGABE - ok

13:05:50.0328 0448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:05:50.0390 0448 ose - ok

13:05:50.0453 0448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:05:50.0468 0448 Parport - ok

13:05:50.0484 0448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:05:50.0484 0448 PartMgr - ok

13:05:50.0531 0448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:05:50.0546 0448 ParVdm - ok

13:05:50.0546 0448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:05:50.0562 0448 PCI - ok

13:05:50.0562 0448 PCIDump - ok

13:05:50.0593 0448 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:05:50.0593 0448 PCIIde - ok

13:05:50.0625 0448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:05:50.0640 0448 Pcmcia - ok

13:05:50.0640 0448 PDCOMP - ok

13:05:50.0640 0448 PDFRAME - ok

13:05:50.0656 0448 PDRELI - ok

13:05:50.0656 0448 PDRFRAME - ok

13:05:50.0671 0448 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:05:50.0687 0448 perc2 - ok

13:05:50.0687 0448 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:05:50.0687 0448 perc2hib - ok

13:05:50.0750 0448 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:05:50.0765 0448 PlugPlay - ok

13:05:50.0828 0448 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

13:05:50.0828 0448 Pml Driver HPZ12 - ok

13:05:50.0890 0448 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:05:50.0890 0448 PolicyAgent - ok

13:05:50.0906 0448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:05:50.0921 0448 PptpMiniport - ok

13:05:50.0921 0448 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:05:50.0921 0448 ProtectedStorage - ok

13:05:50.0937 0448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:05:50.0953 0448 PSched - ok

13:05:50.0968 0448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:05:50.0984 0448 Ptilink - ok

13:05:51.0015 0448 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:05:51.0015 0448 PxHelp20 - ok

13:05:51.0046 0448 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:05:51.0062 0448 ql1080 - ok

13:05:51.0062 0448 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:05:51.0078 0448 Ql10wnt - ok

13:05:51.0078 0448 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:05:51.0109 0448 ql12160 - ok

13:05:51.0125 0448 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:05:51.0125 0448 ql1240 - ok

13:05:51.0156 0448 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:05:51.0171 0448 ql1280 - ok

13:05:51.0187 0448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:05:51.0187 0448 RasAcd - ok

13:05:51.0250 0448 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

13:05:51.0265 0448 RasAuto - ok

13:05:51.0281 0448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:05:51.0296 0448 Rasl2tp - ok

13:05:51.0343 0448 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

13:05:51.0359 0448 RasMan - ok

13:05:51.0359 0448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:05:51.0375 0448 RasPppoe - ok

13:05:51.0421 0448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:05:51.0437 0448 Raspti - ok

13:05:51.0484 0448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:05:51.0500 0448 Rdbss - ok

13:05:51.0500 0448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:05:51.0515 0448 RDPCDD - ok

13:05:51.0531 0448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:05:51.0546 0448 rdpdr - ok

13:05:51.0578 0448 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

13:05:51.0593 0448 RDPWD - ok

13:05:51.0609 0448 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

13:05:51.0640 0448 RDSessMgr - ok

13:05:51.0656 0448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:05:51.0671 0448 redbook - ok

13:05:51.0765 0448 RegSrvc (6210679582240d54cc7fcc6278ca8b04) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

13:05:51.0796 0448 RegSrvc - ok

13:05:51.0828 0448 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

13:05:51.0843 0448 RemoteAccess - ok

13:05:51.0859 0448 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

13:05:51.0875 0448 RemoteRegistry - ok

13:05:52.0015 0448 ReportServer (abccdc47fe31ffc6ff18ce6656a8bbb4) C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe

13:05:52.0031 0448 ReportServer - ok

13:05:52.0078 0448 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

13:05:52.0078 0448 rimmptsk - ok

13:05:52.0125 0448 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

13:05:52.0140 0448 RimSerPort - ok

13:05:52.0187 0448 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

13:05:52.0187 0448 rimsptsk - ok

13:05:52.0218 0448 RimUsb (913966a94de5fa40f0948c65221f08cc) C:\WINDOWS\system32\Drivers\RimUsb.sys

13:05:52.0234 0448 RimUsb - ok

13:05:52.0265 0448 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

13:05:52.0281 0448 rismxdp - ok

13:05:52.0296 0448 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

13:05:52.0312 0448 ROOTMODEM - ok

13:05:52.0359 0448 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

13:05:52.0375 0448 RpcLocator - ok

13:05:52.0437 0448 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:05:52.0437 0448 RpcSs - ok

13:05:52.0484 0448 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

13:05:52.0515 0448 RSVP - ok

13:05:52.0578 0448 RTL8187B (180a0296bf259c1aeeb8dc100cc87a31) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

13:05:52.0593 0448 RTL8187B - ok

13:05:52.0781 0448 S24EventMonitor (99647323602be0e77a9737e6eada65ba) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

13:05:52.0796 0448 S24EventMonitor - ok

13:05:52.0812 0448 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys

13:05:52.0828 0448 s24trans - ok

13:05:52.0859 0448 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:05:52.0859 0448 SamSs - ok

13:05:52.0937 0448 SavRoam (735debf79a6da44d56542e12edf51b75) C:\Program Files\Symantec AntiVirus\SavRoam.exe

13:05:52.0953 0448 SavRoam - ok

13:05:53.0000 0448 SAVRT (e768eff5753906272e375282d7a511e0) C:\Program Files\Symantec AntiVirus\savrt.sys

13:05:53.0015 0448 SAVRT - ok

13:05:53.0031 0448 SAVRTPEL (d9d45ad65063e8966acafb1f574c8617) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

13:05:53.0031 0448 SAVRTPEL - ok

13:05:53.0093 0448 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

13:05:53.0109 0448 SCardSvr - ok

13:05:53.0171 0448 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

13:05:53.0187 0448 Schedule - ok

13:05:53.0218 0448 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

13:05:53.0218 0448 sdbus - ok

13:05:53.0265 0448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:05:53.0265 0448 Secdrv - ok

13:05:53.0296 0448 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

13:05:53.0296 0448 seclogon - ok

13:05:53.0328 0448 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

13:05:53.0343 0448 SENS - ok

13:05:53.0390 0448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:05:53.0406 0448 serenum - ok

13:05:53.0421 0448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:05:53.0437 0448 Serial - ok

13:05:53.0437 0448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:05:53.0453 0448 Sfloppy - ok

13:05:53.0531 0448 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

13:05:53.0546 0448 SharedAccess - ok

13:05:53.0578 0448 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:05:53.0578 0448 ShellHWDetection - ok

13:05:53.0593 0448 Simbad - ok

13:05:53.0640 0448 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:05:53.0656 0448 sisagp - ok

13:05:53.0687 0448 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys

13:05:53.0703 0448 SjyPkt - ok

13:05:53.0796 0448 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:05:53.0796 0448 SMTPSVC - ok

13:05:53.0843 0448 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:05:53.0843 0448 Sparrow - ok

13:05:54.0000 0448 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

13:05:54.0015 0448 SPBBCDrv - ok

13:05:54.0218 0448 SPBBCSvc (8a09ab7a1fd856acc469bd0cd4e98351) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

13:05:54.0250 0448 SPBBCSvc - ok

13:05:54.0437 0448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:05:54.0453 0448 splitter - ok

13:05:54.0484 0448 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

13:05:54.0500 0448 Spooler - ok

13:05:54.0671 0448 SQLAgent$MICROSOFTSMLBIZ (352e375ab298c23b0f9bc307652c7f50) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE

13:05:54.0687 0448 SQLAgent$MICROSOFTSMLBIZ - ok

13:05:54.0828 0448 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:05:54.0859 0448 SQLBrowser - ok

13:05:54.0984 0448 SQLSERVERAGENT (7847ef1db2e289be82cbc70cf4d98ff8) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE

13:05:55.0015 0448 SQLSERVERAGENT - ok

13:05:55.0046 0448 SQLWriter (54902536aad0e9b99bc65f89c0caf93f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:05:55.0078 0448 SQLWriter - ok

13:05:55.0093 0448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:05:55.0093 0448 sr - ok

13:05:55.0156 0448 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

13:05:55.0171 0448 srservice - ok

13:05:55.0234 0448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:05:55.0250 0448 Srv - ok

13:05:55.0343 0448 SR_Service (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

13:05:55.0375 0448 SR_Service - ok

13:05:55.0390 0448 SR_Watchdog (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

13:05:55.0406 0448 SR_Watchdog - ok

13:05:55.0421 0448 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

13:05:55.0437 0448 sscdbhk5 - ok

13:05:55.0468 0448 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

13:05:55.0468 0448 SSDPSRV - ok

13:05:55.0484 0448 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

13:05:55.0484 0448 ssrtln - ok

13:05:55.0609 0448 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys

13:05:55.0640 0448 STHDA - ok

13:05:55.0703 0448 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

13:05:55.0718 0448 stisvc - ok

13:05:55.0828 0448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:05:55.0843 0448 swenum - ok

13:05:55.0859 0448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:05:55.0875 0448 swmidi - ok

13:05:55.0875 0448 SwPrv - ok

13:05:56.0125 0448 Symantec AntiVirus (26b3e57f33d3f6fe7e88beac82aeb12a) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

13:05:56.0156 0448 Symantec AntiVirus - ok

13:05:56.0359 0448 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:05:56.0375 0448 symc810 - ok

13:05:56.0375 0448 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:05:56.0390 0448 symc8xx - ok

13:05:56.0421 0448 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

13:05:56.0437 0448 SymEvent - ok

13:05:56.0453 0448 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:05:56.0453 0448 sym_hi - ok

13:05:56.0453 0448 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:05:56.0468 0448 sym_u3 - ok

13:05:56.0531 0448 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

13:05:56.0531 0448 SynTP - ok

13:05:56.0578 0448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:05:56.0593 0448 sysaudio - ok

13:05:56.0640 0448 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

13:05:56.0656 0448 SysmonLog - ok

13:05:56.0687 0448 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

13:05:56.0703 0448 TapiSrv - ok

13:05:56.0781 0448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:05:56.0796 0448 Tcpip - ok

13:05:56.0828 0448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:05:56.0828 0448 TDPIPE - ok

13:05:56.0843 0448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:05:56.0859 0448 TDTCP - ok

13:05:56.0875 0448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:05:56.0890 0448 TermDD - ok

13:05:56.0921 0448 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

13:05:56.0953 0448 TermService - ok

13:05:57.0015 0448 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

13:05:57.0031 0448 tfsnboio - ok

13:05:57.0062 0448 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

13:05:57.0078 0448 tfsncofs - ok

13:05:57.0078 0448 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

13:05:57.0093 0448 tfsndrct - ok

13:05:57.0109 0448 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

13:05:57.0109 0448 tfsndres - ok

13:05:57.0125 0448 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

13:05:57.0140 0448 tfsnifs - ok

13:05:57.0156 0448 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

13:05:57.0171 0448 tfsnopio - ok

13:05:57.0171 0448 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

13:05:57.0187 0448 tfsnpool - ok

13:05:57.0203 0448 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

13:05:57.0203 0448 tfsnudf - ok

13:05:57.0234 0448 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

13:05:57.0234 0448 tfsnudfa - ok

13:05:57.0281 0448 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:05:57.0281 0448 Themes - ok

13:05:57.0343 0448 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

13:05:57.0359 0448 TlntSvr - ok

13:05:57.0406 0448 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:05:57.0406 0448 TosIde - ok

13:05:57.0453 0448 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

13:05:57.0468 0448 TrkWks - ok

13:05:57.0515 0448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:05:57.0531 0448 Udfs - ok

13:05:57.0531 0448 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:05:57.0546 0448 ultra - ok

13:05:57.0609 0448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:05:57.0609 0448 Update - ok

13:05:57.0640 0448 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

13:05:57.0656 0448 upnphost - ok

13:05:57.0687 0448 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

13:05:57.0703 0448 UPS - ok

13:05:57.0750 0448 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys

13:05:57.0765 0448 USBAAPL - ok

13:05:57.0796 0448 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

13:05:57.0812 0448 usbaudio - ok

13:05:57.0812 0448 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:05:57.0828 0448 usbccgp - ok

13:05:57.0843 0448 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:05:57.0859 0448 usbehci - ok

13:05:57.0875 0448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:05:57.0890 0448 usbhub - ok

13:05:57.0906 0448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:05:57.0921 0448 usbprint - ok

13:05:57.0937 0448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:05:57.0937 0448 usbscan - ok

13:05:57.0968 0448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:05:57.0984 0448 USBSTOR - ok

13:05:58.0000 0448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:05:58.0015 0448 usbuhci - ok

13:05:58.0031 0448 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

13:05:58.0031 0448 usb_rndisx - ok

13:05:58.0062 0448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:05:58.0062 0448 VgaSave - ok

13:05:58.0093 0448 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:05:58.0109 0448 viaagp - ok

13:05:58.0140 0448 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:05:58.0140 0448 ViaIde - ok

13:05:58.0203 0448 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\WINDOWS\system32\DRIVERS\vnasc.sys

13:05:58.0218 0448 VNASC - ok

13:05:58.0234 0448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:05:58.0234 0448 VolSnap - ok

13:05:58.0328 0448 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\WINDOWS\System32\drivers\vpn.sys

13:05:58.0343 0448 VPN-1 - ok

13:05:58.0359 0448 vsdatant - ok

13:05:58.0421 0448 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

13:05:58.0437 0448 VSS - ok

13:05:58.0453 0448 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

13:05:58.0468 0448 w32time - ok

13:05:58.0609 0448 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys

13:05:58.0625 0448 w39n51 - ok

13:05:58.0843 0448 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:05:58.0843 0448 W3SVC - ok

13:05:58.0937 0448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:05:58.0937 0448 Wanarp - ok

13:05:58.0984 0448 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

13:05:59.0000 0448 wanatw - ok

13:05:59.0000 0448 WDICA - ok

13:05:59.0031 0448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:05:59.0031 0448 wdmaud - ok

13:05:59.0078 0448 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

13:05:59.0093 0448 WebClient - ok

13:05:59.0187 0448 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

13:05:59.0203 0448 winachsf - ok

13:05:59.0265 0448 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:05:59.0281 0448 winmgmt - ok

13:05:59.0390 0448 WLANKEEPER (e876c33293aa5ffa81a1aa28d594712e) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

13:05:59.0406 0448 WLANKEEPER - ok

13:05:59.0468 0448 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

13:05:59.0484 0448 WmdmPmSN - ok

13:05:59.0562 0448 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

13:05:59.0578 0448 Wmi - ok

13:05:59.0671 0448 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

13:05:59.0671 0448 WmiAcpi - ok

13:05:59.0703 0448 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:05:59.0718 0448 WmiApSrv - ok

13:05:59.0906 0448 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

13:05:59.0937 0448 WMPNetworkSvc - ok

13:06:00.0000 0448 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

13:06:00.0000 0448 wscsvc - ok

13:06:00.0015 0448 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

13:06:00.0031 0448 wuauserv - ok

13:06:00.0078 0448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:06:00.0093 0448 WudfPf - ok

13:06:00.0109 0448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:06:00.0109 0448 WudfRd - ok

13:06:00.0140 0448 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

13:06:00.0156 0448 WudfSvc - ok

13:06:00.0234 0448 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

13:06:00.0250 0448 WZCSVC - ok

13:06:00.0265 0448 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

13:06:00.0281 0448 xmlprov - ok

13:06:00.0328 0448 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

13:06:00.0812 0448 \Device\Harddisk0\DR0 - ok

13:06:00.0812 0448 Boot (0x1200) (76d8ac9683955d21bbe255f22d2403d1) \Device\Harddisk0\DR0\Partition0

13:06:00.0812 0448 \Device\Harddisk0\DR0\Partition0 - ok

13:06:00.0812 0448 ============================================================

13:06:00.0812 0448 Scan finished

13:06:00.0812 0448 ============================================================

13:06:00.0828 4008 Detected object count: 1

13:06:00.0828 4008 Actual detected object count: 1

13:06:57.0359 4008 C:\oracle\ora92/bin/pagntsrv.exe - copied to quarantine

13:06:57.0515 4008 OracleOraHome92PagingServer ( HiddenFile.Multi.Generic ) - User select action: Quarantine

13:07:07.0734 4576 Deinitialize success

I'm going to post this, and then reboot, and then follow the rest of your instructions (update MBAM and run it, then run combofix and post the log here).

Thanks again...

Gabe

DenverDeveloper · July 19, 2012

Updated and re-ran MBAM quick scan. It found no threats. Log is as follows:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.13

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

gabe :: GOHOME [administrator]

7/19/2012 1:31:48 PM

mbam-log-2012-07-19 (13-31-48).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 236184

Time elapsed: 22 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Will go run combofix now...

Gabe

DenverDeveloper · July 19, 2012

Hi again,

Ran ComboFix. Here's the log:

ComboFix 12-07-19.02 - gabe 07/19/2012 14:29:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2247 [GMT -6:00]

Running from: c:\documents and settings\gabe\My Documents\Downloads\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\gabe\g2mdlhlpx.exe

c:\documents and settings\gabe\GoToAssistDownloadHelper.exe

c:\documents and settings\gabe\WINDOWS

c:\windows\system32\Cache

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\system32\MsMAsk32.ocx

.

((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))

.

2012-07-19 19:01 . 2012-07-19 19:01 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 20:59 . 2012-07-18 20:59 388096 ----a-r- c:\documents and settings\gabe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-18 20:59 . 2012-07-18 20:59 -------- d-----w- c:\program files\Trend Micro

2012-07-16 22:40 . 2012-07-16 22:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-16 22:40 . 2011-06-17 14:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 19:46 . 2010-05-21 21:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2007-04-06 01:13 1866112 ------w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-09-18 01:52 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-11 22:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 21:19 . 2007-06-25 02:21 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 21:19 . 2007-06-25 02:21 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 21:19 . 2004-08-11 22:12 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 21:19 . 2004-08-11 22:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 21:19 . 2004-08-11 22:12 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 21:19 . 2007-06-25 02:21 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 21:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 21:19 . 2004-08-11 22:12 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 21:19 . 2004-08-11 22:12 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 21:19 . 2004-08-11 22:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 21:19 . 2007-06-25 02:21 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 21:19 . 2004-08-11 22:12 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 21:19 . 2004-08-11 22:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 21:18 . 2011-11-15 21:30 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 21:18 . 2011-11-15 21:30 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 21:18 . 2011-11-15 21:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2004-08-11 22:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-04 03:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2004-08-11 22:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 12:18 . 2010-08-05 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-23 12:18 . 2008-10-13 17:48 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-05-12 22:42 . 2010-05-12 22:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-05-12 23:22 . 2010-05-12 23:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-05-12 22:43 . 2010-05-12 22:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-05-12 22:42 . 2010-05-12 22:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-05-12 22:42 . 2010-05-12 22:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-05-12 22:41 . 2010-05-12 22:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-05-12 22:42 . 2010-05-12 22:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-05-12 22:42 . 2010-05-12 22:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-04-14 19:55 . 2010-04-14 19:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-05-12 22:43 . 2010-05-12 22:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-18 16:39 . 2011-11-10 15:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-26 169984]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-08-03 53096]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-01 125368]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

c:\documents and settings\gabe\Start Menu\Programs\Startup\

VOIP321.lnk - c:\program files\Philips\VOIP321\VOIP321.exe [2007-5-3 376832]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-20 113664]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-26 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-8-21 339968]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [N/A]

Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-9 634880]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

2009-12-15 17:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2006-08-22 20:32 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\oracle\\ora92\\Apache\\Apache\\Apache.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=

"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"24726:TCP"= 24726:TCP:FlipShareServer

"24727:TCP"= 24727:TCP:FlipShareServer

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]

R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 11:41 AM 47504]

R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]

R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [1/29/2008 4:15 PM 126680]

R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 11:40 AM 684280]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 8:06 PM 106656]

R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [1/29/2008 4:15 PM 2245624]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2011 3:23 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/28/2011 3:23 PM 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 2:46 PM 113120]

S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2/13/2002 6:23 AM 187392]

S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2/13/2002 6:23 AM 254464]

S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/28/2007 9:58 PM 215040]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/1/2009 2:15 PM 116664]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 8:57 AM 13532]

S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [4/26/2002 3:29 PM 28944]

S4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [4/18/2002 8:02 PM 4096]

S4 OracleServiceGABE;OracleServiceGABE;c:\oracle\ora92\bin\ORACLE.EXE GABE --> c:\oracle\ora92\bin\ORACLE.EXE GABE [?]

S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/14/2005 4:44 AM 14552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 21:23]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 21:23]

.

2012-07-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 04:18]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\gabe\Application Data\Mozilla\Firefox\Profiles\9icxbd7h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: extentions.y2layers.installId - 6f8a07da-ad67-4396-b475-52aa38b2b691

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-19 14:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]

"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]

"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1004)

c:\windows\system32\ckpNotify.dll

.

Completion time: 2012-07-19 14:55:14

ComboFix-quarantined-files.txt 2012-07-19 20:54

.

Pre-Run: 23,554,494,464 bytes free

Post-Run: 27,358,089,216 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - EA5D7543F080ACA4B0B33EDFDCCA8AB1

Please let me know what the next steps should be.

Thanks again,

Gabe

screen317 · July 19, 2012

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

DenverDeveloper · July 20, 2012

ESET says it found and cleaned several copies of the olmarik trojan, plus yontoo.b, whatever that is. Here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=25f096177dc05f48b8385d0959b87013

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-20 12:35:25

# local_time=2012-07-19 06:35:25 (-0700, Mountain Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 3213 3213 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=190625

# found=9

# cleaned=9

# scan_time=9741

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1606\A0071893.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\19.07.2012_12.57.04\mbr0000\tdlfs0000\tsk0013.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

And here are the results of your scan:

Results of screen317's Security Check version 0.99.43

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Symantec AntiVirus Corporate Edition

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 31

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.3.300.265

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

Symantec AntiVirus DefWatch.exe

Symantec AntiVirus Rtvscan.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

I've actually never defragged this hard drive. Oops, how embarrassing. It's so large, I guess I just never thought I'd need to. Aside from that, anything else you think I need to do?

The original issue - google links redirecting - is no longer happening. Yay!

Thanks so much. So, a few remaining questions:

1 - Anything else you suggest I do?

2 - Should I uninstall any of the stuff I installed?

3 - Any idea how I got infected?

4 - How do I avoid this happening again?

5 - Any way I can pay you for your time?

Gabe

screen317 · July 20, 2012

Hi,

Run TFC by OldTimer to clear temporary files:

Please download TFC from here and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 31

Java™ 6 Update 7

Adobe Flash Player 10

Restart your computer.

Get the latest version of Java.

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Reboot when it finishes.Let me know what issues remain. Then I can provide you with some preventative measures.

DenverDeveloper · July 23, 2012

So far, so good. I did get a popup message the other day about "clicking here for a virus update". It rather looked like that fake virus protection trojan - you know the one I mean? Unfortunately, I just closed it, without getting a screen shot. I'd hoped it would pop up again, so I could double-check, but it's been several days now, and I haven't seen it. Perhaps it really was just my virus protection (Symantec) requesting an update. I'm not sure.

Gabe

screen317 · July 25, 2012

Could have been Symantec. Can't say for sure without a screenshot.

Let me know if you encounter any further issues.

DenverDeveloper · July 25, 2012

Yeah, will do. Any thoughts on my other questions?

- Any idea how I got infected?

- How do I avoid this happening again?

- Any way I can pay you for your time?

Gabe

screen317 · July 25, 2012

Hi,

There are so many infection vectors that it's be a complete guess as to where it came from. :/

Don't worry about paying for my time; I'd much rather you be protected for the future. You can do that by purchasing the PRO version of MBAM. Here is my standard prevention speech:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go
Yellow for caution
Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

DenverDeveloper · July 30, 2012

See attached... Should I proceed with this?

Thanks,

GO

screen317 · July 31, 2012

Certainly give it a try.

screen317 · August 7, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Maurice Naggar · August 13, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Both IE and Firefox redirecting links

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information