Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Odd popup with .exe (revisited)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Odd popup with .exe (revisited)

Unread postby minibike132 » November 10th, 2012, 3:10 pm

New logs
First DDS.txt
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_34
Run by Owner at 13:24:39 on 2012-11-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.128 [GMT -6:00]
.
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: <No Name>: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SiteHound: {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesus.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesus.dll
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Yahoo! &Dictionary - /c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - /c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - /c:\program files\yahoo!\Common/ycsms.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D40C1721-EF88-496F-AECA-03DE5BD8E4A6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 216.19.0.250 idenupdate.motorola.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\z3d79tyc.default\
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - ExtSQL: 2012-09-15 14:06; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2008-05-17 09:41; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\siber systems\ai roboform\Firefox
FF - ExtSQL: !HIDDEN! 2009-09-02 06:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2009-10-7 472280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-27 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-27 22856]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-11-1 16512]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2007-3-2 44256]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .reg: regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-28 00:31:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 00:31:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-09-15 19:05:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-15 19:05:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-15 19:05:47 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 01:22:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 01:22:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:24:50.65 ===============

Then Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2005 6:15:17 PM
System Uptime: 11/10/2012 12:38:07 PM (1 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1729/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 86 GiB total, 29.05 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 3.92 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1106: 8/16/2012 12:43:46 PM - Software Distribution Service 3.0
RP1107: 8/18/2012 10:57:16 PM - System Checkpoint
RP1108: 8/31/2012 9:06:18 PM - System Checkpoint
RP1109: 9/1/2012 9:52:53 PM - System Checkpoint
RP1110: 9/6/2012 11:04:18 PM - System Checkpoint
RP1111: 9/10/2012 8:43:18 PM - System Checkpoint
RP1112: 9/13/2012 2:23:31 PM - Software Distribution Service 3.0
RP1113: 9/15/2012 8:51:28 AM - System Checkpoint
RP1114: 9/15/2012 2:04:36 PM - Removed Java(TM) 6 Update 20
RP1115: 9/15/2012 2:04:58 PM - Installed Java(TM) 6 Update 34
RP1116: 9/22/2012 8:59:55 AM - Software Distribution Service 3.0
RP1117: 9/29/2012 10:48:54 AM - System Checkpoint
RP1118: 10/1/2012 9:52:24 AM - System Checkpoint
RP1119: 10/6/2012 4:32:45 PM - System Checkpoint
RP1120: 10/11/2012 1:25:15 PM - Software Distribution Service 3.0
RP1121: 10/12/2012 7:25:48 PM - System Checkpoint
RP1122: 10/19/2012 9:28:07 PM - System Checkpoint
RP1123: 10/21/2012 12:01:05 AM - System Checkpoint
RP1124: 10/27/2012 6:26:46 PM - System Checkpoint
RP1125: 10/28/2012 8:47:36 PM - System Checkpoint
RP1126: 11/4/2012 9:42:44 PM - System Checkpoint
RP1127: 11/5/2012 11:15:47 PM - System Checkpoint
RP1128: 11/7/2012 9:16:04 PM - System Checkpoint
RP1129: 11/8/2012 11:52:28 PM - System Checkpoint
RP1130: 11/10/2012 3:52:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
AFIT Database Field Update Utility V3.03
AFIT v1.02
AI RoboForm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Big Game Hunter II
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2007
DVDFab Platinum 4.1.2.0
ESET Online Scanner
ESET Smart Security
Foxit Reader
Foxit Toolbar
Free Window Registry Repair
GDS
Google Earth
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Illinois 2009
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 34
Java(TM) 6 Update 7
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Money Manager Ex 0.9.3.0
Move Media Player
Mozilla Firefox 10.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Stumbler 0.4.0 (remove only)
PaperPort
Pawsoft Fass
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PL-2303 USB-to-Serial
QuickTime
RealPlayer
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiteHound for Internet Explorer 2.0.0
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.1
SpywareGuard v2.2
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Tech2 SAE J2534 DLL
TiVo Desktop 2.7
Ultrasoft MoneyLink
Understanding Automatic Transmissions
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDR Host Application
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 3
WinPatrol 2008
XnView 1.97.2
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
11/7/2012 9:00:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F0D83D63 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/4/2012 5:57:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/10/2012 11:32:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/10/2012 11:32:33 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


I am sorry for taking so long to respond. My original topic was archived as a result. I have been busy all week so I tried multiple times to start the OTL scan as requested, then walked away to do something else. Each time when I returned, my computer just had my normal screen up with no logs. Today I watched the scan. It locked up during

Looking for newly created files C:\WINDOWS\DUMP6ce3.tmp.

Then the computer went to blue screen with the following message

A problem has been detected and windows has been shut down to prevent dammage to your computer.

KERNEL_STACK_IMAGE_ERROR

If this the first time you've seen this stop error screen, restart your computer. If this screen appears again follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or romove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components , restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

***STOP: 0x00000077 (0xc000000E, 0x000000E0x00000000,0x12404000)

Beginning dump of physical memory

Not sure if I did something wrong with the new program you asked me to download, but I thought I followed instructions to the letter. I have not tried un-installing and re-installing. I thought I would shoot this message past you first.

I did some thinking about what I was doing when the error occoured. I had just clicked on a Bass Pro Shop page from Google search. Previous to that I was on a few other large store sites and previous to that on my banking web site. A few days later I was again on my banking web site and there was a message across the screen. I didn't write down the actual message but it read something like this

We have become aware of hackers attempting to make fraudulent charges to accounts while customers are online banking. Please take this time to shut down banking and ensure that your anti-virus and firewall is up to date.

Coincidence? maybe, I'm not sure but I thought it was worth a mention.

Here is a link to my original topic in the archives http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=60674 I hope this is allowed. I'm sure you could find it yourself but I thought I'd save you the trouble.

Thank you for your time and expertise, and again my appologies for not responding in a timely fashion.
User avatar
minibike132
Regular Member
 
Posts: 53
Joined: June 6th, 2007, 11:28 pm
Location: Chicagoland
Advertisement
Register to Remove

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 11th, 2012, 5:40 pm

checking your post - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 11th, 2012, 5:50 pm

Hi minibike132,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Please let me know if the computer is used for business in any way.

Please also let me know what the following software is used for.
AFIT v1.02
VDR Host Application
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Odd popup with .exe (revisited)

Unread postby minibike132 » November 11th, 2012, 9:15 pm

Deltalima, thank you for your response.

This computer is not used for buisness in any way. I am an auto mechanic and I did use this machine when I was a dealership mechanic. I was in no way compensated for having it there, it just made life easier on me. It beat waiting for other techs and fighting through virus's, malware and speed issues that were always on company machines due to lack of maintenance.

The two programs you asked about, AFIT and VDR are applications that show data from some of the diagnostic tools from those dealer days. I can remove them if it makes you feel better. I only keep them because someday I may return to a dealer and those programs are usually lost.

Below are the logs you requested, and thank you again for your help.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.VUNARH
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-J8BM6-MXPH6-3R2BW
Windows Product Key Hash: YMRVitCEjlJfwDQfjDvm97FbWA4=
Windows Product ID: 76477-OEM-2111907-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {84D1F878-E072-4949-9D2B-F5DD93A4DF87}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: Registered, 1.6.21.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{84D1F878-E072-4949-9D2B-F5DD93A4DF87}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3R2BW</PKey><PID>76477-OEM-2111907-00103</PID><PIDType>2</PIDType><SID>S-1-5-21-1360505734-2116250571-1069761396</SID><SYSTEM><Manufacturer>Gateway </Manufacturer><Model>8510GZ </Model></SYSTEM><BIOS><Manufacturer>Gateway</Manufacturer><Version>59.04</Version><SMBIOSVersion major="2" minor="31"/><Date>20050713000000.000000+000</Date><SLPBIOS>Gateway,Gateway,Gateway,Gateway</SLPBIOS></BIOS><HWID>EF333F07018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Gateway</name><model>8510GZ</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>49447AE85B65D02</Val><Hash>rDCZfQ7TRrHvHtCFmOmbwXkfYo4=</Hash><Pid>73931-641-0002212-57328</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:Gateway, Inc
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A
User avatar
minibike132
Regular Member
 
Posts: 53
Joined: June 6th, 2007, 11:28 pm
Location: Chicagoland

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 12th, 2012, 4:47 am

Hi minibike132,

Please uninstall the following programs

Free Window Registry Repair
Ad-Aware


TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\windows\system32\corpol.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Odd popup with .exe (revisited)

Unread postby minibike132 » November 13th, 2012, 8:30 pm

Hi deltalima,
I removed Windows free registry repair and Ad-Aware. Below are DDS logs to verify complete removal.

I ran the TDSS and the scan completed with nothing found

The last log is the Virustotal.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_34
Run by Owner at 18:24:12 on 2012-11-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.149 [GMT -6:00]
.
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pawsoft\Fass\Fass.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: <No Name>: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SiteHound: {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesus.dll
EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\common\yhexbmesus.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Yahoo! &Dictionary - /c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - /c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - /c:\program files\yahoo!\Common/ycsms.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D40C1721-EF88-496F-AECA-03DE5BD8E4A6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
Hosts: 216.19.0.250 idenupdate.motorola.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\z3d79tyc.default\
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - ExtSQL: 2012-09-15 14:06; {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2008-05-17 09:41; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\siber systems\ai roboform\Firefox
FF - ExtSQL: !HIDDEN! 2009-09-02 06:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============
.
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2009-10-7 472280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-27 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-27 22856]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-11-1 16512]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [2007-3-2 44256]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .reg: regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-28 00:31:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 00:31:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-09-15 19:05:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-15 19:05:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-15 19:05:47 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 01:22:41 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 01:22:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 18:25:37.81 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2005 6:15:17 PM
System Uptime: 11/13/2012 10:03:12 AM (8 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | uFCPGA2 | 1729/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 86 GiB total, 28.804 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 3.92 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1106: 8/16/2012 12:43:46 PM - Software Distribution Service 3.0
RP1107: 8/18/2012 10:57:16 PM - System Checkpoint
RP1108: 8/31/2012 9:06:18 PM - System Checkpoint
RP1109: 9/1/2012 9:52:53 PM - System Checkpoint
RP1110: 9/6/2012 11:04:18 PM - System Checkpoint
RP1111: 9/10/2012 8:43:18 PM - System Checkpoint
RP1112: 9/13/2012 2:23:31 PM - Software Distribution Service 3.0
RP1113: 9/15/2012 8:51:28 AM - System Checkpoint
RP1114: 9/15/2012 2:04:36 PM - Removed Java(TM) 6 Update 20
RP1115: 9/15/2012 2:04:58 PM - Installed Java(TM) 6 Update 34
RP1116: 9/22/2012 8:59:55 AM - Software Distribution Service 3.0
RP1117: 9/29/2012 10:48:54 AM - System Checkpoint
RP1118: 10/1/2012 9:52:24 AM - System Checkpoint
RP1119: 10/6/2012 4:32:45 PM - System Checkpoint
RP1120: 10/11/2012 1:25:15 PM - Software Distribution Service 3.0
RP1121: 10/12/2012 7:25:48 PM - System Checkpoint
RP1122: 10/19/2012 9:28:07 PM - System Checkpoint
RP1123: 10/21/2012 12:01:05 AM - System Checkpoint
RP1124: 10/27/2012 6:26:46 PM - System Checkpoint
RP1125: 10/28/2012 8:47:36 PM - System Checkpoint
RP1126: 11/4/2012 9:42:44 PM - System Checkpoint
RP1127: 11/5/2012 11:15:47 PM - System Checkpoint
RP1128: 11/7/2012 9:16:04 PM - System Checkpoint
RP1129: 11/8/2012 11:52:28 PM - System Checkpoint
RP1130: 11/10/2012 3:52:24 AM - System Checkpoint
RP1131: 11/11/2012 6:19:41 PM - System Checkpoint
RP1132: 11/13/2012 6:01:56 PM - Removed Ad-Aware
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
AFIT Database Field Update Utility V3.03
AFIT v1.02
AI RoboForm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Big Game Hunter II
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2007
DVDFab Platinum 4.1.2.0
ESET Online Scanner
ESET Smart Security
Foxit Reader
Foxit Toolbar
GDS
Google Earth
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
H&R Block Illinois 2009
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 34
Java(TM) 6 Update 7
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Money Manager Ex 0.9.3.0
Move Media Player
Mozilla Firefox 10.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Stumbler 0.4.0 (remove only)
PaperPort
Pawsoft Fass
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PL-2303 USB-to-Serial
QuickTime
RealPlayer
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiteHound for Internet Explorer 2.0.0
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SpywareBlaster 4.1
SpywareGuard v2.2
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
Tech2 SAE J2534 DLL
TiVo Desktop 2.7
Ultrasoft MoneyLink
Understanding Automatic Transmissions
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDR Host Application
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 3
WinPatrol 2008
XnView 1.97.2
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 7:35:00 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F0D83D63 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/8/2012 6:28:24 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
11/10/2012 11:32:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/10/2012 11:32:33 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


VIRUSTOTAL SCAN

SHA256: 9acd224b318861d817b9eb2e7b7c7d6f1304a39460cab1bf3bc8a645c52bb785
SHA1: 6975c6d8e5cc56df26d13b53566e32fd29542f99
MD5: b530ba71767059f8bcf15226c4052f52
File size: 17.0 KB ( 17408 bytes )
File name: corpol.dll
File type: Win32 DLL
Detection ratio: 0 / 44
Analysis date: 2012-11-14 00:14:12 UTC ( 0 minutes ago )
00
Less details
Analysis
Comments
Votes
Additional information

Antivirus Result Update
Agnitum - 20121113
AhnLab-V3 - 20121113
AntiVir - 20121113
Antiy-AVL - 20121113
Avast - 20121114
AVG - 20121113
BitDefender - 20121114
ByteHero - 20121113
CAT-QuickHeal - 20121113
ClamAV - 20121114
Commtouch - 20121114
Comodo - 20121113
DrWeb - 20121114
Emsisoft - 20121114
eSafe - 20121112
ESET-NOD32 - 20121113
F-Prot - 20121113
F-Secure - 20121113
Fortinet - 20121114
GData - 20121114
Ikarus - 20121113
Jiangmin - 20121113
K7AntiVirus - 20121110
Kaspersky - 20121114
Kingsoft - 20121112
McAfee - 20121114
McAfee-GW-Edition - 20121113
Microsoft - 20121113
MicroWorld-eScan - 20121114
Norman - 20121112
nProtect - 20121113
Panda - 20121113
PCTools - 20121113
Rising - 20121113
Sophos - 20121114
SUPERAntiSpyware - 20121113
Symantec - 20121113
TheHacker - 20121113
TotalDefense - 20121113
TrendMicro - 20121114
TrendMicro-HouseCall - 20121114
VBA32 - 20121112
VIPRE - 20121114
ViRobot - 20121113

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

More comments
Leave your comment...?
Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ?
Remove Formatting



Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community No votes. No one has voted on this item yet, be the first one to do so!

More votes

An error occurred
ssdeep
384:8nV35h5wv6L+YeaWwwW8tRKkJpP8t9cCTFt0Zgo8eoWFc:8nbwv6KaWZW81P+9ce0ZA
TrID
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)

ExifTool
SubsystemVersion.........: 5.1
InitializedDataSize......: 4096
ImageVersion.............: 6.0
ProductName..............: Windows Internet Explorer
FileVersionNumber........: 2007.0.0.17103
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 8.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows command line
FileVersion..............: 2007.0.0.17103 (vista_gdr.110816-1000)
TimeStamp................: 2012:08:27 20:12:34+01:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: CORPOL.DLL
ProductVersion...........: 2007.0.0.17103
FileDescription..........: Microsoft COM Runtime Execution Engine
OSVersion................: 6.0
OriginalFilename.........: CORPOL.DLL
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 13312
FileSubtype..............: 0
ProductVersionNumber.....: 2007.0.0.17103
EntryPoint...............: 0x1316
ObjectFileType...........: Dynamic link library
Sigcheck
publisher................: Microsoft Corporation
product..................: Windows_ Internet Explorer
internal name............: CORPOL.DLL
file version.............: 2007.0.0.17103 (vista_gdr.110816-1000)
original name............: CORPOL.DLL
copyright................: (c) Microsoft Corporation. All rights reserved.
description..............: Microsoft COM Runtime Execution Engine
Portable Executable structural information
Compilation timedatestamp.....: 2012-08-27 19:12:34
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00001316

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 13303 13312 6.48 c99672a4d2c8f0ed3e2e00a9da4f1bb4
.data 20480 1108 512 1.68 25237abd4f6110bcbe23b74f2126caab
.rsrc 24576 1032 1536 2.47 ea64e32ca49fdedadfaba2e2d1267f54
.reloc 28672 608 1024 4.60 76c030115110236818e5e71551a88853

PE Imports....................:

[[urlmon.dll]]
CoInternetCreateSecurityManager

[[CRYPT32.dll]]
CertFindAttribute, CryptEncodeObject

[[KERNEL32.dll]]
GetLastError, EnterCriticalSection, FreeLibrary, QueryPerformanceCounter, GetTickCount, DisableThreadLibraryCalls, LoadLibraryA, RtlUnwind, lstrlenW, DeleteCriticalSection, GetCurrentProcess, GetCurrentProcessId, UnhandledExceptionFilter, GetProcAddress, InterlockedCompareExchange, InterlockedExchange, SetUnhandledExceptionFilter, GetSystemTimeAsFileTime, LocalFree, TerminateProcess, InitializeCriticalSection, VirtualFree, Sleep, GetCurrentThreadId, VirtualAlloc, LocalAlloc, LeaveCriticalSection

[[msvcrt.dll]]
_amsg_exit, malloc, _adjust_fdiv, memset, free, _XcptFilter, _initterm, memcpy

[[WINTRUST.dll]]
WintrustRemoveActionID, WTHelperCertCheckValidSignature, WTHelperGetProvSignerFromChain, WinVerifyTrust, WintrustLoadFunctionPointers, WintrustAddActionID, WTHelperGetProvCertFromChain

[[ole32.dll]]
CoTaskMemFree, CoUninitialize, CoInitialize, CoTaskMemAlloc

[[SHLWAPI.dll]]
Ord(437)

[[USER32.dll]]
GetFocus

PE Exports....................:

CORLockDownProvider, CORPolicyEE, CORPolicyProvider, DllCanUnloadNow, DllRegisterServer, DllUnregisterServer, GetPublisher, GetUnsignedPermissions

PE Resources..................:

Resource type Number of resources
RT_VERSION 1

Resource language Number of resources
ENGLISH US 1
First seen by VirusTotal
2012-09-26 05:32:22 UTC ( 1 month, 2 weeks ago )
Last seen by VirusTotal
2012-11-14 00:14:12 UTC ( 1 minute ago )
File names (max. 25)
CORPOL.DLL
corpol.dll
A0FCF87E00FCDDD844D2006636C815004D57D1AF.dll
User avatar
minibike132
Regular Member
 
Posts: 53
Joined: June 6th, 2007, 11:28 pm
Location: Chicagoland

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 14th, 2012, 3:52 am

Hi minibike132,

I ran the TDSS and the scan completed with nothing found


Please post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Odd popup with .exe (revisited)

Unread postby minibike132 » November 14th, 2012, 9:49 pm

Hi deltalima,

When I click the report button the report comes up. However when I highlight the text it won't allow me to right click to copy it.


EDIT: I missed the part where I have to look for it in C: Here it is.

20:05:39.0140 3328 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:05:39.0578 3328 ============================================================
20:05:39.0578 3328 Current date / time: 2012/11/14 20:05:39.0578
20:05:39.0578 3328 SystemInfo:
20:05:39.0578 3328
20:05:39.0578 3328 OS Version: 5.1.2600 ServicePack: 3.0
20:05:39.0578 3328 Product type: Workstation
20:05:39.0578 3328 ComputerName: TECH132
20:05:39.0578 3328 UserName: Owner
20:05:39.0578 3328 Windows directory: C:\WINDOWS
20:05:39.0578 3328 System windows directory: C:\WINDOWS
20:05:39.0578 3328 Processor architecture: Intel x86
20:05:39.0578 3328 Number of processors: 1
20:05:39.0578 3328 Page size: 0x1000
20:05:39.0578 3328 Boot type: Normal boot
20:05:39.0578 3328 ============================================================
20:05:41.0734 3328 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:05:41.0765 3328 ============================================================
20:05:41.0765 3328 \Device\Harddisk0\DR0:
20:05:41.0765 3328 MBR partitions:
20:05:41.0765 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDAE73D, BlocksNum 0xAC9E843
20:05:41.0765 3328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xDAE6FE
20:05:41.0765 3328 ============================================================
20:05:41.0812 3328 C: <-> \Device\Harddisk0\DR0\Partition1
20:05:41.0812 3328 D: <-> \Device\Harddisk0\DR0\Partition2
20:05:41.0812 3328 ============================================================
20:05:41.0812 3328 Initialize success
20:05:41.0812 3328 ============================================================
20:05:43.0796 3352 ============================================================
20:05:43.0796 3352 Scan started
20:05:43.0796 3352 Mode: Manual;
20:05:43.0796 3352 ============================================================
20:05:46.0093 3352 ================ Scan system memory ========================
20:05:46.0093 3352 System memory - ok
20:05:46.0093 3352 ================ Scan services =============================
20:05:46.0218 3352 Abiosdsk - ok
20:05:46.0234 3352 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:05:46.0312 3352 abp480n5 - ok
20:05:46.0578 3352 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:05:46.0578 3352 ACPI - ok
20:05:46.0609 3352 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:05:46.0625 3352 ACPIEC - ok
20:05:46.0625 3352 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:05:46.0625 3352 adpu160m - ok
20:05:46.0640 3352 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:05:46.0671 3352 aec - ok
20:05:46.0718 3352 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:05:46.0734 3352 AFD - ok
20:05:46.0750 3352 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:05:46.0750 3352 agp440 - ok
20:05:46.0765 3352 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:05:46.0765 3352 agpCPQ - ok
20:05:46.0765 3352 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:05:46.0765 3352 Aha154x - ok
20:05:46.0781 3352 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:05:46.0781 3352 aic78u2 - ok
20:05:46.0796 3352 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:05:46.0796 3352 aic78xx - ok
20:05:46.0843 3352 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:05:46.0843 3352 Alerter - ok
20:05:46.0859 3352 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:05:46.0875 3352 ALG - ok
20:05:46.0875 3352 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:05:46.0921 3352 AliIde - ok
20:05:46.0921 3352 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:05:46.0921 3352 alim1541 - ok
20:05:46.0921 3352 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:05:46.0921 3352 amdagp - ok
20:05:46.0921 3352 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:05:46.0937 3352 amsint - ok
20:05:47.0062 3352 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:05:47.0062 3352 Apple Mobile Device - ok
20:05:47.0078 3352 AppMgmt - ok
20:05:47.0093 3352 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:05:47.0093 3352 Arp1394 - ok
20:05:47.0109 3352 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:05:47.0109 3352 asc - ok
20:05:47.0109 3352 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:05:47.0140 3352 asc3350p - ok
20:05:47.0140 3352 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:05:47.0171 3352 asc3550 - ok
20:05:47.0218 3352 [ 54AB078660E536DA72B21A27F56B035B ] ASPI C:\WINDOWS\System32\DRIVERS\ASPI32.sys
20:05:47.0218 3352 ASPI - ok
20:05:47.0328 3352 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:05:47.0359 3352 aspnet_state - ok
20:05:47.0359 3352 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:05:47.0390 3352 AsyncMac - ok
20:05:47.0421 3352 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:05:47.0421 3352 atapi - ok
20:05:47.0421 3352 Atdisk - ok
20:05:47.0484 3352 [ ED8D753788232B81A7E8EF5D59EC3417 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:05:47.0484 3352 Ati HotKey Poller - ok
20:05:47.0593 3352 [ D81980C64543BA5C39DD2A92DC1D2DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:05:47.0625 3352 ati2mtag - ok
20:05:47.0640 3352 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:05:47.0671 3352 Atmarpc - ok
20:05:47.0703 3352 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:05:47.0703 3352 AudioSrv - ok
20:05:47.0734 3352 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:05:47.0765 3352 audstub - ok
20:05:47.0812 3352 [ 2DC524A5D9C4879E7A7CB7100A2D36B4 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:05:47.0812 3352 b57w2k - ok
20:05:47.0828 3352 BCM42RLY - ok
20:05:47.0843 3352 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:05:47.0843 3352 Beep - ok
20:05:47.0890 3352 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:05:47.0906 3352 BITS - ok
20:05:47.0968 3352 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:05:47.0984 3352 Bonjour Service - ok
20:05:48.0015 3352 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:05:48.0015 3352 Browser - ok
20:05:48.0062 3352 [ 9329D489979CB29BA5E2CFFC1DD28932 ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
20:05:48.0062 3352 CAMCAUD - ok
20:05:48.0125 3352 [ 66FB398D9336FEE6BEA79B68F362B167 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
20:05:48.0140 3352 CAMCHALA - ok
20:05:48.0187 3352 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:05:48.0187 3352 cbidf - ok
20:05:48.0203 3352 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:05:48.0203 3352 cbidf2k - ok
20:05:48.0218 3352 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:05:48.0234 3352 CCDECODE - ok
20:05:48.0250 3352 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:05:48.0250 3352 cd20xrnt - ok
20:05:48.0265 3352 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:05:48.0265 3352 Cdaudio - ok
20:05:48.0265 3352 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:05:48.0265 3352 Cdfs - ok
20:05:48.0281 3352 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:05:48.0281 3352 Cdrom - ok
20:05:48.0281 3352 Changer - ok
20:05:48.0312 3352 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:05:48.0312 3352 CiSvc - ok
20:05:48.0343 3352 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:05:48.0343 3352 ClipSrv - ok
20:05:48.0375 3352 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:48.0406 3352 clr_optimization_v2.0.50727_32 - ok
20:05:48.0437 3352 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:05:48.0437 3352 CmBatt - ok
20:05:48.0437 3352 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:05:48.0437 3352 CmdIde - ok
20:05:48.0468 3352 [ 7A0B457EEFEF8CBAA0CC44C8819113BD ] CoachUsb C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
20:05:48.0484 3352 CoachUsb - ok
20:05:48.0500 3352 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:05:48.0500 3352 Compbatt - ok
20:05:48.0500 3352 COMSysApp - ok
20:05:48.0515 3352 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:05:48.0515 3352 Cpqarray - ok
20:05:48.0546 3352 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:05:48.0546 3352 CryptSvc - ok
20:05:48.0562 3352 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:05:48.0593 3352 dac2w2k - ok
20:05:48.0593 3352 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:05:48.0625 3352 dac960nt - ok
20:05:48.0671 3352 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:05:48.0687 3352 DcomLaunch - ok
20:05:48.0703 3352 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:05:48.0703 3352 Dhcp - ok
20:05:48.0703 3352 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:05:48.0703 3352 Disk - ok
20:05:48.0718 3352 dmadmin - ok
20:05:48.0765 3352 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:05:48.0781 3352 dmboot - ok
20:05:48.0812 3352 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:05:48.0812 3352 dmio - ok
20:05:48.0843 3352 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:05:48.0875 3352 dmload - ok
20:05:48.0906 3352 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:05:48.0906 3352 dmserver - ok
20:05:48.0937 3352 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:05:48.0937 3352 DMusic - ok
20:05:48.0984 3352 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:05:48.0984 3352 Dnscache - ok
20:05:49.0031 3352 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:05:49.0031 3352 Dot3svc - ok
20:05:49.0062 3352 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:05:49.0078 3352 dot4 - ok
20:05:49.0125 3352 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:05:49.0140 3352 Dot4Print - ok
20:05:49.0156 3352 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:05:49.0156 3352 dot4usb - ok
20:05:49.0203 3352 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:05:49.0234 3352 dpti2o - ok
20:05:49.0265 3352 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:05:49.0265 3352 drmkaud - ok
20:05:49.0296 3352 [ 614CA0BFA09861E42AD8D14B83540758 ] DSCVc C:\WINDOWS\system32\DRIVERS\CoachVc.sys
20:05:49.0296 3352 DSCVc - ok
20:05:49.0343 3352 [ A777D095402B31B0AAFE7F19C89FB3A1 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
20:05:49.0343 3352 eamon - ok
20:05:49.0359 3352 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:05:49.0359 3352 EapHost - ok
20:05:49.0390 3352 [ E6DFFB60BDBD91749EAB4D45BC8926A9 ] easdrv C:\WINDOWS\system32\DRIVERS\easdrv.sys
20:05:49.0406 3352 easdrv - ok
20:05:49.0468 3352 [ 44E5CFB428C55BDE550F0648B426FBC0 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
20:05:49.0468 3352 EhttpSrv - ok
20:05:49.0515 3352 [ 49485FA5C3A8A5CE866B281E75E99F24 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
20:05:49.0531 3352 ekrn - ok
20:05:49.0546 3352 [ A0DA5645EAD0656DCD589F7819DD8082 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
20:05:49.0546 3352 epfw - ok
20:05:49.0562 3352 [ 9BFD0C86E3522D1522EC77F862DE555C ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
20:05:49.0609 3352 Epfwndis - ok
20:05:49.0625 3352 [ 0BDED81831115973F7DDD7B532E4CED2 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
20:05:49.0640 3352 epfwtdi - ok
20:05:49.0671 3352 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:05:49.0671 3352 ERSvc - ok
20:05:49.0718 3352 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:05:49.0718 3352 Eventlog - ok
20:05:49.0765 3352 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:05:49.0765 3352 EventSystem - ok
20:05:49.0781 3352 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:05:49.0781 3352 Fastfat - ok
20:05:49.0828 3352 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:05:49.0843 3352 FastUserSwitchingCompatibility - ok
20:05:49.0875 3352 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:05:49.0875 3352 Fdc - ok
20:05:49.0875 3352 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:05:49.0890 3352 Fips - ok
20:05:49.0906 3352 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:05:49.0921 3352 Flpydisk - ok
20:05:50.0609 3352 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:05:50.0625 3352 FltMgr - ok
20:05:50.0703 3352 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:05:50.0703 3352 FontCache3.0.0.0 - ok
20:05:50.0734 3352 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:05:50.0734 3352 Fs_Rec - ok
20:05:50.0765 3352 [ B283F1BC1FF852BD232449A4B3E3CE63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
20:05:50.0781 3352 FTDIBUS - ok
20:05:50.0781 3352 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:05:50.0781 3352 Ftdisk - ok
20:05:50.0796 3352 [ 678A73F56DDF84A08C31123C386E9967 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
20:05:50.0812 3352 FTSER2K - ok
20:05:50.0828 3352 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:05:50.0828 3352 GEARAspiWDM - ok
20:05:50.0906 3352 [ 3EE179E233EE2B87047570B233D3284F ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
20:05:50.0921 3352 getPlusHelper - ok
20:05:50.0937 3352 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:05:50.0937 3352 Gpc - ok
20:05:50.0984 3352 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
20:05:50.0984 3352 GTNDIS5 - ok
20:05:51.0078 3352 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:05:51.0078 3352 gusvc - ok
20:05:51.0125 3352 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:05:51.0125 3352 helpsvc - ok
20:05:51.0140 3352 HidServ - ok
20:05:51.0171 3352 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:05:51.0171 3352 hkmsvc - ok
20:05:51.0203 3352 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:05:51.0234 3352 hpn - ok
20:05:51.0281 3352 [ 140BA850417896B6B3322048DE280368 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:05:51.0281 3352 HSFHWICH - ok
20:05:51.0343 3352 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:05:51.0359 3352 HSF_DP - ok
20:05:51.0406 3352 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:05:51.0421 3352 HTTP - ok
20:05:51.0437 3352 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:05:51.0453 3352 HTTPFilter - ok
20:05:51.0468 3352 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:05:51.0484 3352 i2omgmt - ok
20:05:51.0500 3352 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:05:51.0515 3352 i2omp - ok
20:05:51.0546 3352 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:05:51.0546 3352 i8042prt - ok
20:05:51.0640 3352 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:05:51.0656 3352 idsvc - ok
20:05:51.0687 3352 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:05:51.0687 3352 Imapi - ok
20:05:51.0718 3352 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:05:51.0718 3352 ImapiService - ok
20:05:51.0765 3352 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:05:51.0765 3352 ini910u - ok
20:05:51.0781 3352 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:05:51.0781 3352 IntelIde - ok
20:05:51.0796 3352 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:05:51.0796 3352 intelppm - ok
20:05:51.0812 3352 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:05:51.0859 3352 Ip6Fw - ok
20:05:51.0875 3352 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:05:51.0875 3352 IpFilterDriver - ok
20:05:51.0890 3352 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:05:51.0890 3352 IpInIp - ok
20:05:51.0921 3352 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:05:51.0953 3352 IpNat - ok
20:05:52.0015 3352 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:05:52.0031 3352 iPod Service - ok
20:05:52.0046 3352 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:05:52.0046 3352 IPSec - ok
20:05:52.0062 3352 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:05:52.0093 3352 IRENUM - ok
20:05:52.0109 3352 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:05:52.0109 3352 isapnp - ok
20:05:52.0234 3352 [ 0AB63D5785991F9CB362D82DEFF1DBBA ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:05:52.0234 3352 JavaQuickStarterService - ok
20:05:52.0250 3352 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:05:52.0281 3352 Kbdclass - ok
20:05:52.0312 3352 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:05:52.0312 3352 kmixer - ok
20:05:52.0359 3352 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:05:52.0375 3352 KSecDD - ok
20:05:52.0421 3352 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:05:52.0421 3352 lanmanserver - ok
20:05:52.0468 3352 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:05:52.0468 3352 lanmanworkstation - ok
20:05:52.0468 3352 lbrtfdc - ok
20:05:52.0500 3352 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:05:52.0500 3352 LmHosts - ok
20:05:52.0546 3352 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:05:52.0546 3352 MBAMProtector - ok
20:05:52.0578 3352 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:05:52.0578 3352 MBAMScheduler - ok
20:05:52.0625 3352 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:05:52.0640 3352 MBAMService - ok
20:05:52.0656 3352 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:05:52.0656 3352 mdmxsdk - ok
20:05:52.0687 3352 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:05:52.0687 3352 Messenger - ok
20:05:52.0734 3352 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:05:52.0734 3352 mnmdd - ok
20:05:52.0765 3352 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:05:52.0765 3352 mnmsrvc - ok
20:05:52.0781 3352 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:05:52.0812 3352 Modem - ok
20:05:52.0828 3352 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:05:52.0828 3352 Mouclass - ok
20:05:52.0843 3352 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:05:52.0843 3352 MountMgr - ok
20:05:52.0843 3352 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:05:52.0843 3352 mraid35x - ok
20:05:52.0875 3352 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:05:52.0937 3352 MRxDAV - ok
20:05:52.0968 3352 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:05:52.0984 3352 MRxSmb - ok
20:05:53.0046 3352 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:05:53.0046 3352 MSDTC - ok
20:05:53.0046 3352 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:05:53.0046 3352 Msfs - ok
20:05:53.0062 3352 MSIServer - ok
20:05:53.0078 3352 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:05:53.0078 3352 MSKSSRV - ok
20:05:53.0093 3352 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:05:53.0093 3352 MSPCLOCK - ok
20:05:53.0109 3352 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:05:53.0125 3352 MSPQM - ok
20:05:53.0171 3352 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:05:53.0171 3352 mssmbios - ok
20:05:53.0187 3352 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:05:53.0203 3352 MSTEE - ok
20:05:53.0234 3352 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:05:53.0234 3352 Mup - ok
20:05:53.0265 3352 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
20:05:53.0265 3352 mxnic - ok
20:05:53.0265 3352 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:05:53.0296 3352 NABTSFEC - ok
20:05:53.0343 3352 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:05:53.0359 3352 napagent - ok
20:05:53.0375 3352 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:05:53.0375 3352 NDIS - ok
20:05:53.0390 3352 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:05:53.0390 3352 NdisIP - ok
20:05:53.0453 3352 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:05:53.0453 3352 NdisTapi - ok
20:05:53.0468 3352 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:05:53.0484 3352 Ndisuio - ok
20:05:53.0500 3352 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:05:53.0500 3352 NdisWan - ok
20:05:53.0531 3352 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:05:53.0546 3352 NDProxy - ok
20:05:53.0562 3352 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:05:53.0562 3352 NetBIOS - ok
20:05:53.0578 3352 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:05:53.0609 3352 NetBT - ok
20:05:53.0656 3352 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:05:53.0671 3352 NetDDE - ok
20:05:53.0671 3352 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:05:53.0671 3352 NetDDEdsdm - ok
20:05:53.0703 3352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:05:53.0718 3352 Netlogon - ok
20:05:53.0734 3352 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:05:53.0750 3352 Netman - ok
20:05:53.0796 3352 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:53.0796 3352 NetTcpPortSharing - ok
20:05:53.0812 3352 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:05:53.0828 3352 NIC1394 - ok
20:05:53.0875 3352 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:05:53.0875 3352 Nla - ok
20:05:53.0906 3352 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:05:53.0906 3352 Npfs - ok
20:05:53.0937 3352 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
20:05:53.0953 3352 NSNDIS5 - ok
20:05:54.0000 3352 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:05:54.0015 3352 Ntfs - ok
20:05:54.0015 3352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:05:54.0015 3352 NtLmSsp - ok
20:05:54.0062 3352 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:05:54.0078 3352 NtmsSvc - ok
20:05:54.0125 3352 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:05:54.0125 3352 Null - ok
20:05:54.0203 3352 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:05:54.0250 3352 nv - ok
20:05:54.0281 3352 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:05:54.0281 3352 NwlnkFlt - ok
20:05:54.0296 3352 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:05:54.0296 3352 NwlnkFwd - ok
20:05:54.0328 3352 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:05:54.0328 3352 NwlnkIpx - ok
20:05:54.0343 3352 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:05:54.0343 3352 NwlnkNb - ok
20:05:54.0359 3352 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:05:54.0359 3352 NwlnkSpx - ok
20:05:54.0406 3352 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
20:05:54.0421 3352 NwSapAgent - ok
20:05:54.0453 3352 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:05:54.0453 3352 ohci1394 - ok
20:05:54.0546 3352 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:05:54.0546 3352 ose - ok
20:05:54.0578 3352 [ 8EE5915A40AB1FA206D85B9B6FC622F4 ] P2k C:\WINDOWS\system32\DRIVERS\P2k.sys
20:05:54.0578 3352 P2k - ok
20:05:54.0609 3352 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
20:05:54.0609 3352 P3 - ok
20:05:54.0625 3352 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:05:54.0625 3352 Parport - ok
20:05:54.0640 3352 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:05:54.0640 3352 PartMgr - ok
20:05:54.0687 3352 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:05:54.0687 3352 ParVdm - ok
20:05:54.0703 3352 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:05:54.0734 3352 PCI - ok
20:05:54.0734 3352 PCIDump - ok
20:05:54.0796 3352 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:05:54.0796 3352 PCIIde - ok
20:05:54.0812 3352 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:05:54.0812 3352 Pcmcia - ok
20:05:54.0843 3352 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:05:54.0843 3352 pcouffin - ok
20:05:54.0859 3352 PDCOMP - ok
20:05:54.0859 3352 PDFRAME - ok
20:05:54.0875 3352 PDRELI - ok
20:05:54.0875 3352 PDRFRAME - ok
20:05:54.0890 3352 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:05:54.0890 3352 perc2 - ok
20:05:54.0906 3352 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:05:54.0906 3352 perc2hib - ok
20:05:54.0937 3352 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:05:54.0937 3352 PlugPlay - ok
20:05:54.0953 3352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:05:54.0953 3352 PolicyAgent - ok
20:05:54.0984 3352 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:05:54.0984 3352 PptpMiniport - ok
20:05:55.0031 3352 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
20:05:55.0031 3352 PrismXL - ok
20:05:55.0046 3352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:05:55.0046 3352 ProtectedStorage - ok
20:05:55.0062 3352 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:05:55.0062 3352 PSched - ok
20:05:55.0062 3352 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:05:55.0093 3352 Ptilink - ok
20:05:55.0093 3352 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:05:55.0109 3352 ql1080 - ok
20:05:55.0109 3352 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:05:55.0109 3352 Ql10wnt - ok
20:05:55.0125 3352 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:05:55.0140 3352 ql12160 - ok
20:05:55.0156 3352 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:05:55.0156 3352 ql1240 - ok
20:05:55.0171 3352 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:05:55.0171 3352 ql1280 - ok
20:05:55.0203 3352 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:05:55.0203 3352 RasAcd - ok
20:05:55.0218 3352 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:05:55.0234 3352 RasAuto - ok
20:05:55.0234 3352 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:05:55.0234 3352 Rasl2tp - ok
20:05:55.0281 3352 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:05:55.0281 3352 RasMan - ok
20:05:55.0296 3352 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:05:55.0296 3352 RasPppoe - ok
20:05:55.0296 3352 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:05:55.0328 3352 Raspti - ok
20:05:55.0359 3352 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:05:55.0359 3352 Rdbss - ok
20:05:55.0390 3352 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:05:55.0406 3352 RDPCDD - ok
20:05:55.0437 3352 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:05:55.0437 3352 rdpdr - ok
20:05:55.0484 3352 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:05:55.0515 3352 RDPWD - ok
20:05:55.0562 3352 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:05:55.0562 3352 RDSessMgr - ok
20:05:55.0593 3352 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:05:55.0609 3352 redbook - ok
20:05:55.0656 3352 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:05:55.0656 3352 RemoteAccess - ok
20:05:55.0687 3352 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:05:55.0687 3352 RpcLocator - ok
20:05:55.0718 3352 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:05:55.0718 3352 RpcSs - ok
20:05:55.0765 3352 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:05:55.0781 3352 RSVP - ok
20:05:55.0812 3352 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:05:55.0828 3352 SamSs - ok
20:05:55.0859 3352 [ 30D94039A729571146EB9D736EC1AADD ] SbcpHid C:\WINDOWS\system32\Drivers\SbcpHid.sys
20:05:55.0859 3352 SbcpHid - ok
20:05:55.0875 3352 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:05:55.0875 3352 SCardSvr - ok
20:05:55.0921 3352 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:05:55.0921 3352 Schedule - ok
20:05:55.0937 3352 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:05:56.0015 3352 sdbus - ok
20:05:56.0046 3352 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:05:56.0078 3352 Secdrv - ok
20:05:56.0109 3352 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:05:56.0109 3352 seclogon - ok
20:05:56.0125 3352 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:05:56.0125 3352 SENS - ok
20:05:56.0171 3352 [ B490AD520257DDA26C1D587A71E527B5 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
20:05:56.0171 3352 Ser2pl - ok
20:05:56.0250 3352 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:05:56.0265 3352 Serenum - ok
20:05:56.0281 3352 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:05:56.0281 3352 Serial - ok
20:05:56.0296 3352 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:05:56.0296 3352 Sfloppy - ok
20:05:56.0343 3352 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:05:56.0343 3352 SharedAccess - ok
20:05:56.0359 3352 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:05:56.0375 3352 ShellHWDetection - ok
20:05:56.0375 3352 Simbad - ok
20:05:56.0390 3352 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:05:56.0390 3352 sisagp - ok
20:05:56.0421 3352 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:05:56.0421 3352 SLIP - ok
20:05:56.0453 3352 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:05:56.0453 3352 Sparrow - ok
20:05:56.0484 3352 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:05:56.0484 3352 splitter - ok
20:05:56.0515 3352 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:05:56.0515 3352 Spooler - ok
20:05:56.0531 3352 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:05:56.0531 3352 sr - ok
20:05:56.0562 3352 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:05:56.0562 3352 srservice - ok
20:05:56.0609 3352 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:05:56.0625 3352 Srv - ok
20:05:56.0640 3352 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:05:56.0640 3352 SSDPSRV - ok
20:05:56.0703 3352 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:05:56.0703 3352 stisvc - ok
20:05:56.0734 3352 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:05:56.0734 3352 streamip - ok
20:05:56.0765 3352 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:05:56.0765 3352 swenum - ok
20:05:56.0781 3352 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:05:56.0828 3352 swmidi - ok
20:05:56.0843 3352 SwPrv - ok
20:05:56.0859 3352 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:05:56.0875 3352 symc810 - ok
20:05:56.0890 3352 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:05:56.0890 3352 symc8xx - ok
20:05:56.0890 3352 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:05:56.0890 3352 sym_hi - ok
20:05:56.0906 3352 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:05:56.0906 3352 sym_u3 - ok
20:05:56.0953 3352 [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:05:56.0953 3352 SynTP - ok
20:05:56.0968 3352 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:05:56.0968 3352 sysaudio - ok
20:05:57.0000 3352 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:05:57.0000 3352 SysmonLog - ok
20:05:57.0031 3352 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:05:57.0031 3352 TapiSrv - ok
20:05:57.0093 3352 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:05:57.0093 3352 Tcpip - ok
20:05:57.0125 3352 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:05:57.0125 3352 TDPIPE - ok
20:05:57.0156 3352 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:05:57.0156 3352 TDTCP - ok
20:05:57.0171 3352 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:05:57.0234 3352 TermDD - ok
20:05:57.0281 3352 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:05:57.0296 3352 TermService - ok
20:05:57.0312 3352 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:05:57.0312 3352 Themes - ok
20:05:57.0328 3352 [ 8778A553003A3D37A550A1F9CFF6BE28 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
20:05:57.0359 3352 tifm21 - ok
20:05:57.0421 3352 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:05:57.0437 3352 TosIde - ok
20:05:57.0453 3352 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:05:57.0468 3352 TrkWks - ok
20:05:57.0484 3352 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:05:57.0484 3352 Udfs - ok
20:05:57.0500 3352 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:05:57.0515 3352 ultra - ok
20:05:57.0562 3352 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:05:57.0625 3352 Update - ok
20:05:57.0640 3352 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:05:57.0687 3352 upnphost - ok
20:05:57.0703 3352 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:05:57.0718 3352 UPS - ok
20:05:57.0750 3352 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
20:05:57.0765 3352 USBAAPL - ok
20:05:57.0781 3352 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:05:57.0781 3352 usbehci - ok
20:05:57.0812 3352 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:05:57.0812 3352 usbhub - ok
20:05:57.0828 3352 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:05:57.0843 3352 usbprint - ok
20:05:57.0859 3352 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:05:57.0859 3352 usbscan - ok
20:05:57.0875 3352 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
20:05:57.0906 3352 usbser - ok
20:05:57.0906 3352 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:05:57.0921 3352 USBSTOR - ok
20:05:57.0937 3352 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:05:57.0937 3352 usbuhci - ok
20:05:57.0953 3352 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
20:05:57.0953 3352 USB_RNDIS - ok
20:05:57.0968 3352 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:05:57.0968 3352 VgaSave - ok
20:05:57.0968 3352 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:05:58.0031 3352 viaagp - ok
20:05:58.0031 3352 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:05:58.0031 3352 ViaIde - ok
20:05:58.0046 3352 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:05:58.0046 3352 VolSnap - ok
20:05:58.0078 3352 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:05:58.0125 3352 VSS - ok
20:05:58.0265 3352 [ A22ABD73E0D6BA666CBA4E86EEB001B3 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:05:58.0312 3352 w29n51 - ok
20:05:58.0343 3352 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:05:58.0343 3352 W32Time - ok
20:05:58.0359 3352 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:05:58.0375 3352 Wanarp - ok
20:05:58.0406 3352 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:05:58.0406 3352 wanatw - ok
20:05:58.0421 3352 WDICA - ok
20:05:58.0437 3352 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:05:58.0437 3352 wdmaud - ok
20:05:58.0468 3352 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:05:58.0468 3352 WebClient - ok
20:05:58.0531 3352 [ 2DC7C0B6175A0A8ED84A4F70199C93B5 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:05:58.0546 3352 winachsf - ok
20:05:58.0640 3352 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:05:58.0640 3352 winmgmt - ok
20:05:58.0718 3352 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:05:58.0718 3352 WmdmPmSN - ok
20:05:58.0750 3352 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:05:58.0750 3352 WmiApSrv - ok
20:05:58.0843 3352 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:05:58.0875 3352 WMPNetworkSvc - ok
20:05:58.0890 3352 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:05:58.0890 3352 WpdUsb - ok
20:05:58.0937 3352 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:05:58.0937 3352 wscsvc - ok
20:05:58.0953 3352 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:05:58.0968 3352 WSTCODEC - ok
20:05:58.0984 3352 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:05:58.0984 3352 wuauserv - ok
20:05:59.0031 3352 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:05:59.0031 3352 WudfPf - ok
20:05:59.0062 3352 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:05:59.0062 3352 WudfSvc - ok
20:05:59.0109 3352 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:05:59.0125 3352 WZCSVC - ok
20:05:59.0140 3352 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:05:59.0140 3352 xmlprov - ok
20:05:59.0156 3352 ================ Scan global ===============================
20:05:59.0218 3352 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:05:59.0265 3352 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:05:59.0281 3352 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:05:59.0296 3352 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:05:59.0312 3352 [Global] - ok
20:05:59.0312 3352 ================ Scan MBR ==================================
20:05:59.0328 3352 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
20:05:59.0515 3352 \Device\Harddisk0\DR0 - ok
20:05:59.0515 3352 ================ Scan VBR ==================================
20:05:59.0515 3352 [ 8EE0E8F64BE21ACF89BC2A9288FD9E64 ] \Device\Harddisk0\DR0\Partition1
20:05:59.0515 3352 \Device\Harddisk0\DR0\Partition1 - ok
20:05:59.0531 3352 [ 2D746DCF9CD699CAF453C5D16ECC0FF8 ] \Device\Harddisk0\DR0\Partition2
20:05:59.0531 3352 \Device\Harddisk0\DR0\Partition2 - ok
20:05:59.0531 3352 ============================================================
20:05:59.0531 3352 Scan finished
20:05:59.0531 3352 ============================================================
20:05:59.0546 0712 Detected object count: 0
20:05:59.0546 0712 Actual detected object count: 0
20:06:38.0656 2676 Deinitialize success
User avatar
minibike132
Regular Member
 
Posts: 53
Joined: June 6th, 2007, 11:28 pm
Location: Chicagoland

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 15th, 2012, 4:35 am

Hi minibike132,

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Odd popup with .exe (revisited)

Unread postby deltalima » November 18th, 2012, 6:49 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware