sjd

Google searches are redirecting to Yahoo developers site

7 posts in this topic

Also google mail is had lost the labels from the on screen button, buttons function correctly but display is bare. Ran a malware bytes Pro quick scan, nothing detected. Ran dds.scr and here are the 2 logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Valued Customer at 11:08:16 on 2012-04-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.226 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJA.EXE

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Documents and Settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\docume~1\valued~1\locals~1\temp\E_S12.tmp" /EF "HKCU"

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\valued~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\valued customer\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\68syx7ol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22344]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2012-04-09 13:43:49 -------- d-----w- c:\program files\iPod

2012-04-09 13:43:22 -------- d-----w- c:\program files\iTunes

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-18 23:48:35 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 23:48:35 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-12 10:46:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 11:08:33.71 ===============

dds.txt

attach.txt

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

Thanks for the help.

I ran tdss and the scan found nothing. Here's the log.

18:58:56.0921 4080 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

18:58:57.0218 4080 ============================================================

18:58:57.0218 4080 Current date / time: 2012/04/06 18:58:57.0218

18:58:57.0218 4080 SystemInfo:

18:58:57.0218 4080

18:58:57.0218 4080 OS Version: 5.1.2600 ServicePack: 3.0

18:58:57.0218 4080 Product type: Workstation

18:58:57.0218 4080 ComputerName: SUEDELLGX280

18:58:57.0218 4080 UserName: Valued Customer

18:58:57.0218 4080 Windows directory: C:\WINDOWS

18:58:57.0218 4080 System windows directory: C:\WINDOWS

18:58:57.0218 4080 Processor architecture: Intel x86

18:58:57.0218 4080 Number of processors: 2

18:58:57.0218 4080 Page size: 0x1000

18:58:57.0218 4080 Boot type: Normal boot

18:58:57.0218 4080 ============================================================

18:58:59.0703 4080 Drive \Device\Harddisk0\DR0 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:58:59.0703 4080 ============================================================

18:58:59.0703 4080 \Device\Harddisk0\DR0:

18:58:59.0703 4080 MBR partitions:

18:58:59.0703 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86

18:58:59.0703 4080 ============================================================

18:58:59.0734 4080 C: <-> \Device\Harddisk0\DR0\Partition0

18:58:59.0750 4080 ============================================================

18:58:59.0750 4080 Initialize success

18:58:59.0750 4080 ============================================================

18:59:20.0421 3520 ============================================================

18:59:20.0421 3520 Scan started

18:59:20.0421 3520 Mode: Manual;

18:59:20.0421 3520 ============================================================

18:59:20.0609 3520 Abiosdsk - ok

18:59:20.0609 3520 abp480n5 - ok

18:59:20.0671 3520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:59:20.0687 3520 ACPI - ok

18:59:20.0718 3520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:59:20.0718 3520 ACPIEC - ok

18:59:20.0718 3520 adpu160m - ok

18:59:20.0765 3520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:59:20.0765 3520 aec - ok

18:59:20.0828 3520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:59:20.0828 3520 AFD - ok

18:59:20.0828 3520 Aha154x - ok

18:59:20.0843 3520 aic78u2 - ok

18:59:20.0843 3520 aic78xx - ok

18:59:20.0890 3520 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:59:20.0890 3520 Alerter - ok

18:59:20.0906 3520 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:59:20.0921 3520 ALG - ok

18:59:20.0921 3520 AliIde - ok

18:59:20.0937 3520 amsint - ok

18:59:21.0078 3520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:59:21.0078 3520 Apple Mobile Device - ok

18:59:21.0125 3520 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

18:59:21.0140 3520 AppMgmt - ok

18:59:21.0156 3520 asc - ok

18:59:21.0156 3520 asc3350p - ok

18:59:21.0171 3520 asc3550 - ok

18:59:21.0296 3520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:59:21.0343 3520 aspnet_state - ok

18:59:21.0375 3520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:59:21.0375 3520 AsyncMac - ok

18:59:21.0390 3520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:59:21.0390 3520 atapi - ok

18:59:21.0406 3520 Atdisk - ok

18:59:21.0437 3520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:59:21.0484 3520 Atmarpc - ok

18:59:21.0531 3520 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:59:21.0531 3520 AudioSrv - ok

18:59:21.0562 3520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:59:21.0562 3520 audstub - ok

18:59:21.0625 3520 b57w2k (ea377a8e8e1000877210259750cbbf5f) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

18:59:21.0640 3520 b57w2k - ok

18:59:21.0687 3520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:59:21.0687 3520 Beep - ok

18:59:21.0734 3520 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:59:21.0937 3520 BITS - ok

18:59:22.0031 3520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

18:59:22.0046 3520 Bonjour Service - ok

18:59:22.0093 3520 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:59:22.0109 3520 Browser - ok

18:59:22.0140 3520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:59:22.0140 3520 cbidf2k - ok

18:59:22.0156 3520 cd20xrnt - ok

18:59:22.0187 3520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:59:22.0187 3520 Cdaudio - ok

18:59:22.0203 3520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:59:22.0218 3520 Cdfs - ok

18:59:22.0265 3520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:59:22.0265 3520 Cdrom - ok

18:59:22.0312 3520 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

18:59:22.0312 3520 cercsr6 - ok

18:59:22.0312 3520 Changer - ok

18:59:22.0359 3520 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:59:22.0359 3520 CiSvc - ok

18:59:22.0359 3520 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:59:22.0359 3520 ClipSrv - ok

18:59:22.0453 3520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:59:22.0484 3520 clr_optimization_v2.0.50727_32 - ok

18:59:22.0484 3520 CmdIde - ok

18:59:22.0500 3520 COMSysApp - ok

18:59:22.0515 3520 Cpqarray - ok

18:59:22.0562 3520 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:59:22.0562 3520 CryptSvc - ok

18:59:22.0578 3520 dac2w2k - ok

18:59:22.0578 3520 dac960nt - ok

18:59:22.0640 3520 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:59:22.0687 3520 DcomLaunch - ok

18:59:22.0734 3520 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:59:22.0750 3520 Dhcp - ok

18:59:22.0765 3520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:59:22.0781 3520 Disk - ok

18:59:22.0781 3520 dmadmin - ok

18:59:22.0859 3520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:59:22.0906 3520 dmboot - ok

18:59:22.0937 3520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:59:22.0953 3520 dmio - ok

18:59:22.0984 3520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:59:22.0984 3520 dmload - ok

18:59:23.0109 3520 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:59:23.0125 3520 dmserver - ok

18:59:23.0125 3520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:59:23.0140 3520 DMusic - ok

18:59:23.0187 3520 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:59:23.0203 3520 Dnscache - ok

18:59:23.0250 3520 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:59:23.0281 3520 Dot3svc - ok

18:59:23.0296 3520 dpti2o - ok

18:59:23.0328 3520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:59:23.0328 3520 drmkaud - ok

18:59:23.0375 3520 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:59:23.0375 3520 EapHost - ok

18:59:23.0500 3520 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

18:59:23.0515 3520 EpsonBidirectionalService - ok

18:59:23.0562 3520 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:59:23.0562 3520 ERSvc - ok

18:59:23.0609 3520 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:59:23.0625 3520 Eventlog - ok

18:59:23.0687 3520 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:59:23.0718 3520 EventSystem - ok

18:59:23.0734 3520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:59:23.0750 3520 Fastfat - ok

18:59:23.0796 3520 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:59:23.0812 3520 FastUserSwitchingCompatibility - ok

18:59:23.0859 3520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:59:23.0859 3520 Fdc - ok

18:59:23.0875 3520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:59:23.0875 3520 Fips - ok

18:59:23.0953 3520 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:59:23.0984 3520 FLEXnet Licensing Service - ok

18:59:24.0000 3520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:59:24.0000 3520 Flpydisk - ok

18:59:24.0046 3520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:59:24.0062 3520 FltMgr - ok

18:59:24.0156 3520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:59:24.0171 3520 FontCache3.0.0.0 - ok

18:59:24.0203 3520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:59:24.0203 3520 Fs_Rec - ok

18:59:24.0250 3520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:59:24.0265 3520 Ftdisk - ok

18:59:24.0281 3520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:59:24.0296 3520 GEARAspiWDM - ok

18:59:24.0343 3520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:59:24.0343 3520 Gpc - ok

18:59:24.0406 3520 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:59:24.0421 3520 gusvc - ok

18:59:24.0546 3520 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:59:24.0546 3520 helpsvc - ok

18:59:24.0546 3520 HidServ - ok

18:59:24.0593 3520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:59:24.0593 3520 hidusb - ok

18:59:24.0640 3520 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:59:24.0656 3520 hkmsvc - ok

18:59:24.0656 3520 hpn - ok

18:59:24.0703 3520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:59:24.0718 3520 HTTP - ok

18:59:24.0750 3520 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:59:24.0796 3520 HTTPFilter - ok

18:59:24.0796 3520 i2omgmt - ok

18:59:24.0796 3520 i2omp - ok

18:59:24.0828 3520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

18:59:24.0828 3520 i8042prt - ok

18:59:25.0234 3520 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:59:25.0453 3520 ialm - ok

18:59:25.0687 3520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:59:25.0765 3520 idsvc - ok

18:59:25.0875 3520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:59:25.0875 3520 Imapi - ok

18:59:25.0937 3520 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:59:25.0953 3520 ImapiService - ok

18:59:25.0968 3520 ini910u - ok

18:59:26.0015 3520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:59:26.0015 3520 IntelIde - ok

18:59:26.0062 3520 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:59:26.0062 3520 intelppm - ok

18:59:26.0093 3520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:59:26.0093 3520 Ip6Fw - ok

18:59:26.0140 3520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:59:26.0140 3520 IpFilterDriver - ok

18:59:26.0171 3520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:59:26.0171 3520 IpInIp - ok

18:59:26.0203 3520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:59:26.0203 3520 IpNat - ok

18:59:26.0328 3520 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

18:59:26.0375 3520 iPod Service - ok

18:59:26.0390 3520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:59:26.0390 3520 IPSec - ok

18:59:26.0421 3520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:59:26.0421 3520 IRENUM - ok

18:59:26.0453 3520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:59:26.0468 3520 isapnp - ok

18:59:26.0468 3520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:59:26.0468 3520 Kbdclass - ok

18:59:26.0484 3520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:59:26.0484 3520 kbdhid - ok

18:59:26.0546 3520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:59:26.0562 3520 kmixer - ok

18:59:26.0593 3520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:59:26.0609 3520 KSecDD - ok

18:59:26.0656 3520 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:59:26.0671 3520 lanmanserver - ok

18:59:26.0687 3520 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:59:26.0703 3520 lanmanworkstation - ok

18:59:26.0703 3520 lbrtfdc - ok

18:59:26.0765 3520 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:59:26.0765 3520 LmHosts - ok

18:59:26.0796 3520 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

18:59:26.0796 3520 MBAMProtector - ok

18:59:26.0937 3520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:59:26.0968 3520 MBAMService - ok

18:59:27.0031 3520 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:59:27.0031 3520 Messenger - ok

18:59:27.0078 3520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:59:27.0078 3520 mnmdd - ok

18:59:27.0125 3520 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:59:27.0140 3520 mnmsrvc - ok

18:59:27.0171 3520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:59:27.0171 3520 Modem - ok

18:59:27.0218 3520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:59:27.0218 3520 Mouclass - ok

18:59:27.0234 3520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:59:27.0234 3520 mouhid - ok

18:59:27.0281 3520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:59:27.0296 3520 MountMgr - ok

18:59:27.0296 3520 mraid35x - ok

18:59:27.0343 3520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:59:27.0359 3520 MRxDAV - ok

18:59:27.0421 3520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:59:27.0500 3520 MRxSmb - ok

18:59:27.0546 3520 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:59:27.0546 3520 MSDTC - ok

18:59:27.0578 3520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:59:27.0578 3520 Msfs - ok

18:59:27.0578 3520 MSIServer - ok

18:59:27.0609 3520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:59:27.0609 3520 MSKSSRV - ok

18:59:27.0640 3520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:59:27.0640 3520 MSPCLOCK - ok

18:59:27.0640 3520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:59:27.0640 3520 MSPQM - ok

18:59:27.0687 3520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:59:27.0687 3520 mssmbios - ok

18:59:27.0750 3520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:59:27.0750 3520 Mup - ok

18:59:27.0812 3520 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:59:27.0828 3520 napagent - ok

18:59:27.0875 3520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:59:27.0890 3520 NDIS - ok

18:59:27.0937 3520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:59:27.0937 3520 NdisTapi - ok

18:59:27.0984 3520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:59:27.0984 3520 Ndisuio - ok

18:59:28.0000 3520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:59:28.0000 3520 NdisWan - ok

18:59:28.0062 3520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:59:28.0062 3520 NDProxy - ok

18:59:28.0093 3520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:59:28.0093 3520 NetBIOS - ok

18:59:28.0156 3520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:59:28.0171 3520 NetBT - ok

18:59:28.0250 3520 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:59:28.0281 3520 NetDDE - ok

18:59:28.0296 3520 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:59:28.0296 3520 NetDDEdsdm - ok

18:59:28.0359 3520 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:59:28.0359 3520 Netlogon - ok

18:59:28.0406 3520 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:59:28.0421 3520 Netman - ok

18:59:28.0562 3520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:59:28.0593 3520 NetTcpPortSharing - ok

18:59:28.0687 3520 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:59:28.0687 3520 Nla - ok

18:59:28.0734 3520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:59:28.0734 3520 Npfs - ok

18:59:28.0812 3520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:59:28.0843 3520 Ntfs - ok

18:59:28.0843 3520 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:59:28.0843 3520 NtLmSsp - ok

18:59:28.0906 3520 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:59:28.0937 3520 NtmsSvc - ok

18:59:28.0968 3520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:59:28.0968 3520 Null - ok

18:59:29.0015 3520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:59:29.0015 3520 NwlnkFlt - ok

18:59:29.0046 3520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:59:29.0046 3520 NwlnkFwd - ok

18:59:29.0203 3520 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:59:29.0234 3520 odserv - ok

18:59:29.0296 3520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:59:29.0312 3520 ose - ok

18:59:29.0390 3520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:59:29.0406 3520 Parport - ok

18:59:29.0421 3520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:59:29.0421 3520 PartMgr - ok

18:59:29.0453 3520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:59:29.0453 3520 ParVdm - ok

18:59:29.0468 3520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:59:29.0484 3520 PCI - ok

18:59:29.0484 3520 PCIDump - ok

18:59:29.0546 3520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

18:59:29.0546 3520 PCIIde - ok

18:59:29.0578 3520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:59:29.0593 3520 Pcmcia - ok

18:59:29.0593 3520 PDCOMP - ok

18:59:29.0593 3520 PDFRAME - ok

18:59:29.0609 3520 PDRELI - ok

18:59:29.0609 3520 PDRFRAME - ok

18:59:29.0625 3520 perc2 - ok

18:59:29.0625 3520 perc2hib - ok

18:59:29.0703 3520 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:59:29.0703 3520 PlugPlay - ok

18:59:29.0750 3520 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:59:29.0750 3520 PolicyAgent - ok

18:59:29.0750 3520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:59:29.0765 3520 PptpMiniport - ok

18:59:29.0765 3520 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:59:29.0765 3520 ProtectedStorage - ok

18:59:29.0781 3520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:59:29.0796 3520 PSched - ok

18:59:29.0843 3520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:59:29.0843 3520 Ptilink - ok

18:59:29.0843 3520 ql1080 - ok

18:59:29.0859 3520 Ql10wnt - ok

18:59:29.0859 3520 ql12160 - ok

18:59:29.0875 3520 ql1240 - ok

18:59:29.0875 3520 ql1280 - ok

18:59:29.0890 3520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:59:29.0890 3520 RasAcd - ok

18:59:29.0953 3520 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:59:29.0953 3520 RasAuto - ok

18:59:29.0968 3520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:59:29.0968 3520 Rasl2tp - ok

18:59:30.0031 3520 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:59:30.0046 3520 RasMan - ok

18:59:30.0078 3520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:59:30.0093 3520 RasPppoe - ok

18:59:30.0140 3520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:59:30.0140 3520 Raspti - ok

18:59:30.0203 3520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:59:30.0203 3520 Rdbss - ok

18:59:30.0265 3520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:59:30.0265 3520 RDPCDD - ok

18:59:30.0328 3520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:59:30.0343 3520 rdpdr - ok

18:59:30.0390 3520 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:59:30.0390 3520 RDPWD - ok

18:59:30.0437 3520 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:59:30.0453 3520 RDSessMgr - ok

18:59:30.0468 3520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:59:30.0484 3520 redbook - ok

18:59:30.0531 3520 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:59:30.0531 3520 RemoteAccess - ok

18:59:30.0593 3520 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

18:59:30.0609 3520 RemoteRegistry - ok

18:59:30.0656 3520 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:59:30.0656 3520 RpcLocator - ok

18:59:30.0734 3520 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:59:30.0734 3520 RpcSs - ok

18:59:30.0796 3520 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:59:30.0812 3520 RSVP - ok

18:59:30.0843 3520 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:59:30.0859 3520 SamSs - ok

18:59:30.0906 3520 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:59:30.0906 3520 SCardSvr - ok

18:59:30.0968 3520 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:59:30.0984 3520 Schedule - ok

18:59:31.0062 3520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:59:31.0093 3520 Secdrv - ok

18:59:31.0187 3520 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:59:31.0187 3520 seclogon - ok

18:59:31.0281 3520 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

18:59:31.0343 3520 senfilt - ok

18:59:31.0359 3520 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:59:31.0359 3520 SENS - ok

18:59:31.0375 3520 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:59:31.0375 3520 serenum - ok

18:59:31.0437 3520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:59:31.0453 3520 Serial - ok

18:59:31.0468 3520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:59:31.0468 3520 Sfloppy - ok

18:59:31.0531 3520 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:59:31.0546 3520 SharedAccess - ok

18:59:31.0609 3520 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:59:31.0609 3520 ShellHWDetection - ok

18:59:31.0609 3520 Simbad - ok

18:59:31.0671 3520 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

18:59:31.0687 3520 smwdm - ok

18:59:31.0703 3520 Sparrow - ok

18:59:31.0750 3520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:59:31.0750 3520 splitter - ok

18:59:31.0796 3520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:59:31.0796 3520 Spooler - ok

18:59:31.0843 3520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:59:31.0859 3520 sr - ok

18:59:31.0921 3520 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:59:31.0937 3520 srservice - ok

18:59:31.0984 3520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:59:32.0015 3520 Srv - ok

18:59:32.0062 3520 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:59:32.0062 3520 SSDPSRV - ok

18:59:32.0125 3520 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:59:32.0156 3520 stisvc - ok

18:59:32.0171 3520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:59:32.0171 3520 swenum - ok

18:59:32.0218 3520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:59:32.0234 3520 swmidi - ok

18:59:32.0234 3520 SwPrv - ok

18:59:32.0250 3520 symc810 - ok

18:59:32.0250 3520 symc8xx - ok

18:59:32.0265 3520 sym_hi - ok

18:59:32.0265 3520 sym_u3 - ok

18:59:32.0281 3520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:59:32.0281 3520 sysaudio - ok

18:59:32.0328 3520 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:59:32.0328 3520 SysmonLog - ok

18:59:32.0390 3520 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:59:32.0406 3520 TapiSrv - ok

18:59:32.0468 3520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:59:32.0500 3520 Tcpip - ok

18:59:32.0531 3520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:59:32.0531 3520 TDPIPE - ok

18:59:32.0531 3520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:59:32.0531 3520 TDTCP - ok

18:59:32.0562 3520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:59:32.0562 3520 TermDD - ok

18:59:32.0625 3520 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:59:32.0640 3520 TermService - ok

18:59:32.0703 3520 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:59:32.0703 3520 Themes - ok

18:59:32.0750 3520 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

18:59:32.0750 3520 TlntSvr - ok

18:59:32.0765 3520 TosIde - ok

18:59:32.0828 3520 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:59:32.0828 3520 TrkWks - ok

18:59:32.0859 3520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:59:32.0859 3520 Udfs - ok

18:59:32.0875 3520 ultra - ok

18:59:32.0937 3520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:59:33.0000 3520 Update - ok

18:59:33.0062 3520 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:59:33.0109 3520 upnphost - ok

18:59:33.0156 3520 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:59:33.0171 3520 UPS - ok

18:59:33.0203 3520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:59:33.0218 3520 USBAAPL - ok

18:59:33.0250 3520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:59:33.0265 3520 usbehci - ok

18:59:33.0328 3520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:59:33.0328 3520 usbhub - ok

18:59:33.0375 3520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:59:33.0375 3520 usbscan - ok

18:59:33.0406 3520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:59:33.0406 3520 USBSTOR - ok

18:59:33.0453 3520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:59:33.0453 3520 usbuhci - ok

18:59:33.0468 3520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:59:33.0468 3520 VgaSave - ok

18:59:33.0468 3520 ViaIde - ok

18:59:33.0484 3520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:59:33.0500 3520 VolSnap - ok

18:59:33.0562 3520 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:59:33.0578 3520 VSS - ok

18:59:33.0625 3520 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:59:33.0640 3520 W32Time - ok

18:59:33.0687 3520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:59:33.0703 3520 Wanarp - ok

18:59:33.0734 3520 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

18:59:33.0734 3520 WDC_SAM - ok

18:59:33.0750 3520 WDICA - ok

18:59:33.0765 3520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:59:33.0765 3520 wdmaud - ok

18:59:33.0828 3520 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:59:33.0828 3520 WebClient - ok

18:59:33.0921 3520 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:59:33.0968 3520 winmgmt - ok

18:59:34.0031 3520 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

18:59:34.0046 3520 WmdmPmSN - ok

18:59:34.0125 3520 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

18:59:34.0156 3520 Wmi - ok

18:59:34.0218 3520 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:59:34.0218 3520 WmiApSrv - ok

18:59:34.0281 3520 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

18:59:34.0281 3520 wscsvc - ok

18:59:34.0296 3520 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:59:34.0328 3520 wuauserv - ok

18:59:34.0437 3520 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:59:34.0500 3520 WZCSVC - ok

18:59:34.0531 3520 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:59:34.0546 3520 xmlprov - ok

18:59:34.0562 3520 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:59:34.0750 3520 \Device\Harddisk0\DR0 - ok

18:59:34.0750 3520 Boot (0x1200) (6424ff92796dc7b5135e0a1fa9574d67) \Device\Harddisk0\DR0\Partition0

18:59:34.0750 3520 \Device\Harddisk0\DR0\Partition0 - ok

18:59:34.0750 3520 ============================================================

18:59:34.0750 3520 Scan finished

18:59:34.0750 3520 ============================================================

18:59:34.0765 3280 Detected object count: 0

18:59:34.0765 3280 Actual detected object count: 0

19:00:04.0593 0592 Deinitialize success

Share this post


Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

Ok, done. Here is the combo-fix log:

ComboFix 12-05-08.01 - Valued Customer 04/07/2012 8:13.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.133 [GMT -4:00]

Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\dllcache\dlimport.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-16 16:01 . 2012-04-16 16:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2012-04-11 15:42 . 2012-04-11 15:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-09 13:43 . 2012-04-09 13:43 -------- d-----w- c:\program files\iPod

2012-04-09 13:43 . 2012-04-09 13:44 -------- d-----w- c:\program files\iTunes

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-18 23:48 . 2012-03-18 23:48 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 23:48 . 2012-03-18 23:48 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2011-07-26 17:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 11:01 . 2006-03-03 22:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 05:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 05:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-04 05:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-12 10:46 . 2011-07-27 03:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06 . 2012-02-20 16:57 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2011-01-06 20:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-18 23:48 . 2011-07-26 17:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\documents and settings\Valued Customer\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Valued Customer\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Valued Customer\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 1:24 PM 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2011 1:23 PM 22344]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 99592903

*Deregistered* - 99592903

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\documents and settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\68syx7ol.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-07 08:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-04-07 08:28:14

ComboFix-quarantined-files.txt 2012-04-07 12:28

.

Pre-Run: 7,514,894,336 bytes free

Post-Run: 9,937,002,496 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 3A75D3E951155F715CCC8AF52D2E2A18

Share this post


Link to post
Share on other sites

Are you still experiencing redirects at this point?

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.