Jump to content


Photo
- - - - -

Browser Hijack and probable trojan

Started by grey hair, Mar 20 2012 08:02 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 20 March 2012 - 08:02 PM

Hi guys,
I appear to have a nasty little problem. Have run malwayebytes quick scan plus AVG 2012. Nothing seems to remove it. AVG keeps going off like a frog in a sock every 10 minutes when it finds another threat. Then, everytime I go on internet with Firefox sometimes it will go to right page, most times it wont and random extra tag pages start to open up for shopping sites. Any help would be greatly appreciated. Thanks. Logs attached.

dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Owner at 10:26:22 on 2012-03-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.599 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [Greenshot] c:\program files\greenshot\Greenshot.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nuance PDF Reader-reminder] "c:\program files\nuance\pdf reader\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf reader\ereg\Ereg.ini"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
LSP: mswsock.dll
Trusted Zone: iinet.net.au\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aussieshort.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{771ED046-B0D8-4D60-924C-023E337AB576} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{E1477D81-BC16-4761-A523-3A4FE3C6131C} : DhcpNameServer = 10.1.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-11-24 222976]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S2 mferkdk;FlexBios;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-21 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-20 22:25:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-20 21:54:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-20 14:25:16 -------- d-----w- c:\program files\Microsoft Research
2012-03-17 03:44:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 03:44:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-06 11:03:21 -------- d-----w- c:\documents and settings\owner\application data\YCanPDF
2012-03-06 11:03:16 -------- d-----w- C:\tmp
2012-03-06 11:03:16 -------- d-----w- C:\output
2012-03-06 03:02:39 -------- d-----w- c:\documents and settings\owner\application data\Iona Photo-Book Publisher
2012-03-04 05:42:22 -------- d-----w- c:\documents and settings\owner\application data\calibre
2012-03-04 05:41:12 -------- d-----w- c:\program files\Calibre2
2012-02-29 04:44:57 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 04:44:57 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-28 14:03:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 05:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:34:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-18 04:58:39 737280 ----a-w- c:\windows\iun6002.exe
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:27:28.78 ===============

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/09/2006 10:51:27 AM
System Uptime: 21/03/2012 10:09:26 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2218/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 47.65 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 714.774 GiB free.
G: is FIXED (NTFS) - 75 GiB total, 13.274 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP145: 22/12/2011 10:50:40 AM - System Checkpoint
RP146: 23/12/2011 11:39:35 AM - System Checkpoint
RP147: 24/12/2011 12:25:47 PM - System Checkpoint
RP148: 26/12/2011 1:22:48 PM - System Checkpoint
RP149: 27/12/2011 2:12:31 PM - System Checkpoint
RP150: 28/12/2011 3:26:20 PM - System Checkpoint
RP151: 29/12/2011 4:34:26 PM - System Checkpoint
RP152: 30/12/2011 4:50:52 PM - System Checkpoint
RP153: 31/12/2011 5:37:05 PM - System Checkpoint
RP154: 1/01/2012 6:19:20 PM - System Checkpoint
RP155: 2/01/2012 6:30:44 PM - System Checkpoint
RP156: 3/01/2012 6:31:12 PM - System Checkpoint
RP157: 3/01/2012 9:02:35 AM - System Checkpoint
RP158: 4/01/2012 10:00:09 AM - System Checkpoint
RP159: 4/01/2012 2:14:34 PM - Software Distribution Service 3.0
RP160: 5/01/2012 3:28:17 PM - System Checkpoint
RP161: 7/01/2012 9:57:18 AM - System Checkpoint
RP162: 8/01/2012 3:40:41 PM - System Checkpoint
RP163: 9/01/2012 9:08:55 PM - System Checkpoint
RP164: 10/01/2012 9:21:05 PM - System Checkpoint
RP165: 11/01/2012 3:45:50 PM - Software Distribution Service 3.0
RP166: 12/01/2012 4:43:26 PM - System Checkpoint
RP167: 13/01/2012 5:26:13 PM - System Checkpoint
RP168: 14/01/2012 6:17:28 PM - System Checkpoint
RP169: 15/01/2012 6:25:49 PM - System Checkpoint
RP170: 16/01/2012 6:33:22 PM - System Checkpoint
RP171: 17/01/2012 6:34:38 PM - System Checkpoint
RP172: 18/01/2012 6:58:07 PM - System Checkpoint
RP173: 19/01/2012 12:09:12 PM - Software Distribution Service 3.0
RP174: 19/01/2012 12:38:01 PM - Installed Windows Internet Explorer 8.
RP175: 20/01/2012 1:07:34 PM - System Checkpoint
RP176: 21/01/2012 2:03:58 PM - System Checkpoint
RP177: 22/01/2012 4:13:46 PM - System Checkpoint
RP178: 23/01/2012 5:57:30 PM - System Checkpoint
RP179: 24/01/2012 6:30:54 PM - System Checkpoint
RP180: 25/01/2012 4:42:59 PM - Software Distribution Service 3.0
RP181: 26/01/2012 9:26:37 PM - System Checkpoint
RP182: 27/01/2012 10:15:51 PM - System Checkpoint
RP183: 28/01/2012 10:49:48 PM - System Checkpoint
RP184: 30/01/2012 10:10:08 AM - System Checkpoint
RP185: 31/01/2012 10:49:33 AM - System Checkpoint
RP186: 1/02/2012 11:13:55 AM - System Checkpoint
RP187: 2/02/2012 7:15:30 PM - System Checkpoint
RP188: 3/02/2012 9:06:34 PM - System Checkpoint
RP189: 4/02/2012 9:26:49 PM - System Checkpoint
RP190: 5/02/2012 10:13:10 PM - System Checkpoint
RP191: 6/02/2012 10:34:46 PM - System Checkpoint
RP192: 8/02/2012 7:54:25 AM - System Checkpoint
RP193: 9/02/2012 9:15:39 AM - System Checkpoint
RP194: 27/02/2012 3:32:45 PM - Removed Java™ 6 Update 27
RP195: 27/02/2012 3:33:40 PM - Installed Java™ 6 Update 31
RP196: 28/02/2012 3:44:01 PM - System Checkpoint
RP197: 29/02/2012 2:47:54 PM - Software Distribution Service 3.0
RP198: 1/03/2012 3:15:20 PM - System Checkpoint
RP199: 2/03/2012 3:28:45 PM - System Checkpoint
RP200: 3/03/2012 4:15:15 PM - System Checkpoint
RP201: 4/03/2012 3:41:07 PM - Installed calibre
RP202: 5/03/2012 5:42:05 PM - System Checkpoint
RP203: 6/03/2012 6:03:50 PM - System Checkpoint
RP204: 7/03/2012 6:55:16 PM - System Checkpoint
RP205: 8/03/2012 7:04:46 PM - System Checkpoint
RP206: 9/03/2012 7:55:24 PM - System Checkpoint
RP207: 10/03/2012 8:08:55 PM - System Checkpoint
RP208: 11/03/2012 8:31:07 PM - System Checkpoint
RP209: 12/03/2012 9:14:46 PM - System Checkpoint
RP210: 13/03/2012 4:00:49 PM - Software Distribution Service 3.0
RP211: 14/03/2012 5:52:45 PM - System Checkpoint
RP212: 15/03/2012 8:35:30 AM - Software Distribution Service 3.0
RP213: 16/03/2012 9:39:11 AM - System Checkpoint
RP214: 17/03/2012 9:58:16 AM - System Checkpoint
RP215: 18/03/2012 10:27:43 AM - System Checkpoint
RP216: 19/03/2012 10:32:24 AM - System Checkpoint
RP217: 20/03/2012 11:27:54 AM - System Checkpoint
RP218: 20/03/2012 11:12:42 PM - Software Distribution Service 3.0
RP219: 21/03/2012 12:25:15 AM - Installed Microsoft Image Composite Editor
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player
Alvin Phang's Atomic Blogging Keyword Research Tool v2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Article Assistant
Ashampoo Burning Studio Elements 10.0.9
ASUSUpdate
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Athlon 64 Processor Driver
Audacity 1.2.6
Auto Click Profit
AVG 2012
BlueVoda Website Builder 12.2
Bonjour
BookSmart® 2.8.0 2.8.0
calibre
CamStudio Lossless Codec
CamStudioIM
Camtasia Studio 6
Canon CanoScan Toolbox 4.5
Canon LASER SHOT LBP-1120
Canon LBP3000
CashKeywords Toolbar
CCleaner
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
ConvertXtoDVD 4.0.10.324
Creative Specifix® Memory Publisher
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Directory Submitter 1.0.29
DP Animation Maker
DupeFree Pro
DupeFree Pro v2(remove only)
DVD Shrink 3.2
e-Record 6
e-tax 2008
e-tax 2009
e-tax 2010
e-tax 2011
eBridge Trader
Fast Content Producer
FileNet Desktop eForms
FileZilla Client 3.5.3
Forex Strategy Builder v2.60.0.0 Beta
FormatFactory 2.60
Free Video Joiner 1.1
Free WMA to MP3 Converter 1.16
GnuWin32: Wget-1.11.4-1
Good Keywords v3 121708
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.8.0.723
Greenshot
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Slideshow Powertoy for Windows XP
Hubb Investor
HyperVRE 1.9.1
Ideal DVD Copy V3.2.5
Image Optimizer 3.0
Image Resizer Powertoy for Windows XP
ImgBurn
InstantArticleWizard
Intel® Graphics Media Accelerator Driver
iPhone Configuration Utility
iResizer 1.1
iTunes
Jalbum
Jalbum 8.1
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 31
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
Jing
jv16 PowerTools
Karen's Directory Printer
Karen's Replicator
Keyword Pad v1.0.112706
KeywordCorral
Lame ACM MP3 Codec
LAME v3.98.3 for Audacity
Legacy 5.0
Legacy 6.0
Lizardtech DjVu Control
Malwarebytes Anti-Malware version 1.60.1.1000
MassArticleCreator
Memory Publisher
MetaTrader- AxisTrader 4.00
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Image Composite Editor
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Free Web Site Builder
Myson Century USB Driver for Windows 98&ME
Nero 7 Ultra Edition
neroxml
Nuance PDF Reader
NVIDIA Drivers
Nvu 1.0PR
OTrader Software Option Pricing
OutFront Web Template
Passenger Arrivals 1839 - 1890
Passenger Arrivals 1839 - 1890 (C:\Program Files\Passenger Arrivals 1839 - 1890\)
PDF Password Remover v2.5
PE Builder 3.1.10a
Photo Story 3 for Windows
Photoupz 1.6
PIXresizer 1.0.8
Platform
Power Article Rewriter
PowerDVD
QFHSdatasearch
QuickTime
RAR Repair Tool v.4.0.1
Retouch Pilot Free 3.4.1
S3 Ripper 1.3
SAG Rookwood Cemetery v1.10
SAG Waverley and South Head Cemeteries v1.14
Samsung Master
Samsung Media Studio
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 1.0 PIM & File Manager
Samsung PC Studio 3
Samsung_MonSetup
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif PhotoPlus 7.0
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Swiff Player 1.5
TeamViewer 7
Traffic Travis 3.3.19
Traffic Travis 4.0.0
Traffic Travis 4.1.0
TrafficSeeker 7.0 Lite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
Vidmex 1.39
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.0
vReveal
VSeven MP4 Converter 1.0
Watermark Image software version 1.6.8.1
WebEx
WebFldrs XP
Winamp
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-2
Wondershare PDF Converter (Build 2.6.2)
Wondershare PDF Converter (Build 3.0.0)
Wondershare Video Converter Ultimate(Build 5.4.3.0)
Wondershare Vivideo(Build 2.0.0.10)
WordFlood 1.2 (remove only)
WYSIWYG Web Builder 5.0
XHeader
XHeader Bonus Download
XML Paper Specification Shared Components Pack 1.0
XSitePro2
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
21/03/2012 9:55:35 AM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: Access is denied.
21/03/2012 9:50:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147943555
21/03/2012 9:50:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
21/03/2012 9:39:55 AM, error: Service Control Manager [7023] - The BsHelpCS service terminated with the following error: Access is denied.
21/03/2012 9:24:54 AM, error: Service Control Manager [7023] - The REVOSENS service terminated with the following error: Access is denied.
21/03/2012 9:23:54 AM, error: Service Control Manager [7023] - The Vcsw service terminated with the following error: Access is denied.
21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: The specified module could not be found.
21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: The specified module could not be found.
21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: The specified module could not be found.
21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The Ctaud2k service terminated with the following error: The specified module could not be found.
21/03/2012 9:10:27 AM, error: Service Control Manager [7023] - The Ssmdrv service terminated with the following error: Access is denied.
21/03/2012 8:55:27 AM, error: Service Control Manager [7023] - The Ctaud2k service terminated with the following error: Access is denied.
21/03/2012 8:50:07 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147943555
21/03/2012 8:50:01 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
21/03/2012 8:40:31 AM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: Access is denied.
21/03/2012 8:25:17 AM, error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: Access is denied.
21/03/2012 8:10:16 AM, error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: Access is denied.
21/03/2012 8:09:17 AM, error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: Access is denied.
21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Hap17v2k service terminated with the following error: The specified module could not be found.
21/03/2012 7:54:43 AM, error: Service Control Manager [7023] - The Hap17v2k service terminated with the following error: Access is denied.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Vcsw service terminated with the following error: The specified module could not be found.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Ssmdrv service terminated with the following error: The specified module could not be found.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: The specified module could not be found.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The REVOSENS service terminated with the following error: The specified module could not be found.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Mmc_2K service terminated with the following error: Access is denied.
21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The BsHelpCS service terminated with the following error: The specified module could not be found.
20/03/2012 8:50:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
20/03/2012 5:18:29 PM, error: Dhcp [1002] - The IP address lease 10.1.1.4 for the Network Card with network address 001FC6C77F99 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
18/03/2012 10:11:20 AM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 001FC6C77F99 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#2 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 02:11 AM

Just an update. AVG Resident Shield Alert keeps going off every 10 minutes or so. The threat name is - Trojan Horse Crypt.AQLW. It appears to be creating random .dll files which try to open and get detected by AVG. This has been driving me nuts for 3 days now, any help would greatly appreciated.

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 07:32 AM

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 08:09 AM

Thanks LTD, luckily I do not do internet banking. I do use ebay and paypal but I do not leave any passwords logged into any system, except for 1 sharemarket site. I keep all passwords in a book and use them as and when needed and always clean browser cache after using them. Have been operating from laptop for past 3 days as did not want to use infected desktop for anything. Will change the 1 password logged into desktop, after that should be good to go.
What do I need to do now?
Thanks.

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 08:47 AM




Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.



Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 09:17 AM

Here is requested log file from TDSSKiller.
I am downloading these files on laptop and using usb key to swap between machines. Hopefully this will work ok. Touch wood.


00:01:24.0359 1404 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
00:01:25.0500 1404 ============================================================
00:01:25.0500 1404 Current date / time: 2012/03/24 00:01:25.0500
00:01:25.0500 1404 SystemInfo:
00:01:25.0500 1404
00:01:25.0500 1404 OS Version: 5.1.2600 ServicePack: 3.0
00:01:25.0500 1404 Product type: Workstation
00:01:25.0500 1404 ComputerName: USER
00:01:25.0500 1404 UserName: Owner
00:01:25.0500 1404 Windows directory: C:\WINDOWS
00:01:25.0500 1404 System windows directory: C:\WINDOWS
00:01:25.0500 1404 Processor architecture: Intel x86
00:01:25.0500 1404 Number of processors: 2
00:01:25.0500 1404 Page size: 0x1000
00:01:25.0500 1404 Boot type: Normal boot
00:01:25.0500 1404 ============================================================
00:01:27.0531 1404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:01:27.0562 1404 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:01:27.0984 1404 Drive \Device\Harddisk2\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:01:27.0984 1404 \Device\Harddisk0\DR0:
00:01:27.0984 1404 MBR used
00:01:27.0984 1404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
00:01:27.0984 1404 \Device\Harddisk1\DR1:
00:01:27.0984 1404 MBR used
00:01:27.0984 1404 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
00:01:27.0984 1404 \Device\Harddisk2\DR4:
00:01:27.0984 1404 MBR used
00:01:27.0984 1404 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
00:01:28.0109 1404 Initialize success
00:01:28.0109 1404 ============================================================
00:01:43.0890 0372 ============================================================
00:01:43.0890 0372 Scan started
00:01:43.0890 0372 Mode: Manual; SigCheck; TDLFS;
00:01:43.0890 0372 ============================================================
00:01:44.0359 0372 Abiosdsk - ok
00:01:44.0546 0372 abp480n5 - ok
00:01:44.0921 0372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:01:50.0031 0372 ACPI - ok
00:01:50.0343 0372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:01:50.0484 0372 ACPIEC - ok
00:01:50.0765 0372 ADIHdAudAddService - ok
00:01:50.0937 0372 adpu160m - ok
00:01:51.0109 0372 aeaudio - ok
00:01:51.0296 0372 AEAudioService - ok
00:01:51.0546 0372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:01:51.0812 0372 aec - ok
00:01:52.0062 0372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:01:52.0218 0372 AFD - ok
00:01:52.0406 0372 Aha154x - ok
00:01:52.0687 0372 aic78u2 - ok
00:01:52.0859 0372 aic78xx - ok
00:01:53.0078 0372 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:01:53.0171 0372 Alerter - ok
00:01:53.0375 0372 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:01:53.0484 0372 ALG - ok
00:01:53.0765 0372 AliIde - ok
00:01:54.0000 0372 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:01:54.0078 0372 AmdK8 - ok
00:01:54.0250 0372 amsint - ok
00:01:54.0406 0372 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:01:54.0421 0372 Apple Mobile Device - ok
00:01:54.0703 0372 AppMgmt - ok
00:01:54.0875 0372 AppnApi - ok
00:01:55.0109 0372 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:01:55.0218 0372 Arp1394 - ok
00:01:55.0406 0372 asc - ok
00:01:55.0687 0372 asc3350p - ok
00:01:55.0875 0372 asc3550 - ok
00:01:56.0093 0372 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
00:01:56.0703 0372 AsIO - ok
00:01:56.0921 0372 aslm75 - ok
00:01:57.0171 0372 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
00:01:57.0234 0372 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
00:01:57.0234 0372 Aspi32 - detected UnsignedFile.Multi.Generic (1)
00:01:57.0453 0372 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:01:57.0500 0372 aspnet_state - ok
00:01:57.0828 0372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:01:57.0937 0372 AsyncMac - ok
00:01:58.0171 0372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:01:58.0312 0372 atapi - ok
00:01:58.0484 0372 Atdisk - ok
00:01:58.0828 0372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:01:58.0937 0372 Atmarpc - ok
00:01:59.0093 0372 ATNT40K - ok
00:01:59.0312 0372 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:01:59.0406 0372 AudioSrv - ok
00:01:59.0734 0372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:01:59.0843 0372 audstub - ok
00:02:00.0000 0372 avgfwsrv - ok
00:02:01.0531 0372 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
00:02:04.0218 0372 AVGIDSAgent - ok
00:02:04.0687 0372 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
00:02:04.0687 0372 AVGIDSDriver - ok
00:02:04.0921 0372 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
00:02:04.0968 0372 AVGIDSEH - ok
00:02:05.0218 0372 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
00:02:05.0218 0372 AVGIDSFilter - ok
00:02:05.0437 0372 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
00:02:05.0453 0372 AVGIDSShim - ok
00:02:05.0812 0372 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:02:05.0906 0372 Avgldx86 - ok
00:02:06.0109 0372 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:02:06.0140 0372 Avgmfx86 - ok
00:02:06.0375 0372 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:02:06.0406 0372 Avgrkx86 - ok
00:02:06.0812 0372 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:02:06.0921 0372 Avgtdix - ok
00:02:07.0156 0372 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:02:07.0187 0372 avgwd - ok
00:02:07.0406 0372 b57w2k - ok
00:02:07.0687 0372 backupexecjobengine - ok
00:02:07.0859 0372 backupexecnamingservice - ok
00:02:08.0015 0372 Bcim - ok
00:02:08.0187 0372 bdselfpr - ok
00:02:08.0406 0372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:02:08.0531 0372 Beep - ok
00:02:08.0937 0372 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:02:09.0437 0372 BITS - ok
00:02:09.0765 0372 bocdrive - ok
00:02:09.0984 0372 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
00:02:10.0140 0372 Bonjour Service - ok
00:02:10.0312 0372 bridge - ok
00:02:10.0531 0372 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:02:10.0765 0372 Browser - ok
00:02:10.0921 0372 BrSerIf - ok
00:02:11.0093 0372 bvrp_pci - ok
00:02:11.0234 0372 catchme - ok
00:02:11.0468 0372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:02:11.0640 0372 cbidf2k - ok
00:02:11.0843 0372 cd20xrnt - ok
00:02:12.0046 0372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:02:12.0156 0372 Cdaudio - ok
00:02:12.0421 0372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:02:12.0531 0372 Cdfs - ok
00:02:12.0812 0372 cdfsvc - ok
00:02:13.0046 0372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:02:13.0187 0372 Cdrom - ok
00:02:13.0359 0372 Changer - ok
00:02:13.0531 0372 cics.region1 - ok
00:02:13.0828 0372 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:02:13.0937 0372 CiSvc - ok
00:02:14.0156 0372 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:02:14.0265 0372 ClipSrv - ok
00:02:14.0453 0372 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:02:14.0484 0372 clr_optimization_v2.0.50727_32 - ok
00:02:14.0781 0372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:02:14.0875 0372 clr_optimization_v4.0.30319_32 - ok
00:02:15.0078 0372 CmdIde - ok
00:02:15.0265 0372 COMSysApp - ok
00:02:15.0468 0372 Cpqarray - ok
00:02:15.0781 0372 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:02:15.0890 0372 CryptSvc - ok
00:02:16.0062 0372 CTEDSPFX.DLL - ok
00:02:16.0234 0372 ctxhttp - ok
00:02:16.0390 0372 cxpt_service - ok
00:02:16.0687 0372 dac2w2k - ok
00:02:16.0859 0372 dac960nt - ok
00:02:17.0187 0372 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:02:17.0343 0372 DcomLaunch - ok
00:02:17.0593 0372 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:02:17.0812 0372 Dhcp - ok
00:02:18.0046 0372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:02:18.0140 0372 Disk - ok
00:02:18.0312 0372 dlbx_device - ok
00:02:18.0484 0372 DM9102 - ok
00:02:18.0750 0372 dmadmin - ok
00:02:19.0171 0372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:02:19.0750 0372 dmboot - ok
00:02:19.0984 0372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:02:20.0156 0372 dmio - ok
00:02:20.0359 0372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:02:20.0468 0372 dmload - ok
00:02:20.0781 0372 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:02:20.0875 0372 dmserver - ok
00:02:21.0093 0372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:02:21.0218 0372 DMusic - ok
00:02:21.0421 0372 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:02:21.0703 0372 Dnscache - ok
00:02:21.0921 0372 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:02:22.0062 0372 Dot3svc - ok
00:02:22.0234 0372 downloadmanagerlite - ok
00:02:22.0437 0372 dpti2o - ok
00:02:22.0765 0372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:02:22.0859 0372 drmkaud - ok
00:02:23.0078 0372 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:02:23.0187 0372 EapHost - ok
00:02:23.0359 0372 emu10k - ok
00:02:23.0562 0372 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:02:23.0765 0372 ERSvc - ok
00:02:24.0000 0372 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:02:24.0062 0372 Eventlog - ok
00:02:24.0343 0372 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:02:24.0453 0372 EventSystem - ok
00:02:24.0859 0372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:02:25.0000 0372 Fastfat - ok
00:02:25.0250 0372 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:02:25.0343 0372 FastUserSwitchingCompatibility - ok
00:02:25.0578 0372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:02:25.0781 0372 Fdc - ok
00:02:25.0937 0372 filemon701 - ok
00:02:26.0187 0372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:02:26.0281 0372 Fips - ok
00:02:26.0468 0372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:02:26.0593 0372 Flpydisk - ok
00:02:26.0906 0372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:02:27.0031 0372 FltMgr - ok
00:02:27.0250 0372 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:02:27.0265 0372 FontCache3.0.0.0 - ok
00:02:27.0453 0372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:02:27.0578 0372 Fs_Rec - ok
00:02:27.0875 0372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:02:28.0015 0372 Ftdisk - ok
00:02:28.0187 0372 GBFSHook - ok
00:02:28.0421 0372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:02:28.0437 0372 GEARAspiWDM - ok
00:02:28.0703 0372 ggsemc - ok
00:02:28.0875 0372 gmer - ok
00:02:29.0078 0372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:02:29.0203 0372 Gpc - ok
00:02:29.0437 0372 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:02:29.0453 0372 gupdate - ok
00:02:29.0484 0372 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:02:29.0531 0372 gupdatem - ok
00:02:29.0734 0372 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:02:29.0781 0372 gusvc - ok
00:02:30.0031 0372 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
00:02:30.0171 0372 HdAudAddService - ok
00:02:30.0437 0372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:02:30.0609 0372 HDAudBus - ok
00:02:30.0734 0372 helpsvc - ok
00:02:30.0906 0372 HidBth - ok
00:02:31.0125 0372 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:02:31.0296 0372 HidServ - ok
00:02:31.0500 0372 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:02:31.0671 0372 HidUsb - ok
00:02:31.0875 0372 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:02:31.0984 0372 hkmsvc - ok
00:02:32.0171 0372 hpn - ok
00:02:32.0484 0372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:02:32.0734 0372 HTTP - ok
00:02:32.0953 0372 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:02:33.0078 0372 HTTPFilter - ok
00:02:33.0265 0372 i2omgmt - ok
00:02:33.0437 0372 i2omp - ok
00:02:33.0781 0372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:02:33.0890 0372 i8042prt - ok
00:02:34.0046 0372 iAimTV5 - ok
00:02:36.0203 0372 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:02:40.0093 0372 ialm - ok
00:02:40.0328 0372 ibmsmbus - ok
00:02:40.0578 0372 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:02:40.0718 0372 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:02:40.0718 0372 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:02:41.0125 0372 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:02:41.0718 0372 idsvc - ok
00:02:42.0000 0372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:02:42.0109 0372 Imapi - ok
00:02:42.0359 0372 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:02:42.0468 0372 ImapiService - ok
00:02:42.0781 0372 ini910u - ok
00:02:42.0968 0372 IntelIde - ok
00:02:43.0203 0372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:02:43.0296 0372 intelppm - ok
00:02:43.0515 0372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:02:43.0671 0372 Ip6Fw - ok
00:02:43.0890 0372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:02:44.0000 0372 IpFilterDriver - ok
00:02:44.0218 0372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:02:44.0296 0372 IpInIp - ok
00:02:44.0546 0372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:02:44.0812 0372 IpNat - ok
00:02:45.0140 0372 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
00:02:45.0609 0372 iPod Service - ok
00:02:45.0890 0372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:02:46.0015 0372 IPSec - ok
00:02:46.0203 0372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:02:46.0312 0372 IRENUM - ok
00:02:46.0546 0372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:02:46.0765 0372 isapnp - ok
00:02:46.0921 0372 isdrv122 - ok
00:02:47.0093 0372 iviVD - ok
00:02:47.0390 0372 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
00:02:47.0437 0372 JavaQuickStarterService - ok
00:02:47.0781 0372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:02:47.0921 0372 Kbdclass - ok
00:02:48.0125 0372 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:02:48.0234 0372 kbdhid - ok
00:02:48.0406 0372 klif - ok
00:02:48.0765 0372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:02:48.0906 0372 kmixer - ok
00:02:49.0156 0372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:02:49.0359 0372 KSecDD - ok
00:02:49.0703 0372 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
00:02:49.0812 0372 L1e - ok
00:02:50.0031 0372 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:02:50.0140 0372 lanmanserver - ok
00:02:50.0390 0372 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:02:50.0453 0372 lanmanworkstation - ok
00:02:50.0781 0372 Lbd - ok
00:02:50.0953 0372 lbrtfdc - ok
00:02:51.0140 0372 lexbces - ok
00:02:51.0328 0372 lirsgt - ok
00:02:51.0531 0372 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:02:51.0687 0372 LmHosts - ok
00:02:51.0859 0372 lvckap - ok
00:02:52.0015 0372 lyncusbserv - ok
00:02:52.0234 0372 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
00:02:52.0265 0372 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
00:02:52.0265 0372 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
00:02:52.0437 0372 mbr - ok
00:02:52.0703 0372 mcupdmgr.exe - ok
00:02:52.0921 0372 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:02:53.0000 0372 Messenger - ok
00:02:53.0171 0372 mfeavfk - ok
00:02:53.0343 0372 mferkdk - ok
00:02:53.0562 0372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:02:53.0781 0372 mnmdd - ok
00:02:53.0968 0372 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:02:54.0078 0372 mnmsrvc - ok
00:02:54.0312 0372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:02:54.0406 0372 Modem - ok
00:02:55.0093 0372 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
00:02:56.0031 0372 monfilt - ok
00:02:56.0250 0372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:02:56.0359 0372 Mouclass - ok
00:02:56.0578 0372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:02:56.0796 0372 mouhid - ok
00:02:57.0015 0372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:02:57.0125 0372 MountMgr - ok
00:02:57.0296 0372 mpservice - ok
00:02:57.0468 0372 mraid35x - ok
00:02:57.0750 0372 MREMP50a64 - ok
00:02:57.0968 0372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:02:58.0140 0372 MRxDAV - ok
00:02:58.0484 0372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:02:58.0859 0372 MRxSmb - ok
00:02:59.0093 0372 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:02:59.0171 0372 MSDTC - ok
00:02:59.0375 0372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:02:59.0484 0372 Msfs - ok
00:02:59.0750 0372 MSIServer - ok
00:03:00.0000 0372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:03:00.0078 0372 MSKSSRV - ok
00:03:00.0281 0372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:03:00.0390 0372 MSPCLOCK - ok
00:03:00.0718 0372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:03:00.0828 0372 MSPQM - ok
00:03:01.0031 0372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:03:01.0140 0372 mssmbios - ok
00:03:01.0375 0372 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
00:03:01.0421 0372 MTsensor - ok
00:03:01.0781 0372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:03:01.0859 0372 Mup - ok
00:03:02.0031 0372 mwstick - ok
00:03:02.0203 0372 NAL - ok
00:03:02.0468 0372 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:03:02.0750 0372 napagent - ok
00:03:02.0921 0372 navapel - ok
00:03:03.0343 0372 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
00:03:03.0718 0372 NBService - ok
00:03:04.0031 0372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:03:04.0218 0372 NDIS - ok
00:03:04.0437 0372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:03:04.0546 0372 NdisTapi - ok
00:03:04.0812 0372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:03:04.0906 0372 Ndisuio - ok
00:03:05.0125 0372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:03:05.0250 0372 NdisWan - ok
00:03:05.0468 0372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:03:05.0531 0372 NDProxy - ok
00:03:05.0765 0372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:03:05.0859 0372 NetBIOS - ok
00:03:06.0140 0372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:03:06.0281 0372 NetBT - ok
00:03:06.0515 0372 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:03:06.0640 0372 NetDDE - ok
00:03:06.0671 0372 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:03:06.0765 0372 NetDDEdsdm - ok
00:03:06.0968 0372 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:03:07.0062 0372 Netlogon - ok
00:03:07.0312 0372 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:03:07.0437 0372 Netman - ok
00:03:07.0671 0372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:03:07.0750 0372 NetTcpPortSharing - ok
00:03:07.0906 0372 nfmservice - ok
00:03:08.0078 0372 ngdbserv - ok
00:03:08.0359 0372 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:03:08.0468 0372 NIC1394 - ok
00:03:08.0640 0372 NICSer_WPC300N - ok
00:03:08.0906 0372 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:03:08.0953 0372 Nla - ok
00:03:09.0203 0372 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
00:03:09.0296 0372 NMIndexingService - ok
00:03:09.0468 0372 nmwcdcm - ok
00:03:09.0734 0372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:03:09.0875 0372 Npfs - ok
00:03:10.0046 0372 NTACCESS - ok
00:03:10.0437 0372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:03:10.0781 0372 Ntfs - ok
00:03:10.0984 0372 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:03:11.0062 0372 NtLmSsp - ok
00:03:11.0421 0372 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:03:11.0718 0372 NtmsSvc - ok
00:03:11.0921 0372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:03:12.0031 0372 Null - ok
00:03:13.0265 0372 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:03:15.0187 0372 nv - ok
00:03:15.0515 0372 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:03:15.0562 0372 NVENETFD - ok
00:03:15.0734 0372 NVNET - ok
00:03:15.0953 0372 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:03:16.0000 0372 nvnetbus - ok
00:03:16.0250 0372 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
00:03:16.0343 0372 NVSvc - ok
00:03:16.0562 0372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:03:16.0671 0372 NwlnkFlt - ok
00:03:16.0875 0372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:03:17.0015 0372 NwlnkFwd - ok
00:03:17.0234 0372 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:03:17.0390 0372 ohci1394 - ok
00:03:17.0546 0372 oracleorahomedatagatherer - ok
00:03:17.0718 0372 oracleorahomepagingserver - ok
00:03:17.0890 0372 oraclexeclragent - ok
00:03:18.0062 0372 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:03:18.0093 0372 ose - ok
00:03:18.0265 0372 p2pimsvc - ok
00:03:18.0421 0372 Packet - ok
00:03:18.0593 0372 pae_1394 - ok
00:03:18.0828 0372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:03:18.0953 0372 Parport - ok
00:03:19.0156 0372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:03:19.0250 0372 PartMgr - ok
00:03:19.0468 0372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:03:19.0578 0372 ParVdm - ok
00:03:19.0734 0372 pav_service - ok
00:03:19.0968 0372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:03:20.0078 0372 PCI - ok
00:03:20.0250 0372 PciBus - ok
00:03:20.0437 0372 PCIDump - ok
00:03:20.0625 0372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:03:20.0718 0372 PCIIde - ok
00:03:20.0968 0372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:03:21.0078 0372 Pcmcia - ok
00:03:21.0328 0372 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
00:03:21.0359 0372 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
00:03:21.0359 0372 Pcouffin - detected UnsignedFile.Multi.Generic (1)
00:03:21.0531 0372 PDCOMP - ok
00:03:21.0718 0372 PDFRAME - ok
00:03:21.0890 0372 pdiddcci - ok
00:03:22.0062 0372 PDRELI - ok
00:03:22.0250 0372 PDRFRAME - ok
00:03:22.0437 0372 perc2 - ok
00:03:22.0609 0372 perc2hib - ok
00:03:22.0859 0372 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:03:22.0921 0372 PlugPlay - ok
00:03:23.0125 0372 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:03:23.0218 0372 PolicyAgent - ok
00:03:23.0484 0372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:03:23.0593 0372 PptpMiniport - ok
00:03:23.0796 0372 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:03:23.0906 0372 Processor - ok
00:03:24.0078 0372 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:03:24.0156 0372 ProtectedStorage - ok
00:03:24.0359 0372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:03:24.0484 0372 PSched - ok
00:03:24.0671 0372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:03:24.0765 0372 Ptilink - ok
00:03:24.0937 0372 purgeieservice - ok
00:03:25.0187 0372 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:03:25.0203 0372 PxHelp20 - ok
00:03:25.0390 0372 ql1080 - ok
00:03:25.0562 0372 Ql10wnt - ok
00:03:25.0750 0372 ql12160 - ok
00:03:25.0937 0372 ql1240 - ok
00:03:26.0125 0372 ql1280 - ok
00:03:26.0296 0372 ramaint - ok
00:03:26.0500 0372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:03:26.0578 0372 RasAcd - ok
00:03:26.0796 0372 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:03:26.0906 0372 RasAuto - ok
00:03:27.0109 0372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:03:27.0218 0372 Rasl2tp - ok
00:03:27.0468 0372 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:03:27.0609 0372 RasMan - ok
00:03:27.0812 0372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:03:27.0890 0372 RasPppoe - ok
00:03:28.0109 0372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:03:28.0234 0372 Raspti - ok
00:03:28.0484 0372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:03:28.0625 0372 Rdbss - ok
00:03:28.0828 0372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:03:28.0937 0372 RDPCDD - ok
00:03:29.0109 0372 rdpdr - ok
00:03:29.0390 0372 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:03:29.0515 0372 RDPWD - ok
00:03:29.0765 0372 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:03:29.0890 0372 RDSessMgr - ok
00:03:30.0140 0372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:03:30.0265 0372 redbook - ok
00:03:30.0468 0372 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:03:30.0562 0372 RemoteAccess - ok
00:03:30.0718 0372 rimsptsk - ok
00:03:30.0906 0372 RIOXDRV - ok
00:03:31.0109 0372 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:03:31.0203 0372 RpcLocator - ok
00:03:31.0515 0372 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:03:31.0640 0372 RpcSs - ok
00:03:31.0812 0372 rp_fws - ok
00:03:32.0031 0372 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:03:32.0187 0372 RSVP - ok
00:03:32.0359 0372 s125mgmt - ok
00:03:32.0531 0372 s616unic - ok
00:03:32.0703 0372 sagefserver - ok
00:03:32.0859 0372 SaiNtBus - ok
00:03:33.0078 0372 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:03:33.0171 0372 SamSs - ok
00:03:33.0187 0372 SANDRA - ok
00:03:33.0343 0372 savrtpel - ok
00:03:33.0578 0372 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:03:33.0703 0372 SCardSvr - ok
00:03:33.0937 0372 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:03:34.0031 0372 Schedule - ok
00:03:34.0218 0372 sdbus - ok
00:03:34.0390 0372 SE26mdfl - ok
00:03:34.0640 0372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:03:34.0734 0372 Secdrv - ok
00:03:34.0921 0372 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:03:35.0000 0372 seclogon - ok
00:03:35.0187 0372 SenFiltService - ok
00:03:35.0390 0372 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
00:03:35.0484 0372 SENS - ok
00:03:35.0718 0372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:03:35.0812 0372 serenum - ok
00:03:36.0062 0372 Serial (a9698a2e0a26d26f551c0db8d535a9fe) C:\WINDOWS\system32\DRIVERS\serial.sys
00:03:36.0109 0372 Serial ( Virus.Win32.ZAccess.k ) - infected
00:03:36.0109 0372 Serial - detected Virus.Win32.ZAccess.k (0)
00:03:36.0281 0372 service - ok
00:03:36.0562 0372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:03:36.0656 0372 Sfloppy - ok
00:03:36.0828 0372 SGHIDI - ok
00:03:37.0000 0372 sglogplayer - ok
00:03:37.0281 0372 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:03:37.0484 0372 SharedAccess - ok
00:03:37.0703 0372 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:03:37.0750 0372 ShellHWDetection - ok
00:03:37.0906 0372 si3114r - ok
00:03:38.0093 0372 Simbad - ok
00:03:38.0265 0372 smserial - ok
00:03:38.0437 0372 SNP2UVC - ok
00:03:38.0609 0372 snpstd - ok
00:03:38.0796 0372 Sparrow - ok
00:03:39.0000 0372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:03:39.0140 0372 splitter - ok
00:03:39.0359 0372 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:03:39.0390 0372 Spooler - ok
00:03:39.0593 0372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:03:39.0718 0372 sr - ok
00:03:39.0968 0372 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:03:40.0046 0372 srservice - ok
00:03:40.0343 0372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:03:40.0531 0372 Srv - ok
00:03:40.0796 0372 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
00:03:40.0828 0372 sscdbus - ok
00:03:41.0062 0372 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
00:03:41.0078 0372 sscdmdfl - ok
00:03:41.0296 0372 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
00:03:41.0343 0372 sscdmdm - ok
00:03:41.0562 0372 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:03:41.0656 0372 SSDPSRV - ok
00:03:41.0828 0372 ssfs0509 - ok
00:03:41.0984 0372 sskbfd - ok
00:03:42.0218 0372 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
00:03:42.0234 0372 StarOpen ( UnsignedFile.Multi.Generic ) - warning
00:03:42.0234 0372 StarOpen - detected UnsignedFile.Multi.Generic (1)
00:03:42.0546 0372 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:03:42.0750 0372 stisvc - ok
00:03:42.0984 0372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:03:43.0062 0372 swenum - ok
00:03:43.0281 0372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:03:43.0390 0372 swmidi - ok
00:03:43.0562 0372 SwPrv - ok
00:03:43.0750 0372 symc810 - ok
00:03:43.0921 0372 symc8xx - ok
00:03:44.0109 0372 sym_hi - ok
00:03:44.0312 0372 sym_u3 - ok
00:03:44.0578 0372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:03:44.0671 0372 sysaudio - ok
00:03:44.0906 0372 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:03:45.0015 0372 SysmonLog - ok
00:03:45.0312 0372 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:03:45.0484 0372 TapiSrv - ok
00:03:45.0828 0372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:03:46.0046 0372 Tcpip - ok
00:03:46.0265 0372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:03:46.0359 0372 TDPIPE - ok
00:03:46.0562 0372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:03:46.0671 0372 TDTCP - ok
00:03:46.0875 0372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:03:46.0984 0372 TermDD - ok
00:03:47.0250 0372 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:03:47.0343 0372 TermService - ok
00:03:47.0500 0372 tfsndrct - ok
00:03:47.0734 0372 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:03:47.0750 0372 Themes - ok
00:03:47.0906 0372 tifm21 - ok
00:03:48.0093 0372 TosIde - ok
00:03:48.0265 0372 TPECioCtl - ok
00:03:48.0437 0372 TPPWRIF - ok
00:03:48.0609 0372 traprcvr - ok
00:03:48.0812 0372 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:03:48.0921 0372 TrkWks - ok
00:03:49.0078 0372 TuneUp.Defrag - ok
00:03:49.0359 0372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:03:49.0468 0372 Udfs - ok
00:03:49.0625 0372 uhcd - ok
00:03:49.0812 0372 ultra - ok
00:03:50.0125 0372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:03:50.0421 0372 Update - ok
00:03:50.0578 0372 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:03:50.0671 0372 uploadmgr - ok
00:03:50.0906 0372 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:03:51.0062 0372 upnphost - ok
00:03:51.0250 0372 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:03:51.0328 0372 UPS - ok
00:03:51.0500 0372 USA49W2KP - ok
00:03:51.0718 0372 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:03:51.0750 0372 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
00:03:51.0750 0372 USBAAPL - detected UnsignedFile.Multi.Generic (1)
00:03:51.0968 0372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:03:52.0062 0372 usbccgp - ok
00:03:52.0312 0372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:03:52.0421 0372 usbehci - ok
00:03:52.0640 0372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:03:52.0750 0372 usbhub - ok
00:03:52.0984 0372 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:03:53.0078 0372 usbohci - ok
00:03:53.0296 0372 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:03:53.0375 0372 usbprint - ok
00:03:53.0578 0372 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:03:53.0687 0372 usbscan - ok
00:03:53.0890 0372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:03:54.0000 0372 USBSTOR - ok
00:03:54.0234 0372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:03:54.0328 0372 usbuhci - ok
00:03:54.0515 0372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:03:54.0625 0372 VgaSave - ok
00:03:54.0906 0372 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys
00:03:55.0015 0372 VIAHdAudAddService - ok
00:03:55.0187 0372 ViaIde - ok
00:03:55.0359 0372 videoacceleratorengine - ok
00:03:55.0531 0372 VNUSB - ok
00:03:55.0750 0372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:03:55.0859 0372 VolSnap - ok
00:03:56.0031 0372 vsbus - ok
00:03:56.0218 0372 vsmon - ok
00:03:56.0484 0372 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:03:56.0656 0372 VSS - ok
00:03:56.0828 0372 vzcdbsvc - ok
00:03:57.0046 0372 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:03:57.0171 0372 W32Time - ok
00:03:57.0390 0372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:03:57.0500 0372 Wanarp - ok
00:03:57.0671 0372 wap3gx - ok
00:03:57.0843 0372 Wdf01000 - ok
00:03:58.0015 0372 WDICA - ok
00:03:58.0250 0372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:03:58.0359 0372 wdmaud - ok
00:03:58.0593 0372 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:03:58.0687 0372 WebClient - ok
00:03:58.0843 0372 win32sl - ok
00:03:59.0140 0372 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:03:59.0218 0372 winmgmt - ok
00:03:59.0390 0372 winvnc - ok
00:03:59.0609 0372 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:03:59.0687 0372 WmdmPmSN - ok
00:03:59.0921 0372 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:04:00.0046 0372 WmiApSrv - ok
00:04:00.0421 0372 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:04:00.0921 0372 WMPNetworkSvc - ok
00:04:01.0171 0372 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:04:01.0203 0372 WpdUsb - ok
00:04:01.0625 0372 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:04:02.0000 0372 WPFFontCache_v0400 - ok
00:04:02.0250 0372 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:04:02.0375 0372 wuauserv - ok
00:04:02.0640 0372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:04:02.0734 0372 WudfPf - ok
00:04:02.0953 0372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:04:03.0015 0372 WudfRd - ok
00:04:03.0234 0372 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:04:03.0281 0372 WudfSvc - ok
00:04:03.0625 0372 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:04:03.0812 0372 WZCSVC - ok
00:04:04.0046 0372 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:04:04.0203 0372 xmlprov - ok
00:04:04.0375 0372 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
00:04:04.0406 0372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:04:04.0718 0372 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:04:04.0718 0372 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:04:04.0750 0372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:04:04.0921 0372 \Device\Harddisk1\DR1 - ok
00:04:04.0937 0372 MBR (0x1B8) (4ee85860a9fb58e2f5e265a4d29dd339) \Device\Harddisk2\DR4
00:04:05.0031 0372 \Device\Harddisk2\DR4 - ok
00:04:05.0031 0372 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0
00:04:05.0031 0372 \Device\Harddisk0\DR0\Partition0 - ok
00:04:05.0031 0372 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0
00:04:05.0046 0372 \Device\Harddisk1\DR1\Partition0 - ok
00:04:05.0046 0372 Boot (0x1200) (6ec5e9d43d6bf868ef056faeea7e3d46) \Device\Harddisk2\DR4\Partition0
00:04:05.0046 0372 \Device\Harddisk2\DR4\Partition0 - ok
00:04:05.0046 0372 ============================================================
00:04:05.0046 0372 Scan finished
00:04:05.0046 0372 ============================================================
00:04:05.0156 0368 Detected object count: 8
00:04:05.0156 0368 Actual detected object count: 8
00:05:07.0750 0368 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:07.0750 0368 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:07.0750 0368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:07.0750 0368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:07.0750 0368 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:07.0750 0368 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:07.0750 0368 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:07.0750 0368 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:08.0187 0368 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
00:05:08.0937 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\@ - copied to quarantine
00:05:08.0937 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\cfg.ini - copied to quarantine
00:05:08.0953 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\Desktop.ini - copied to quarantine
00:05:09.0000 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\L\memrclzg - copied to quarantine
00:05:09.0031 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\oemid - copied to quarantine
00:05:09.0046 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000001.@ - copied to quarantine
00:05:09.0187 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000002.@ - copied to quarantine
00:05:09.0203 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000004.@ - copied to quarantine
00:05:09.0265 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000000.@ - copied to quarantine
00:05:09.0312 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000004.@ - copied to quarantine
00:05:09.0359 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000032.@ - copied to quarantine
00:05:09.0375 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\version - copied to quarantine
00:05:10.0562 0368 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
00:05:23.0140 0368 Backup copy found, using it..
00:05:23.0343 0368 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\3039687044 - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\cfg.ini - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\Desktop.ini - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\oemid - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000001.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000002.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000004.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000000.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000004.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000032.@ - will be deleted on reboot
00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\version - will be deleted on reboot
00:05:41.0218 0368 Serial ( Virus.Win32.ZAccess.k ) - User select action: Cure
00:05:41.0218 0368 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:41.0218 0368 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:41.0218 0368 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
00:05:41.0218 0368 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:05:41.0218 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:05:41.0218 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:05:56.0687 1400 Deinitialize success

#7 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 09:31 AM

If there was no rebooot after running TDSKiller, please reboot it before moving on.


Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs


  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 11:05 AM

ComboFix all done. Log is below. Desktop seems ok at the moment, no AVG threats showing yet.

ComboFix 12-03-22.01 - Owner 24/03/2012 1:11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.592 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Explorer\SET4C.tmp
c:\program files\Internet Explorer\SET50.tmp
c:\program files\Internet Explorer\SET51.tmp
c:\program files\Program Files
c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst
c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst
c:\program files\Program Files\Common Files\Adobe\Web\AdobeWeb.dll
c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt
c:\windows\iun6002.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SERVICE
-------\Service_service
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research
2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll
2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll
2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
2011-05-09 09:49 176936 ----a-w- c:\program files\CashKeywords\prxtbCas1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9EB64FA9-57C4-4A41-9940-E12E0418B693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
bridge
ibmsmbus
mferkdk
si3114r
p2pimsvc
cics.region1
nfmservice
b57w2k
gmer
vzcdbsvc
Bcim
GBFSHook
ssfs0509
lyncusbserv
CTEDSPFX.DLL
tifm21
winvnc
pae_1394
s616unic
SE26mdfl
vsbus
ATNT40K
NTACCESS
MREMP50a64
ntsvcmgr
sskbfd
aeaudio
sglogplayer
cdfsvc
smserial
SGHIDI
mwstick
TuneUp.Defrag
traprcvr
snpstd
NVNET
navapel
iviVD
avgfwsrv
oracleorahomedatagatherer
rdpdr
purgeieservice
pav_service
backupexecnamingservice
pdiddcci
aslm75
DM9102
NAL
ngdbserv
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
tfsndrct
s116nd5
mcdetect.exe
Packet
videoacceleratorengine
BrSerIf
Wdf01000
bdselfpr
emu10k
backupexecjobengine
s125mgmt
mpservice
mcupdmgr.exe
filemon701
SaiNtBus
ramaint
sagefserver
oraclexeclragent
iAimTV5
savrtpel
win32sl
PciBus
klif
mbr
uhcd
AppnApi
downloadmanagerlite
cxpt_service
VNUSB
lexbces
SNP2UVC
USA49W2KP
bvrp_pci
NICSer_WPC300N
mfeavfk
oracleorahomepagingserver
vsmon
dlbx_device
lirsgt
rimsptsk
rp_fws
nmwcdcm
lvckap
bocdrive
TPPWRIF
isdrv122
sdbus
RIOXDRV
ctxhttp
HidBth
wap3gx
ggsemc
TPECioCtl
uploadmgr
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]
.
2012-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: iinet.net.au\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
SafeBoot-58671161.sys
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
AddRemove-WYSIWYG_Web_Builder_5 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 01:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff
"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\CAP3RSK.EXE
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
.
**************************************************************************
.
Completion time: 2012-03-24 01:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 15:53
ComboFix2.txt 2011-04-06 07:44
.
Pre-Run: 50,409,730,048 bytes free
Post-Run: 51,518,496,768 bytes free
.
- - End Of File - - 4CBDB6EBDD893C530726F80478995E3D

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 03:42 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

File::
c:\program files\CashKeywords\prxtbCas1.dll

Folder::
c:\program files\CashKeywords


ClearJavaCache::


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"=- 
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"=-
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9EB64FA9-57C4-4A41-9940-E12E0418B693}"=-
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 05:59 PM

ComboFix done, see log below. It did report both times it ran (now and last night) that infection was called rootkit.zeroaccess! which was inserted in tcp/ip stack. Desktop seems to be running ok at the moment, little bit sluggish but far better than it was for past 4 days.
Thanks for help to date.

.............................
ComboFix 12-03-22.01 - Owner 24/03/2012 8:00.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.601 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\CashKeywords\prxtbCas1.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CashKeywords
c:\program files\CashKeywords\CashKeywordsToolbarHelper.exe
c:\program files\CashKeywords\CashKeywordsToolbarHelper1.exe
c:\program files\CashKeywords\INSTALL.LOG
c:\program files\CashKeywords\ldrtbCas0.dll
c:\program files\CashKeywords\prxtbCas0.dll
c:\program files\CashKeywords\prxtbCas1.dll
c:\program files\CashKeywords\tbCas1.dll
c:\program files\CashKeywords\tbCash.dll
c:\program files\CashKeywords\toolbar.cfg
c:\program files\CashKeywords\uninstall.exe
c:\program files\CashKeywords\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))
.
.
2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research
2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll
2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll
2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-23_15.44.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-23 22:29 . 2012-03-23 22:29 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
bridge
ibmsmbus
mferkdk
si3114r
p2pimsvc
cics.region1
nfmservice
b57w2k
gmer
vzcdbsvc
Bcim
GBFSHook
ssfs0509
lyncusbserv
CTEDSPFX.DLL
tifm21
winvnc
pae_1394
s616unic
SE26mdfl
vsbus
ATNT40K
NTACCESS
MREMP50a64
ntsvcmgr
sskbfd
aeaudio
sglogplayer
cdfsvc
smserial
SGHIDI
mwstick
TuneUp.Defrag
traprcvr
snpstd
NVNET
navapel
iviVD
avgfwsrv
oracleorahomedatagatherer
rdpdr
purgeieservice
pav_service
backupexecnamingservice
pdiddcci
aslm75
DM9102
NAL
ngdbserv
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
tfsndrct
s116nd5
mcdetect.exe
Packet
videoacceleratorengine
BrSerIf
Wdf01000
bdselfpr
emu10k
backupexecjobengine
s125mgmt
mpservice
mcupdmgr.exe
filemon701
SaiNtBus
ramaint
sagefserver
oraclexeclragent
iAimTV5
savrtpel
win32sl
PciBus
klif
mbr
uhcd
AppnApi
downloadmanagerlite
cxpt_service
VNUSB
lexbces
SNP2UVC
USA49W2KP
bvrp_pci
NICSer_WPC300N
mfeavfk
oracleorahomepagingserver
vsmon
dlbx_device
lirsgt
rimsptsk
rp_fws
nmwcdcm
lvckap
bocdrive
TPPWRIF
isdrv122
sdbus
RIOXDRV
ctxhttp
HidBth
wap3gx
ggsemc
TPECioCtl
uploadmgr
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]
.
2012-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: iinet.net.au\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-CashKeywords Toolbar - c:\program files\CashKeywords\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 08:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff
"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CAP3RSK.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
.
**************************************************************************
.
Completion time: 2012-03-24 08:39:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-23 22:39
ComboFix2.txt 2012-03-23 15:54
ComboFix3.txt 2011-04-06 07:44
.
Pre-Run: 51,512,516,608 bytes free
Post-Run: 51,486,220,288 bytes free
.
- - End Of File - - 6C51AA834303179122E60F3F969E79CD

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 06:07 PM

Run a new TDSSKiller scan as before.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 06:27 PM

TDSSKiller ran again. Here is latest result.

..............................
09:11:45.0687 3156 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
09:11:46.0531 3156 ============================================================
09:11:46.0531 3156 Current date / time: 2012/03/24 09:11:46.0531
09:11:46.0531 3156 SystemInfo:
09:11:46.0531 3156
09:11:46.0531 3156 OS Version: 5.1.2600 ServicePack: 3.0
09:11:46.0531 3156 Product type: Workstation
09:11:46.0531 3156 ComputerName: USER
09:11:46.0531 3156 UserName: Owner
09:11:46.0531 3156 Windows directory: C:\WINDOWS
09:11:46.0531 3156 System windows directory: C:\WINDOWS
09:11:46.0531 3156 Processor architecture: Intel x86
09:11:46.0531 3156 Number of processors: 2
09:11:46.0531 3156 Page size: 0x1000
09:11:46.0531 3156 Boot type: Normal boot
09:11:46.0531 3156 ============================================================
09:11:56.0390 3156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:11:56.0406 3156 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:11:56.0406 3156 \Device\Harddisk0\DR0:
09:11:56.0406 3156 MBR used
09:11:56.0406 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:11:56.0406 3156 \Device\Harddisk1\DR1:
09:11:56.0406 3156 MBR used
09:11:56.0406 3156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
09:11:56.0500 3156 Initialize success
09:11:56.0500 3156 ============================================================
09:12:10.0062 2192 ============================================================
09:12:10.0062 2192 Scan started
09:12:10.0062 2192 Mode: Manual; SigCheck; TDLFS;
09:12:10.0062 2192 ============================================================
09:12:10.0671 2192 Abiosdsk - ok
09:12:10.0875 2192 abp480n5 - ok
09:12:11.0156 2192 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:12:16.0015 2192 ACPI - ok
09:12:16.0453 2192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:12:16.0593 2192 ACPIEC - ok
09:12:16.0828 2192 ADIHdAudAddService - ok
09:12:17.0031 2192 adpu160m - ok
09:12:17.0203 2192 aeaudio - ok
09:12:17.0453 2192 AEAudioService - ok
09:12:17.0734 2192 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:12:17.0890 2192 aec - ok
09:12:18.0234 2192 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:12:18.0421 2192 AFD - ok
09:12:18.0625 2192 Aha154x - ok
09:12:18.0812 2192 aic78u2 - ok
09:12:19.0000 2192 aic78xx - ok
09:12:19.0328 2192 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:12:19.0421 2192 Alerter - ok
09:12:19.0687 2192 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:12:19.0890 2192 ALG - ok
09:12:20.0140 2192 AliIde - ok
09:12:20.0515 2192 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:12:20.0593 2192 AmdK8 - ok
09:12:20.0875 2192 amsint - ok
09:12:21.0093 2192 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:12:21.0109 2192 Apple Mobile Device - ok
09:12:21.0296 2192 AppMgmt - ok
09:12:21.0515 2192 AppnApi - ok
09:12:21.0781 2192 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:12:21.0890 2192 Arp1394 - ok
09:12:22.0093 2192 asc - ok
09:12:22.0328 2192 asc3350p - ok
09:12:22.0578 2192 asc3550 - ok
09:12:22.0859 2192 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
09:12:23.0703 2192 AsIO - ok
09:12:24.0031 2192 aslm75 - ok
09:12:24.0406 2192 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:12:24.0515 2192 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
09:12:24.0515 2192 Aspi32 - detected UnsignedFile.Multi.Generic (1)
09:12:24.0828 2192 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:12:24.0906 2192 aspnet_state - ok
09:12:25.0359 2192 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:12:25.0562 2192 AsyncMac - ok
09:12:25.0921 2192 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:12:26.0078 2192 atapi - ok
09:12:26.0343 2192 Atdisk - ok
09:12:26.0609 2192 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:12:26.0734 2192 Atmarpc - ok
09:12:26.0953 2192 ATNT40K - ok
09:12:27.0234 2192 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:12:27.0359 2192 AudioSrv - ok
09:12:27.0640 2192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:12:27.0750 2192 audstub - ok
09:12:27.0953 2192 avgfwsrv - ok
09:12:29.0578 2192 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:12:33.0312 2192 AVGIDSAgent - ok
09:12:33.0781 2192 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:12:33.0859 2192 AVGIDSDriver - ok
09:12:34.0203 2192 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:12:34.0234 2192 AVGIDSEH - ok
09:12:34.0531 2192 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:12:34.0562 2192 AVGIDSFilter - ok
09:12:34.0906 2192 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:12:34.0921 2192 AVGIDSShim - ok
09:12:35.0187 2192 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:12:35.0328 2192 Avgldx86 - ok
09:12:35.0640 2192 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:12:35.0671 2192 Avgmfx86 - ok
09:12:35.0984 2192 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:12:36.0015 2192 Avgrkx86 - ok
09:12:36.0437 2192 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:12:36.0562 2192 Avgtdix - ok
09:12:36.0812 2192 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:12:36.0953 2192 avgwd - ok
09:12:37.0265 2192 b57w2k - ok
09:12:37.0437 2192 backupexecjobengine - ok
09:12:37.0671 2192 backupexecnamingservice - ok
09:12:37.0906 2192 Bcim - ok
09:12:38.0156 2192 bdselfpr - ok
09:12:38.0484 2192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:12:38.0671 2192 Beep - ok
09:12:39.0062 2192 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:12:39.0390 2192 BITS - ok
09:12:39.0578 2192 bocdrive - ok
09:12:39.0812 2192 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
09:12:40.0000 2192 Bonjour Service - ok
09:12:40.0234 2192 bridge - ok
09:12:40.0484 2192 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:12:40.0703 2192 Browser - ok
09:12:40.0953 2192 BrSerIf - ok
09:12:41.0187 2192 bvrp_pci - ok
09:12:41.0203 2192 catchme - ok
09:12:41.0578 2192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:12:41.0781 2192 cbidf2k - ok
09:12:42.0046 2192 cd20xrnt - ok
09:12:42.0390 2192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:12:42.0562 2192 Cdaudio - ok
09:12:42.0890 2192 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:12:43.0093 2192 Cdfs - ok
09:12:43.0359 2192 cdfsvc - ok
09:12:43.0703 2192 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:12:43.0843 2192 Cdrom - ok
09:12:44.0015 2192 Changer - ok
09:12:44.0265 2192 cics.region1 - ok
09:12:44.0515 2192 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:12:44.0625 2192 CiSvc - ok
09:12:44.0843 2192 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:12:44.0968 2192 ClipSrv - ok
09:12:45.0171 2192 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:12:45.0265 2192 clr_optimization_v2.0.50727_32 - ok
09:12:45.0515 2192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:12:45.0640 2192 clr_optimization_v4.0.30319_32 - ok
09:12:45.0921 2192 CmdIde - ok
09:12:46.0093 2192 COMSysApp - ok
09:12:46.0343 2192 Cpqarray - ok
09:12:46.0562 2192 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:12:46.0750 2192 CryptSvc - ok
09:12:46.0937 2192 CTEDSPFX.DLL - ok
09:12:47.0109 2192 ctxhttp - ok
09:12:47.0390 2192 cxpt_service - ok
09:12:47.0671 2192 dac2w2k - ok
09:12:47.0937 2192 dac960nt - ok
09:12:48.0375 2192 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:12:48.0640 2192 DcomLaunch - ok
09:12:48.0953 2192 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:12:49.0171 2192 Dhcp - ok
09:12:49.0453 2192 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:12:49.0546 2192 Disk - ok
09:12:49.0734 2192 dlbx_device - ok
09:12:49.0953 2192 DM9102 - ok
09:12:50.0187 2192 dmadmin - ok
09:12:50.0796 2192 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:12:51.0437 2192 dmboot - ok
09:12:51.0718 2192 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:12:51.0906 2192 dmio - ok
09:12:52.0125 2192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:12:52.0281 2192 dmload - ok
09:12:52.0546 2192 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:12:52.0640 2192 dmserver - ok
09:12:52.0921 2192 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:12:53.0031 2192 DMusic - ok
09:12:53.0265 2192 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:12:53.0468 2192 Dnscache - ok
09:12:53.0750 2192 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:12:53.0875 2192 Dot3svc - ok
09:12:54.0062 2192 downloadmanagerlite - ok
09:12:54.0281 2192 dpti2o - ok
09:12:54.0562 2192 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:12:54.0656 2192 drmkaud - ok
09:12:54.0906 2192 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:12:55.0000 2192 EapHost - ok
09:12:55.0187 2192 emu10k - ok
09:12:55.0406 2192 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:12:55.0531 2192 ERSvc - ok
09:12:55.0781 2192 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:12:55.0859 2192 Eventlog - ok
09:12:56.0156 2192 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:12:56.0250 2192 EventSystem - ok
09:12:56.0609 2192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:12:56.0750 2192 Fastfat - ok
09:12:57.0031 2192 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:12:57.0156 2192 FastUserSwitchingCompatibility - ok
09:12:57.0500 2192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:12:57.0703 2192 Fdc - ok
09:12:57.0937 2192 filemon701 - ok
09:12:58.0171 2192 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:12:58.0281 2192 Fips - ok
09:12:58.0531 2192 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:12:58.0687 2192 Flpydisk - ok
09:12:58.0937 2192 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:12:59.0171 2192 FltMgr - ok
09:12:59.0515 2192 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:12:59.0562 2192 FontCache3.0.0.0 - ok
09:12:59.0921 2192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:13:00.0125 2192 Fs_Rec - ok
09:13:00.0484 2192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:13:00.0703 2192 Ftdisk - ok
09:13:00.0953 2192 GBFSHook - ok
09:13:01.0296 2192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:13:01.0390 2192 GEARAspiWDM - ok
09:13:01.0656 2192 ggsemc - ok
09:13:01.0953 2192 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:13:02.0140 2192 Gpc - ok
09:13:02.0546 2192 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:13:02.0703 2192 gupdate - ok
09:13:02.0765 2192 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:13:02.0796 2192 gupdatem - ok
09:13:02.0968 2192 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:13:03.0062 2192 gusvc - ok
09:13:03.0546 2192 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
09:13:03.0703 2192 HdAudAddService - ok
09:13:04.0078 2192 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:13:04.0312 2192 HDAudBus - ok
09:13:04.0453 2192 helpsvc - ok
09:13:04.0734 2192 HidBth - ok
09:13:05.0046 2192 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:13:05.0203 2192 HidServ - ok
09:13:05.0578 2192 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:13:05.0781 2192 HidUsb - ok
09:13:06.0078 2192 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:13:06.0265 2192 hkmsvc - ok
09:13:06.0578 2192 hpn - ok
09:13:07.0015 2192 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:13:07.0281 2192 HTTP - ok
09:13:07.0546 2192 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:13:07.0671 2192 HTTPFilter - ok
09:13:07.0890 2192 i2omgmt - ok
09:13:08.0140 2192 i2omp - ok
09:13:08.0406 2192 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:13:08.0500 2192 i8042prt - ok
09:13:08.0750 2192 iAimTV5 - ok
09:13:11.0000 2192 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:13:15.0156 2192 ialm - ok
09:13:15.0453 2192 ibmsmbus - ok
09:13:15.0781 2192 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:13:15.0828 2192 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:13:15.0828 2192 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:13:16.0265 2192 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:13:16.0781 2192 idsvc - ok
09:13:17.0093 2192 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:13:17.0203 2192 Imapi - ok
09:13:17.0453 2192 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:13:17.0562 2192 ImapiService - ok
09:13:17.0765 2192 ini910u - ok
09:13:17.0937 2192 IntelIde - ok
09:13:18.0187 2192 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:13:18.0296 2192 intelppm - ok
09:13:18.0500 2192 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:13:18.0609 2192 Ip6Fw - ok
09:13:18.0843 2192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:13:18.0953 2192 IpFilterDriver - ok
09:13:19.0171 2192 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:13:19.0265 2192 IpInIp - ok
09:13:19.0562 2192 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:13:19.0734 2192 IpNat - ok
09:13:20.0109 2192 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
09:13:20.0593 2192 iPod Service - ok
09:13:20.0937 2192 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:13:21.0062 2192 IPSec - ok
09:13:21.0296 2192 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:13:21.0390 2192 IRENUM - ok
09:13:21.0640 2192 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:13:21.0750 2192 isapnp - ok
09:13:21.0937 2192 iviVD - ok
09:13:22.0218 2192 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:13:22.0265 2192 JavaQuickStarterService - ok
09:13:22.0500 2192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:13:22.0609 2192 Kbdclass - ok
09:13:22.0812 2192 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:13:22.0906 2192 kbdhid - ok
09:13:23.0078 2192 klif - ok
09:13:23.0359 2192 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:13:23.0546 2192 kmixer - ok
09:13:23.0781 2192 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:13:23.0906 2192 KSecDD - ok
09:13:24.0140 2192 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
09:13:24.0234 2192 L1e - ok
09:13:24.0500 2192 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:13:24.0671 2192 lanmanserver - ok
09:13:24.0968 2192 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:13:25.0062 2192 lanmanworkstation - ok
09:13:25.0265 2192 Lbd - ok
09:13:25.0453 2192 lbrtfdc - ok
09:13:25.0625 2192 lexbces - ok
09:13:25.0796 2192 lirsgt - ok
09:13:26.0000 2192 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:13:26.0109 2192 LmHosts - ok
09:13:26.0265 2192 lvckap - ok
09:13:26.0437 2192 lyncusbserv - ok
09:13:26.0671 2192 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:13:26.0703 2192 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
09:13:26.0703 2192 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
09:13:26.0875 2192 mcdetect.exe - ok
09:13:27.0031 2192 mcupdmgr.exe - ok
09:13:27.0234 2192 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:13:27.0328 2192 Messenger - ok
09:13:27.0484 2192 mfeavfk - ok
09:13:27.0671 2192 mferkdk - ok
09:13:27.0890 2192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:13:28.0000 2192 mnmdd - ok
09:13:28.0218 2192 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:13:28.0312 2192 mnmsrvc - ok
09:13:28.0546 2192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:13:28.0640 2192 Modem - ok
09:13:29.0234 2192 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
09:13:30.0171 2192 monfilt - ok
09:13:30.0406 2192 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:13:30.0515 2192 Mouclass - ok
09:13:30.0765 2192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:13:30.0875 2192 mouhid - ok
09:13:31.0093 2192 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:13:31.0203 2192 MountMgr - ok
09:13:31.0375 2192 mpservice - ok
09:13:31.0562 2192 mraid35x - ok
09:13:31.0750 2192 MREMP50a64 - ok
09:13:31.0984 2192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:13:32.0140 2192 MRxDAV - ok
09:13:32.0500 2192 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:13:32.0781 2192 MRxSmb - ok
09:13:33.0015 2192 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:13:33.0093 2192 MSDTC - ok
09:13:33.0343 2192 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:13:33.0453 2192 Msfs - ok
09:13:33.0625 2192 MSIServer - ok
09:13:33.0843 2192 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:13:33.0937 2192 MSKSSRV - ok
09:13:34.0140 2192 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:13:34.0234 2192 MSPCLOCK - ok
09:13:34.0500 2192 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:13:34.0609 2192 MSPQM - ok
09:13:34.0859 2192 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:13:34.0937 2192 mssmbios - ok
09:13:35.0156 2192 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:13:35.0203 2192 MTsensor - ok
09:13:35.0468 2192 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:13:35.0593 2192 Mup - ok
09:13:35.0781 2192 mwstick - ok
09:13:35.0953 2192 NAL - ok
09:13:36.0250 2192 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:13:36.0437 2192 napagent - ok
09:13:36.0609 2192 navapel - ok
09:13:36.0984 2192 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:13:37.0390 2192 NBService - ok
09:13:37.0703 2192 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:13:37.0875 2192 NDIS - ok
09:13:38.0109 2192 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:13:38.0234 2192 NdisTapi - ok
09:13:38.0484 2192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:13:38.0593 2192 Ndisuio - ok
09:13:38.0812 2192 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:13:38.0937 2192 NdisWan - ok
09:13:39.0187 2192 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:13:39.0296 2192 NDProxy - ok
09:13:39.0515 2192 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:13:39.0687 2192 NetBIOS - ok
09:13:39.0984 2192 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:13:40.0125 2192 NetBT - ok
09:13:40.0390 2192 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:13:40.0484 2192 NetDDE - ok
09:13:40.0531 2192 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:13:40.0609 2192 NetDDEdsdm - ok
09:13:40.0796 2192 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:40.0906 2192 Netlogon - ok
09:13:41.0140 2192 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:13:41.0234 2192 Netman - ok
09:13:41.0484 2192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:13:41.0531 2192 NetTcpPortSharing - ok
09:13:41.0687 2192 nfmservice - ok
09:13:41.0859 2192 ngdbserv - ok
09:13:42.0125 2192 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:13:42.0234 2192 NIC1394 - ok
09:13:42.0421 2192 NICSer_WPC300N - ok
09:13:42.0687 2192 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:13:42.0718 2192 Nla - ok
09:13:43.0000 2192 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:13:43.0093 2192 NMIndexingService - ok
09:13:43.0265 2192 nmwcdcm - ok
09:13:43.0593 2192 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:13:43.0703 2192 Npfs - ok
09:13:43.0875 2192 NTACCESS - ok
09:13:44.0250 2192 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:13:44.0593 2192 Ntfs - ok
09:13:44.0843 2192 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:44.0984 2192 NtLmSsp - ok
09:13:45.0421 2192 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:13:45.0625 2192 NtmsSvc - ok
09:13:45.0828 2192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:13:45.0937 2192 Null - ok
09:13:47.0171 2192 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:13:49.0921 2192 nv - ok
09:13:50.0265 2192 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:13:50.0343 2192 NVENETFD - ok
09:13:50.0500 2192 NVNET - ok
09:13:50.0734 2192 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:13:50.0781 2192 nvnetbus - ok
09:13:51.0015 2192 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
09:13:51.0031 2192 NVSvc - ok
09:13:51.0265 2192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:13:51.0390 2192 NwlnkFlt - ok
09:13:51.0609 2192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:13:51.0718 2192 NwlnkFwd - ok
09:13:51.0968 2192 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:13:52.0078 2192 ohci1394 - ok
09:13:52.0250 2192 oracleorahomedatagatherer - ok
09:13:52.0421 2192 oracleorahomepagingserver - ok
09:13:52.0578 2192 oraclexeclragent - ok
09:13:52.0750 2192 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:13:52.0781 2192 ose - ok
09:13:53.0000 2192 p2pimsvc - ok
09:13:53.0171 2192 Packet - ok
09:13:53.0343 2192 pae_1394 - ok
09:13:53.0640 2192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:13:53.0750 2192 Parport - ok
09:13:53.0953 2192 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:13:54.0062 2192 PartMgr - ok
09:13:54.0265 2192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:13:54.0375 2192 ParVdm - ok
09:13:54.0546 2192 pav_service - ok
09:13:54.0765 2192 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:13:54.0890 2192 PCI - ok
09:13:55.0062 2192 PciBus - ok
09:13:55.0250 2192 PCIDump - ok
09:13:55.0453 2192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:13:55.0546 2192 PCIIde - ok
09:13:55.0890 2192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:13:56.0062 2192 Pcmcia - ok
09:13:56.0312 2192 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
09:13:56.0359 2192 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
09:13:56.0359 2192 Pcouffin - detected UnsignedFile.Multi.Generic (1)
09:13:56.0593 2192 PDCOMP - ok
09:13:56.0781 2192 PDFRAME - ok
09:13:56.0968 2192 pdiddcci - ok
09:13:57.0171 2192 PDRELI - ok
09:13:57.0359 2192 PDRFRAME - ok
09:13:57.0562 2192 perc2 - ok
09:13:57.0750 2192 perc2hib - ok
09:13:58.0015 2192 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:13:58.0046 2192 PlugPlay - ok
09:13:58.0250 2192 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:58.0343 2192 PolicyAgent - ok
09:13:58.0562 2192 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:13:58.0703 2192 PptpMiniport - ok
09:13:58.0937 2192 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:13:59.0046 2192 Processor - ok
09:13:59.0218 2192 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:13:59.0296 2192 ProtectedStorage - ok
09:13:59.0500 2192 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:13:59.0625 2192 PSched - ok
09:13:59.0812 2192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:13:59.0921 2192 Ptilink - ok
09:14:00.0078 2192 purgeieservice - ok
09:14:00.0343 2192 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:14:00.0421 2192 PxHelp20 - ok
09:14:00.0656 2192 ql1080 - ok
09:14:00.0828 2192 Ql10wnt - ok
09:14:01.0015 2192 ql12160 - ok
09:14:01.0203 2192 ql1240 - ok
09:14:01.0406 2192 ql1280 - ok
09:14:01.0578 2192 ramaint - ok
09:14:01.0796 2192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:14:01.0890 2192 RasAcd - ok
09:14:02.0125 2192 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:14:02.0234 2192 RasAuto - ok
09:14:02.0484 2192 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:14:02.0609 2192 Rasl2tp - ok
09:14:02.0828 2192 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:14:02.0968 2192 RasMan - ok
09:14:03.0187 2192 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:14:03.0296 2192 RasPppoe - ok
09:14:03.0484 2192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:14:03.0593 2192 Raspti - ok
09:14:03.0843 2192 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:14:04.0000 2192 Rdbss - ok
09:14:04.0250 2192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:14:04.0359 2192 RDPCDD - ok
09:14:04.0531 2192 rdpdr - ok
09:14:04.0781 2192 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:14:04.0859 2192 RDPWD - ok
09:14:05.0109 2192 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:14:05.0265 2192 RDSessMgr - ok
09:14:05.0500 2192 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:14:05.0640 2192 redbook - ok
09:14:05.0859 2192 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:14:05.0937 2192 RemoteAccess - ok
09:14:06.0109 2192 rimsptsk - ok
09:14:06.0281 2192 RIOXDRV - ok
09:14:06.0500 2192 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:14:06.0578 2192 RpcLocator - ok
09:14:06.0921 2192 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:14:07.0000 2192 RpcSs - ok
09:14:07.0171 2192 rp_fws - ok
09:14:07.0390 2192 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:14:07.0562 2192 RSVP - ok
09:14:07.0734 2192 s116nd5 - ok
09:14:07.0906 2192 s125mgmt - ok
09:14:08.0109 2192 s616unic - ok
09:14:08.0281 2192 sagefserver - ok
09:14:08.0453 2192 SaiNtBus - ok
09:14:08.0656 2192 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:14:08.0734 2192 SamSs - ok
09:14:08.0750 2192 SANDRA - ok
09:14:08.0906 2192 savrtpel - ok
09:14:09.0156 2192 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:14:09.0265 2192 SCardSvr - ok
09:14:09.0546 2192 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:14:09.0718 2192 Schedule - ok
09:14:09.0906 2192 sdbus - ok
09:14:10.0078 2192 SE26mdfl - ok
09:14:10.0390 2192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:14:10.0593 2192 Secdrv - ok
09:14:10.0796 2192 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:14:10.0937 2192 seclogon - ok
09:14:11.0156 2192 SenFiltService - ok
09:14:11.0375 2192 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:14:11.0531 2192 SENS - ok
09:14:11.0812 2192 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:14:11.0921 2192 serenum - ok
09:14:12.0171 2192 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:14:12.0500 2192 Serial - ok
09:14:12.0890 2192 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:14:13.0000 2192 Sfloppy - ok
09:14:13.0265 2192 SGHIDI - ok
09:14:13.0500 2192 sglogplayer - ok
09:14:13.0828 2192 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:14:14.0000 2192 SharedAccess - ok
09:14:14.0328 2192 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:14:14.0375 2192 ShellHWDetection - ok
09:14:14.0546 2192 si3114r - ok
09:14:14.0750 2192 Simbad - ok
09:14:14.0953 2192 smserial - ok
09:14:15.0187 2192 SNP2UVC - ok
09:14:15.0359 2192 snpstd - ok
09:14:15.0546 2192 Sparrow - ok
09:14:15.0875 2192 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:14:15.0968 2192 splitter - ok
09:14:16.0250 2192 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:14:16.0406 2192 Spooler - ok
09:14:16.0718 2192 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:14:16.0828 2192 sr - ok
09:14:17.0093 2192 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:14:17.0265 2192 srservice - ok
09:14:17.0562 2192 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:14:17.0812 2192 Srv - ok
09:14:18.0109 2192 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:14:18.0171 2192 sscdbus - ok
09:14:18.0484 2192 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:14:18.0500 2192 sscdmdfl - ok
09:14:18.0750 2192 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:14:18.0796 2192 sscdmdm - ok
09:14:19.0031 2192 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:14:19.0140 2192 SSDPSRV - ok
09:14:19.0312 2192 ssfs0509 - ok
09:14:19.0484 2192 sskbfd - ok
09:14:19.0734 2192 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
09:14:19.0750 2192 StarOpen ( UnsignedFile.Multi.Generic ) - warning
09:14:19.0750 2192 StarOpen - detected UnsignedFile.Multi.Generic (1)
09:14:20.0078 2192 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:14:20.0453 2192 stisvc - ok
09:14:20.0703 2192 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:14:20.0812 2192 swenum - ok
09:14:21.0125 2192 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:14:21.0234 2192 swmidi - ok
09:14:21.0531 2192 SwPrv - ok
09:14:21.0734 2192 symc810 - ok
09:14:21.0968 2192 symc8xx - ok
09:14:22.0171 2192 sym_hi - ok
09:14:22.0359 2192 sym_u3 - ok
09:14:22.0625 2192 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:14:22.0734 2192 sysaudio - ok
09:14:23.0031 2192 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:14:23.0140 2192 SysmonLog - ok
09:14:23.0500 2192 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:14:23.0656 2192 TapiSrv - ok
09:14:24.0171 2192 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:14:24.0453 2192 Tcpip - ok
09:14:24.0703 2192 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:14:24.0796 2192 TDPIPE - ok
09:14:25.0015 2192 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:14:25.0156 2192 TDTCP - ok
09:14:25.0390 2192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:14:25.0531 2192 TermDD - ok
09:14:25.0812 2192 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:14:26.0046 2192 TermService - ok
09:14:26.0250 2192 tfsndrct - ok
09:14:26.0546 2192 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:14:26.0546 2192 Themes - ok
09:14:26.0765 2192 tifm21 - ok
09:14:26.0968 2192 TosIde - ok
09:14:27.0171 2192 TPECioCtl - ok
09:14:27.0421 2192 TPPWRIF - ok
09:14:27.0609 2192 traprcvr - ok
09:14:27.0890 2192 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:14:28.0015 2192 TrkWks - ok
09:14:28.0218 2192 TuneUp.Defrag - ok
09:14:28.0546 2192 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:14:28.0671 2192 Udfs - ok
09:14:28.0875 2192 uhcd - ok
09:14:29.0046 2192 ultra - ok
09:14:29.0421 2192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:14:29.0718 2192 Update - ok
09:14:29.0875 2192 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:14:29.0984 2192 uploadmgr - ok
09:14:30.0296 2192 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:14:30.0562 2192 upnphost - ok
09:14:30.0765 2192 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:14:30.0921 2192 UPS - ok
09:14:31.0109 2192 USA49W2KP - ok
09:14:31.0390 2192 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:14:31.0453 2192 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
09:14:31.0453 2192 USBAAPL - detected UnsignedFile.Multi.Generic (1)
09:14:31.0765 2192 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:14:31.0875 2192 usbccgp - ok
09:14:32.0140 2192 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:14:32.0234 2192 usbehci - ok
09:14:32.0578 2192 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:14:32.0734 2192 usbhub - ok
09:14:32.0984 2192 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:14:33.0078 2192 usbohci - ok
09:14:33.0281 2192 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:14:33.0375 2192 usbprint - ok
09:14:33.0734 2192 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:14:33.0859 2192 usbscan - ok
09:14:34.0109 2192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:14:34.0218 2192 USBSTOR - ok
09:14:34.0484 2192 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:14:34.0609 2192 usbuhci - ok
09:14:34.0812 2192 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:14:34.0937 2192 VgaSave - ok
09:14:35.0234 2192 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys
09:14:35.0328 2192 VIAHdAudAddService - ok
09:14:35.0515 2192 ViaIde - ok
09:14:35.0718 2192 videoacceleratorengine - ok
09:14:35.0906 2192 VNUSB - ok
09:14:36.0171 2192 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:14:36.0296 2192 VolSnap - ok
09:14:36.0468 2192 vsbus - ok
09:14:36.0640 2192 vsmon - ok
09:14:36.0906 2192 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:14:37.0078 2192 VSS - ok
09:14:37.0265 2192 vzcdbsvc - ok
09:14:37.0531 2192 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:14:37.0687 2192 W32Time - ok
09:14:37.0937 2192 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:14:38.0078 2192 Wanarp - ok
09:14:38.0234 2192 wap3gx - ok
09:14:38.0421 2192 Wdf01000 - ok
09:14:38.0656 2192 WDICA - ok
09:14:38.0890 2192 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:14:39.0015 2192 wdmaud - ok
09:14:39.0250 2192 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:14:39.0515 2192 WebClient - ok
09:14:39.0750 2192 win32sl - ok
09:14:40.0062 2192 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:14:40.0234 2192 winmgmt - ok
09:14:40.0484 2192 winvnc - ok
09:14:40.0765 2192 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:14:40.0812 2192 WmdmPmSN - ok
09:14:41.0062 2192 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:14:41.0187 2192 WmiApSrv - ok
09:14:41.0703 2192 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:14:42.0359 2192 WMPNetworkSvc - ok
09:14:42.0796 2192 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:14:42.0859 2192 WpdUsb - ok
09:14:43.0406 2192 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:14:43.0906 2192 WPFFontCache_v0400 - ok
09:14:44.0234 2192 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:14:44.0359 2192 WS2IFSL - ok
09:14:44.0640 2192 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:14:44.0781 2192 wscsvc - ok
09:14:44.0984 2192 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:14:45.0156 2192 wuauserv - ok
09:14:45.0500 2192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:14:45.0546 2192 WudfPf - ok
09:14:45.0843 2192 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:14:45.0890 2192 WudfRd - ok
09:14:46.0156 2192 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:14:46.0218 2192 WudfSvc - ok
09:14:46.0687 2192 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:14:47.0093 2192 WZCSVC - ok
09:14:47.0390 2192 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:14:47.0593 2192 xmlprov - ok
09:14:47.0781 2192 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
09:14:47.0812 2192 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:14:48.0156 2192 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:14:48.0156 2192 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:14:48.0171 2192 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:14:48.0437 2192 \Device\Harddisk1\DR1 - ok
09:14:48.0437 2192 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0
09:14:48.0437 2192 \Device\Harddisk0\DR0\Partition0 - ok
09:14:48.0453 2192 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0
09:14:48.0453 2192 \Device\Harddisk1\DR1\Partition0 - ok
09:14:48.0453 2192 ============================================================
09:14:48.0453 2192 Scan finished
09:14:48.0453 2192 ============================================================
09:14:48.0593 2256 Detected object count: 7
09:14:48.0593 2256 Actual detected object count: 7
09:15:50.0625 2256 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0625 2256 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0625 2256 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0625 2256 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0640 2256 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0640 2256 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0640 2256 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0640 2256 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0640 2256 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0640 2256 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0640 2256 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:50.0640 2256 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:50.0640 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:15:50.0640 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:16:42.0984 1492 ============================================================
09:16:42.0984 1492 Scan started
09:16:42.0984 1492 Mode: Manual; SigCheck; TDLFS;
09:16:42.0984 1492 ============================================================
09:16:43.0562 1492 Abiosdsk - ok
09:16:43.0859 1492 abp480n5 - ok
09:16:44.0140 1492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:16:44.0937 1492 ACPI - ok
09:16:45.0265 1492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:16:45.0375 1492 ACPIEC - ok
09:16:45.0562 1492 ADIHdAudAddService - ok
09:16:45.0750 1492 adpu160m - ok
09:16:45.0968 1492 aeaudio - ok
09:16:46.0171 1492 AEAudioService - ok
09:16:46.0468 1492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:16:46.0593 1492 aec - ok
09:16:46.0890 1492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:16:46.0921 1492 AFD - ok
09:16:47.0156 1492 Aha154x - ok
09:16:47.0375 1492 aic78u2 - ok
09:16:47.0546 1492 aic78xx - ok
09:16:47.0796 1492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:16:47.0906 1492 Alerter - ok
09:16:48.0109 1492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:16:48.0218 1492 ALG - ok
09:16:48.0421 1492 AliIde - ok
09:16:48.0687 1492 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:16:48.0718 1492 AmdK8 - ok
09:16:48.0937 1492 amsint - ok
09:16:49.0109 1492 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:16:49.0109 1492 Apple Mobile Device - ok
09:16:49.0281 1492 AppMgmt - ok
09:16:49.0468 1492 AppnApi - ok
09:16:49.0750 1492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:16:49.0843 1492 Arp1394 - ok
09:16:50.0031 1492 asc - ok
09:16:50.0234 1492 asc3350p - ok
09:16:50.0406 1492 asc3550 - ok
09:16:50.0656 1492 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
09:16:50.0671 1492 AsIO - ok
09:16:50.0843 1492 aslm75 - ok
09:16:51.0062 1492 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:16:51.0078 1492 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
09:16:51.0078 1492 Aspi32 - detected UnsignedFile.Multi.Generic (1)
09:16:51.0375 1492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:16:51.0375 1492 aspnet_state - ok
09:16:51.0609 1492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:16:51.0703 1492 AsyncMac - ok
09:16:52.0015 1492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:16:52.0109 1492 atapi - ok
09:16:52.0312 1492 Atdisk - ok
09:16:52.0562 1492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:16:52.0687 1492 Atmarpc - ok
09:16:52.0937 1492 ATNT40K - ok
09:16:53.0234 1492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:16:53.0359 1492 AudioSrv - ok
09:16:53.0640 1492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:16:53.0875 1492 audstub - ok
09:16:54.0031 1492 avgfwsrv - ok
09:16:55.0609 1492 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:16:57.0000 1492 AVGIDSAgent - ok
09:16:57.0375 1492 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:16:57.0390 1492 AVGIDSDriver - ok
09:16:57.0828 1492 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:16:57.0843 1492 AVGIDSEH - ok
09:16:58.0125 1492 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:16:58.0140 1492 AVGIDSFilter - ok
09:16:58.0453 1492 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:16:58.0453 1492 AVGIDSShim - ok
09:16:58.0828 1492 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:16:58.0859 1492 Avgldx86 - ok
09:16:59.0125 1492 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:16:59.0125 1492 Avgmfx86 - ok
09:16:59.0375 1492 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:16:59.0390 1492 Avgrkx86 - ok
09:16:59.0687 1492 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:16:59.0703 1492 Avgtdix - ok
09:16:59.0968 1492 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:16:59.0968 1492 avgwd - ok
09:17:00.0187 1492 b57w2k - ok
09:17:00.0421 1492 backupexecjobengine - ok
09:17:00.0671 1492 backupexecnamingservice - ok
09:17:00.0906 1492 Bcim - ok
09:17:01.0125 1492 bdselfpr - ok
09:17:01.0468 1492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:17:01.0609 1492 Beep - ok
09:17:01.0984 1492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:17:02.0171 1492 BITS - ok
09:17:02.0390 1492 bocdrive - ok
09:17:02.0593 1492 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
09:17:02.0687 1492 Bonjour Service - ok
09:17:02.0906 1492 bridge - ok
09:17:03.0203 1492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:17:03.0328 1492 Browser - ok
09:17:03.0531 1492 BrSerIf - ok
09:17:03.0781 1492 bvrp_pci - ok
09:17:03.0781 1492 catchme - ok
09:17:04.0093 1492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:17:04.0312 1492 cbidf2k - ok
09:17:04.0500 1492 cd20xrnt - ok
09:17:04.0765 1492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:17:04.0859 1492 Cdaudio - ok
09:17:05.0187 1492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:17:05.0328 1492 Cdfs - ok
09:17:05.0562 1492 cdfsvc - ok
09:17:05.0937 1492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:17:06.0093 1492 Cdrom - ok
09:17:06.0359 1492 Changer - ok
09:17:06.0593 1492 cics.region1 - ok
09:17:06.0890 1492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:17:07.0062 1492 CiSvc - ok
09:17:07.0468 1492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:17:07.0640 1492 ClipSrv - ok
09:17:08.0062 1492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:17:08.0078 1492 clr_optimization_v2.0.50727_32 - ok
09:17:08.0312 1492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:17:08.0328 1492 clr_optimization_v4.0.30319_32 - ok
09:17:08.0625 1492 CmdIde - ok
09:17:08.0859 1492 COMSysApp - ok
09:17:09.0125 1492 Cpqarray - ok
09:17:09.0453 1492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:17:09.0609 1492 CryptSvc - ok
09:17:09.0843 1492 CTEDSPFX.DLL - ok
09:17:10.0078 1492 ctxhttp - ok
09:17:10.0343 1492 cxpt_service - ok
09:17:10.0609 1492 dac2w2k - ok
09:17:10.0859 1492 dac960nt - ok
09:17:11.0187 1492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:17:11.0359 1492 DcomLaunch - ok
09:17:11.0656 1492 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:17:11.0750 1492 Dhcp - ok
09:17:11.0984 1492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:17:12.0078 1492 Disk - ok
09:17:12.0265 1492 dlbx_device - ok
09:17:12.0437 1492 DM9102 - ok
09:17:12.0640 1492 dmadmin - ok
09:17:13.0234 1492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:17:13.0562 1492 dmboot - ok
09:17:13.0843 1492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:17:13.0937 1492 dmio - ok
09:17:14.0171 1492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:17:14.0296 1492 dmload - ok
09:17:14.0531 1492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:17:14.0625 1492 dmserver - ok
09:17:14.0875 1492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:17:14.0984 1492 DMusic - ok
09:17:15.0218 1492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:17:15.0250 1492 Dnscache - ok
09:17:15.0500 1492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:17:15.0593 1492 Dot3svc - ok
09:17:15.0765 1492 downloadmanagerlite - ok
09:17:15.0968 1492 dpti2o - ok
09:17:16.0250 1492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:17:16.0359 1492 drmkaud - ok
09:17:16.0578 1492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:17:16.0671 1492 EapHost - ok
09:17:16.0843 1492 emu10k - ok
09:17:17.0062 1492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:17:17.0203 1492 ERSvc - ok
09:17:17.0500 1492 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:17:17.0546 1492 Eventlog - ok
09:17:17.0875 1492 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:17:17.0906 1492 EventSystem - ok
09:17:18.0281 1492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:17:18.0390 1492 Fastfat - ok
09:17:18.0671 1492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:17:18.0687 1492 FastUserSwitchingCompatibility - ok
09:17:18.0937 1492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:17:19.0046 1492 Fdc - ok
09:17:19.0234 1492 filemon701 - ok
09:17:19.0546 1492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:17:19.0640 1492 Fips - ok
09:17:19.0921 1492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:17:20.0015 1492 Flpydisk - ok
09:17:20.0265 1492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:17:20.0390 1492 FltMgr - ok
09:17:20.0593 1492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:17:20.0609 1492 FontCache3.0.0.0 - ok
09:17:20.0921 1492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:17:21.0031 1492 Fs_Rec - ok
09:17:21.0375 1492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:17:21.0468 1492 Ftdisk - ok
09:17:21.0640 1492 GBFSHook - ok
09:17:21.0906 1492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:17:21.0906 1492 GEARAspiWDM - ok
09:17:22.0109 1492 ggsemc - ok
09:17:22.0359 1492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:17:22.0484 1492 Gpc - ok
09:17:22.0765 1492 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:17:22.0781 1492 gupdate - ok
09:17:22.0828 1492 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:17:22.0828 1492 gupdatem - ok
09:17:22.0953 1492 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:17:22.0968 1492 gusvc - ok
09:17:23.0234 1492 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
09:17:23.0281 1492 HdAudAddService - ok
09:17:23.0656 1492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:17:23.0781 1492 HDAudBus - ok
09:17:23.0875 1492 helpsvc - ok
09:17:24.0062 1492 HidBth - ok
09:17:24.0328 1492 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:17:24.0421 1492 HidServ - ok
09:17:24.0718 1492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:17:24.0828 1492 HidUsb - ok
09:17:25.0031 1492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:17:25.0156 1492 hkmsvc - ok
09:17:25.0343 1492 hpn - ok
09:17:25.0656 1492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:17:25.0687 1492 HTTP - ok
09:17:25.0906 1492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:17:26.0015 1492 HTTPFilter - ok
09:17:26.0218 1492 i2omgmt - ok
09:17:26.0546 1492 i2omp - ok
09:17:26.0828 1492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:17:26.0921 1492 i8042prt - ok
09:17:27.0109 1492 iAimTV5 - ok
09:17:29.0437 1492 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:17:31.0296 1492 ialm - ok
09:17:31.0562 1492 ibmsmbus - ok
09:17:31.0843 1492 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:17:31.0875 1492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:17:31.0875 1492 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:17:32.0437 1492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:17:32.0875 1492 idsvc - ok
09:17:33.0156 1492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:17:33.0296 1492 Imapi - ok
09:17:33.0640 1492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:17:33.0781 1492 ImapiService - ok
09:17:34.0062 1492 ini910u - ok
09:17:34.0281 1492 IntelIde - ok
09:17:34.0531 1492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:17:34.0609 1492 intelppm - ok
09:17:34.0906 1492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:17:35.0046 1492 Ip6Fw - ok
09:17:35.0296 1492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:17:35.0468 1492 IpFilterDriver - ok
09:17:35.0703 1492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:17:35.0859 1492 IpInIp - ok
09:17:36.0140 1492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:17:36.0312 1492 IpNat - ok
09:17:36.0734 1492 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
09:17:36.0968 1492 iPod Service - ok
09:17:37.0312 1492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:17:37.0453 1492 IPSec - ok
09:17:37.0671 1492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:17:37.0765 1492 IRENUM - ok
09:17:38.0078 1492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:17:38.0187 1492 isapnp - ok
09:17:38.0375 1492 iviVD - ok
09:17:38.0703 1492 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:17:38.0718 1492 JavaQuickStarterService - ok
09:17:38.0968 1492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:17:39.0109 1492 Kbdclass - ok
09:17:39.0359 1492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:17:39.0437 1492 kbdhid - ok
09:17:39.0671 1492 klif - ok
09:17:40.0062 1492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:17:40.0171 1492 kmixer - ok
09:17:40.0484 1492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:17:40.0531 1492 KSecDD - ok
09:17:40.0859 1492 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
09:17:40.0875 1492 L1e - ok
09:17:41.0156 1492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:17:41.0187 1492 lanmanserver - ok
09:17:41.0453 1492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:17:41.0484 1492 lanmanworkstation - ok
09:17:41.0718 1492 Lbd - ok
09:17:41.0937 1492 lbrtfdc - ok
09:17:42.0171 1492 lexbces - ok
09:17:42.0359 1492 lirsgt - ok
09:17:42.0703 1492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:17:42.0843 1492 LmHosts - ok
09:17:43.0015 1492 lvckap - ok
09:17:43.0250 1492 lyncusbserv - ok
09:17:43.0531 1492 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:17:43.0546 1492 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
09:17:43.0546 1492 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
09:17:43.0750 1492 mcdetect.exe - ok
09:17:43.0984 1492 mcupdmgr.exe - ok
09:17:44.0234 1492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:17:44.0312 1492 Messenger - ok
09:17:44.0562 1492 mfeavfk - ok
09:17:44.0812 1492 mferkdk - ok
09:17:45.0031 1492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:17:45.0203 1492 mnmdd - ok
09:17:45.0421 1492 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:17:45.0593 1492 mnmsrvc - ok
09:17:45.0875 1492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:17:45.0968 1492 Modem - ok
09:17:46.0718 1492 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
09:17:47.0171 1492 monfilt - ok
09:17:47.0437 1492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:17:47.0562 1492 Mouclass - ok
09:17:47.0796 1492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:17:47.0921 1492 mouhid - ok
09:17:48.0156 1492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:17:48.0250 1492 MountMgr - ok
09:17:48.0437 1492 mpservice - ok
09:17:48.0625 1492 mraid35x - ok
09:17:48.0812 1492 MREMP50a64 - ok
09:17:49.0062 1492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:17:49.0171 1492 MRxDAV - ok
09:17:49.0515 1492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:17:49.0703 1492 MRxSmb - ok
09:17:49.0921 1492 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:17:50.0015 1492 MSDTC - ok
09:17:50.0281 1492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:17:50.0406 1492 Msfs - ok
09:17:50.0593 1492 MSIServer - ok
09:17:50.0812 1492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:17:50.0890 1492 MSKSSRV - ok
09:17:51.0140 1492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:17:51.0234 1492 MSPCLOCK - ok
09:17:51.0500 1492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:17:51.0609 1492 MSPQM - ok
09:17:51.0828 1492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:17:51.0921 1492 mssmbios - ok
09:17:52.0171 1492 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:17:52.0187 1492 MTsensor - ok
09:17:52.0468 1492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:17:52.0515 1492 Mup - ok
09:17:52.0812 1492 mwstick - ok
09:17:52.0968 1492 NAL - ok
09:17:53.0296 1492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:17:53.0406 1492 napagent - ok
09:17:53.0593 1492 navapel - ok
09:17:54.0031 1492 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:17:54.0187 1492 NBService - ok
09:17:54.0546 1492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:17:54.0671 1492 NDIS - ok
09:17:54.0906 1492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:17:54.0937 1492 NdisTapi - ok
09:17:55.0171 1492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:17:55.0296 1492 Ndisuio - ok
09:17:55.0562 1492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:17:55.0687 1492 NdisWan - ok
09:17:55.0968 1492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:17:56.0015 1492 NDProxy - ok
09:17:56.0218 1492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:17:56.0343 1492 NetBIOS - ok
09:17:56.0671 1492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:17:56.0796 1492 NetBT - ok
09:17:57.0046 1492 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:17:57.0125 1492 NetDDE - ok
09:17:57.0156 1492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:17:57.0265 1492 NetDDEdsdm - ok
09:17:57.0484 1492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:17:57.0656 1492 Netlogon - ok
09:17:58.0031 1492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:17:58.0187 1492 Netman - ok
09:17:58.0500 1492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:17:58.0515 1492 NetTcpPortSharing - ok
09:17:58.0718 1492 nfmservice - ok
09:17:58.0968 1492 ngdbserv - ok
09:17:59.0281 1492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:17:59.0437 1492 NIC1394 - ok
09:17:59.0625 1492 NICSer_WPC300N - ok
09:17:59.0953 1492 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:17:59.0968 1492 Nla - ok
09:18:00.0921 1492 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:18:00.0937 1492 NMIndexingService - ok
09:18:01.0703 1492 nmwcdcm - ok
09:18:02.0078 1492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:18:02.0234 1492 Npfs - ok
09:18:02.0421 1492 NTACCESS - ok
09:18:02.0875 1492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:18:03.0093 1492 Ntfs - ok
09:18:03.0406 1492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:18:03.0546 1492 NtLmSsp - ok
09:18:03.0937 1492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:18:04.0156 1492 NtmsSvc - ok
09:18:04.0421 1492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:18:04.0562 1492 Null - ok
09:18:06.0281 1492 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:18:08.0000 1492 nv - ok
09:18:08.0484 1492 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:18:08.0500 1492 NVENETFD - ok
09:18:08.0718 1492 NVNET - ok
09:18:09.0078 1492 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:18:09.0093 1492 nvnetbus - ok
09:18:09.0375 1492 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
09:18:09.0406 1492 NVSvc - ok
09:18:09.0765 1492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:18:09.0875 1492 NwlnkFlt - ok
09:18:10.0187 1492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:18:10.0328 1492 NwlnkFwd - ok
09:18:10.0625 1492 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:18:10.0750 1492 ohci1394 - ok
09:18:11.0062 1492 oracleorahomedatagatherer - ok
09:18:11.0281 1492 oracleorahomepagingserver - ok
09:18:11.0500 1492 oraclexeclragent - ok
09:18:11.0734 1492 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:11.0734 1492 ose - ok
09:18:11.0984 1492 p2pimsvc - ok
09:18:12.0218 1492 Packet - ok
09:18:12.0406 1492 pae_1394 - ok
09:18:12.0828 1492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:18:12.0953 1492 Parport - ok
09:18:13.0296 1492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:18:13.0437 1492 PartMgr - ok
09:18:13.0765 1492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:18:13.0875 1492 ParVdm - ok
09:18:14.0046 1492 pav_service - ok
09:18:14.0390 1492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:18:14.0500 1492 PCI - ok
09:18:14.0703 1492 PciBus - ok
09:18:14.0937 1492 PCIDump - ok
09:18:15.0171 1492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:18:15.0265 1492 PCIIde - ok
09:18:15.0546 1492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:18:15.0656 1492 Pcmcia - ok
09:18:15.0921 1492 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
09:18:15.0921 1492 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
09:18:15.0921 1492 Pcouffin - detected UnsignedFile.Multi.Generic (1)
09:18:16.0109 1492 PDCOMP - ok
09:18:16.0390 1492 PDFRAME - ok
09:18:16.0640 1492 pdiddcci - ok
09:18:16.0843 1492 PDRELI - ok
09:18:17.0046 1492 PDRFRAME - ok
09:18:17.0218 1492 perc2 - ok
09:18:17.0500 1492 perc2hib - ok
09:18:17.0796 1492 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:18:17.0812 1492 PlugPlay - ok
09:18:18.0125 1492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:18:18.0250 1492 PolicyAgent - ok
09:18:18.0515 1492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:18:18.0609 1492 PptpMiniport - ok
09:18:18.0890 1492 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:18:19.0062 1492 Processor - ok
09:18:19.0343 1492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:18:19.0437 1492 ProtectedStorage - ok
09:18:19.0750 1492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:18:19.0859 1492 PSched - ok
09:18:20.0062 1492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:18:20.0187 1492 Ptilink - ok
09:18:20.0343 1492 purgeieservice - ok
09:18:20.0609 1492 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:18:20.0609 1492 PxHelp20 - ok
09:18:20.0812 1492 ql1080 - ok
09:18:21.0062 1492 Ql10wnt - ok
09:18:21.0328 1492 ql12160 - ok
09:18:21.0609 1492 ql1240 - ok
09:18:21.0796 1492 ql1280 - ok
09:18:22.0093 1492 ramaint - ok
09:18:22.0343 1492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:18:22.0437 1492 RasAcd - ok
09:18:22.0656 1492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:18:22.0828 1492 RasAuto - ok
09:18:23.0125 1492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:18:23.0218 1492 Rasl2tp - ok
09:18:23.0546 1492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:18:23.0671 1492 RasMan - ok
09:18:23.0875 1492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:18:24.0000 1492 RasPppoe - ok
09:18:24.0281 1492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:18:24.0468 1492 Raspti - ok
09:18:24.0875 1492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:18:24.0984 1492 Rdbss - ok
09:18:25.0218 1492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:18:25.0296 1492 RDPCDD - ok
09:18:25.0515 1492 rdpdr - ok
09:18:25.0781 1492 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:18:25.0812 1492 RDPWD - ok
09:18:26.0078 1492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:18:26.0171 1492 RDSessMgr - ok
09:18:26.0484 1492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:18:26.0578 1492 redbook - ok
09:18:26.0812 1492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:18:26.0906 1492 RemoteAccess - ok
09:18:27.0109 1492 rimsptsk - ok
09:18:27.0281 1492 RIOXDRV - ok
09:18:27.0515 1492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:18:27.0609 1492 RpcLocator - ok
09:18:28.0062 1492 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:18:28.0156 1492 RpcSs - ok
09:18:28.0328 1492 rp_fws - ok
09:18:28.0593 1492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:18:28.0687 1492 RSVP - ok
09:18:28.0875 1492 s116nd5 - ok
09:18:29.0062 1492 s125mgmt - ok
09:18:29.0234 1492 s616unic - ok
09:18:29.0421 1492 sagefserver - ok
09:18:29.0640 1492 SaiNtBus - ok
09:18:29.0859 1492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:18:29.0953 1492 SamSs - ok
09:18:29.0953 1492 SANDRA - ok
09:18:30.0140 1492 savrtpel - ok
09:18:30.0390 1492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:18:30.0531 1492 SCardSvr - ok
09:18:30.0796 1492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:18:30.0921 1492 Schedule - ok
09:18:31.0109 1492 sdbus - ok
09:18:31.0312 1492 SE26mdfl - ok
09:18:31.0640 1492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:18:31.0750 1492 Secdrv - ok
09:18:32.0015 1492 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:18:32.0109 1492 seclogon - ok
09:18:32.0406 1492 SenFiltService - ok
09:18:32.0718 1492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:18:32.0843 1492 SENS - ok
09:18:33.0187 1492 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:18:33.0343 1492 serenum - ok
09:18:33.0562 1492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:18:33.0703 1492 Serial - ok
09:18:34.0015 1492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:18:34.0109 1492 Sfloppy - ok
09:18:34.0343 1492 SGHIDI - ok
09:18:34.0531 1492 sglogplayer - ok
09:18:34.0875 1492 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:18:35.0078 1492 SharedAccess - ok
09:18:35.0453 1492 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:18:35.0468 1492 ShellHWDetection - ok
09:18:35.0796 1492 si3114r - ok
09:18:36.0078 1492 Simbad - ok
09:18:36.0250 1492 smserial - ok
09:18:36.0531 1492 SNP2UVC - ok
09:18:36.0765 1492 snpstd - ok
09:18:37.0031 1492 Sparrow - ok
09:18:37.0343 1492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:18:37.0437 1492 splitter - ok
09:18:37.0781 1492 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:18:37.0812 1492 Spooler - ok
09:18:38.0062 1492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:18:38.0171 1492 sr - ok
09:18:38.0546 1492 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:18:38.0671 1492 srservice - ok
09:18:39.0109 1492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:18:39.0218 1492 Srv - ok
09:18:39.0484 1492 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:18:39.0500 1492 sscdbus - ok
09:18:39.0734 1492 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:18:39.0750 1492 sscdmdfl - ok
09:18:40.0046 1492 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:18:40.0062 1492 sscdmdm - ok
09:18:40.0328 1492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:18:40.0437 1492 SSDPSRV - ok
09:18:40.0609 1492 ssfs0509 - ok
09:18:40.0859 1492 sskbfd - ok
09:18:41.0140 1492 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
09:18:41.0156 1492 StarOpen ( UnsignedFile.Multi.Generic ) - warning
09:18:41.0156 1492 StarOpen - detected UnsignedFile.Multi.Generic (1)
09:18:41.0718 1492 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:18:41.0921 1492 stisvc - ok
09:18:42.0218 1492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:18:42.0359 1492 swenum - ok
09:18:42.0593 1492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:18:42.0765 1492 swmidi - ok
09:18:42.0984 1492 SwPrv - ok
09:18:43.0203 1492 symc810 - ok
09:18:43.0562 1492 symc8xx - ok
09:18:43.0765 1492 sym_hi - ok
09:18:44.0000 1492 sym_u3 - ok
09:18:44.0296 1492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:18:44.0421 1492 sysaudio - ok
09:18:44.0750 1492 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:18:44.0906 1492 SysmonLog - ok
09:18:45.0234 1492 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:18:45.0406 1492 TapiSrv - ok
09:18:45.0796 1492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:18:45.0984 1492 Tcpip - ok
09:18:46.0328 1492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:18:46.0500 1492 TDPIPE - ok
09:18:46.0750 1492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:18:46.0890 1492 TDTCP - ok
09:18:47.0156 1492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:18:47.0343 1492 TermDD - ok
09:18:47.0656 1492 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:18:47.0750 1492 TermService - ok
09:18:47.0984 1492 tfsndrct - ok
09:18:48.0312 1492 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:18:48.0312 1492 Themes - ok
09:18:48.0500 1492 tifm21 - ok
09:18:48.0703 1492 TosIde - ok
09:18:48.0921 1492 TPECioCtl - ok
09:18:49.0093 1492 TPPWRIF - ok
09:18:49.0328 1492 traprcvr - ok
09:18:49.0656 1492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:18:49.0828 1492 TrkWks - ok
09:18:50.0015 1492 TuneUp.Defrag - ok
09:18:50.0343 1492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:18:50.0515 1492 Udfs - ok
09:18:50.0718 1492 uhcd - ok
09:18:50.0906 1492 ultra - ok
09:18:51.0281 1492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:18:51.0578 1492 Update - ok
09:18:51.0781 1492 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:18:51.0875 1492 uploadmgr - ok
09:18:52.0203 1492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:18:52.0343 1492 upnphost - ok
09:18:52.0562 1492 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:18:52.0671 1492 UPS - ok
09:18:52.0890 1492 USA49W2KP - ok
09:18:53.0234 1492 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:18:53.0234 1492 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
09:18:53.0234 1492 USBAAPL - detected UnsignedFile.Multi.Generic (1)
09:18:53.0484 1492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:18:53.0593 1492 usbccgp - ok
09:18:53.0875 1492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:18:54.0015 1492 usbehci - ok
09:18:54.0296 1492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:18:54.0468 1492 usbhub - ok
09:18:54.0812 1492 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:18:54.0968 1492 usbohci - ok
09:18:55.0343 1492 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:18:55.0484 1492 usbprint - ok
09:18:55.0812 1492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:18:55.0953 1492 usbscan - ok
09:18:56.0171 1492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:18:56.0265 1492 USBSTOR - ok
09:18:56.0546 1492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:18:56.0640 1492 usbuhci - ok
09:18:56.0843 1492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:18:56.0953 1492 VgaSave - ok
09:18:57.0312 1492 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys
09:18:57.0375 1492 VIAHdAudAddService - ok
09:18:57.0656 1492 ViaIde - ok
09:18:57.0953 1492 videoacceleratorengine - ok
09:18:58.0187 1492 VNUSB - ok
09:18:58.0500 1492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:18:58.0656 1492 VolSnap - ok
09:18:58.0890 1492 vsbus - ok
09:18:59.0125 1492 vsmon - ok
09:18:59.0546 1492 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:18:59.0734 1492 VSS - ok
09:18:59.0937 1492 vzcdbsvc - ok
09:19:00.0265 1492 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:19:00.0468 1492 W32Time - ok
09:19:00.0781 1492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:19:00.0937 1492 Wanarp - ok
09:19:01.0187 1492 wap3gx - ok
09:19:01.0406 1492 Wdf01000 - ok
09:19:01.0671 1492 WDICA - ok
09:19:01.0968 1492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:19:02.0062 1492 wdmaud - ok
09:19:02.0296 1492 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:19:02.0437 1492 WebClient - ok
09:19:02.0609 1492 win32sl - ok
09:19:02.0921 1492 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:19:03.0000 1492 winmgmt - ok
09:19:03.0250 1492 winvnc - ok
09:19:03.0531 1492 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:19:03.0546 1492 WmdmPmSN - ok
09:19:03.0843 1492 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:19:03.0937 1492 WmiApSrv - ok
09:19:04.0468 1492 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:19:04.0859 1492 WMPNetworkSvc - ok
09:19:05.0203 1492 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:19:05.0250 1492 WpdUsb - ok
09:19:05.0796 1492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:19:05.0984 1492 WPFFontCache_v0400 - ok
09:19:06.0281 1492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:19:06.0390 1492 WS2IFSL - ok
09:19:06.0671 1492 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:19:06.0781 1492 wscsvc - ok
09:19:07.0000 1492 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:19:07.0093 1492 wuauserv - ok
09:19:07.0359 1492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:19:07.0375 1492 WudfPf - ok
09:19:07.0640 1492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:19:07.0640 1492 WudfRd - ok
09:19:07.0984 1492 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:19:08.0000 1492 WudfSvc - ok
09:19:08.0406 1492 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:19:08.0593 1492 WZCSVC - ok
09:19:08.0843 1492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:19:08.0937 1492 xmlprov - ok
09:19:09.0156 1492 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
09:19:09.0218 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:19:09.0625 1492 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:19:09.0625 1492 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:19:09.0640 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:19:09.0921 1492 \Device\Harddisk1\DR1 - ok
09:19:09.0937 1492 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0
09:19:09.0937 1492 \Device\Harddisk0\DR0\Partition0 - ok
09:19:09.0937 1492 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0
09:19:09.0937 1492 \Device\Harddisk1\DR1\Partition0 - ok
09:19:09.0937 1492 ============================================================
09:19:09.0937 1492 Scan finished
09:19:09.0937 1492 ============================================================
09:19:09.0953 3308 Detected object count: 7
09:19:09.0953 3308 Actual detected object count: 7
09:22:53.0171 3308 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0171 3308 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0171 3308 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0171 3308 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0171 3308 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0171 3308 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:53.0171 3308 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:02.0875 2904 Deinitialize success

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 06:45 PM

09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run it one more time and Cure / delete / quarantine that one.

Then run a new Combofix scan
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 07:55 PM

Ran new TDSS & ComboFix. Results below. Thanks.

...........................
09:47:10.0875 0172 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
09:47:12.0875 0172 ============================================================
09:47:12.0875 0172 Current date / time: 2012/03/24 09:47:12.0875
09:47:12.0875 0172 SystemInfo:
09:47:12.0875 0172
09:47:12.0875 0172 OS Version: 5.1.2600 ServicePack: 3.0
09:47:12.0875 0172 Product type: Workstation
09:47:12.0875 0172 ComputerName: USER
09:47:13.0125 0172 UserName: Owner
09:47:13.0125 0172 Windows directory: C:\WINDOWS
09:47:13.0125 0172 System windows directory: C:\WINDOWS
09:47:13.0125 0172 Processor architecture: Intel x86
09:47:13.0125 0172 Number of processors: 2
09:47:13.0125 0172 Page size: 0x1000
09:47:13.0125 0172 Boot type: Normal boot
09:47:13.0125 0172 ============================================================
09:47:23.0015 0172 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:47:23.0031 0172 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:47:23.0156 0172 \Device\Harddisk0\DR0:
09:47:23.0171 0172 MBR used
09:47:23.0171 0172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:47:23.0171 0172 \Device\Harddisk1\DR1:
09:47:23.0171 0172 MBR used
09:47:23.0171 0172 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
09:47:23.0359 0172 Initialize success
09:47:23.0359 0172 ============================================================
09:47:34.0890 2872 ============================================================
09:47:34.0890 2872 Scan started
09:47:34.0890 2872 Mode: Manual; SigCheck; TDLFS;
09:47:34.0890 2872 ============================================================
09:47:36.0281 2872 Abiosdsk - ok
09:47:36.0546 2872 abp480n5 - ok
09:47:37.0046 2872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:47:47.0234 2872 ACPI - ok
09:47:47.0625 2872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:47:47.0781 2872 ACPIEC - ok
09:47:47.0968 2872 ADIHdAudAddService - ok
09:47:48.0156 2872 adpu160m - ok
09:47:48.0328 2872 aeaudio - ok
09:47:48.0531 2872 AEAudioService - ok
09:47:48.0796 2872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:47:49.0046 2872 aec - ok
09:47:49.0343 2872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:47:49.0593 2872 AFD - ok
09:47:49.0812 2872 Aha154x - ok
09:47:50.0015 2872 aic78u2 - ok
09:47:50.0187 2872 aic78xx - ok
09:47:50.0453 2872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:47:50.0593 2872 Alerter - ok
09:47:50.0843 2872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:47:51.0046 2872 ALG - ok
09:47:51.0312 2872 AliIde - ok
09:47:51.0703 2872 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:47:51.0765 2872 AmdK8 - ok
09:47:51.0968 2872 amsint - ok
09:47:52.0187 2872 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:47:52.0312 2872 Apple Mobile Device - ok
09:47:52.0562 2872 AppMgmt - ok
09:47:52.0734 2872 AppnApi - ok
09:47:53.0015 2872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:47:53.0125 2872 Arp1394 - ok
09:47:53.0406 2872 asc - ok
09:47:53.0578 2872 asc3350p - ok
09:47:53.0796 2872 asc3550 - ok
09:47:54.0078 2872 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
09:47:54.0390 2872 AsIO - ok
09:47:54.0656 2872 aslm75 - ok
09:47:54.0968 2872 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:47:55.0046 2872 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
09:47:55.0046 2872 Aspi32 - detected UnsignedFile.Multi.Generic (1)
09:47:55.0421 2872 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:47:55.0484 2872 aspnet_state - ok
09:47:55.0890 2872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:47:56.0031 2872 AsyncMac - ok
09:47:56.0437 2872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:47:56.0562 2872 atapi - ok
09:47:56.0859 2872 Atdisk - ok
09:47:57.0140 2872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:47:57.0281 2872 Atmarpc - ok
09:47:57.0484 2872 ATNT40K - ok
09:47:57.0781 2872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:47:57.0921 2872 AudioSrv - ok
09:47:58.0296 2872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:47:58.0453 2872 audstub - ok
09:47:58.0796 2872 avgfwsrv - ok
09:48:00.0765 2872 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:48:03.0718 2872 AVGIDSAgent - ok
09:48:04.0109 2872 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:48:04.0187 2872 AVGIDSDriver - ok
09:48:04.0437 2872 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:48:04.0453 2872 AVGIDSEH - ok
09:48:04.0765 2872 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:48:04.0781 2872 AVGIDSFilter - ok
09:48:05.0062 2872 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:48:05.0093 2872 AVGIDSShim - ok
09:48:05.0390 2872 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:48:05.0468 2872 Avgldx86 - ok
09:48:05.0812 2872 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:48:05.0843 2872 Avgmfx86 - ok
09:48:06.0109 2872 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:48:06.0125 2872 Avgrkx86 - ok
09:48:06.0421 2872 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:48:06.0515 2872 Avgtdix - ok
09:48:06.0796 2872 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:48:06.0859 2872 avgwd - ok
09:48:07.0109 2872 b57w2k - ok
09:48:07.0296 2872 backupexecjobengine - ok
09:48:07.0468 2872 backupexecnamingservice - ok
09:48:07.0656 2872 Bcim - ok
09:48:07.0828 2872 bdselfpr - ok
09:48:08.0109 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:48:08.0250 2872 Beep - ok
09:48:08.0640 2872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:48:09.0000 2872 BITS - ok
09:48:09.0171 2872 bocdrive - ok
09:48:09.0453 2872 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
09:48:09.0625 2872 Bonjour Service - ok
09:48:09.0843 2872 bridge - ok
09:48:10.0078 2872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:48:10.0218 2872 Browser - ok
09:48:10.0390 2872 BrSerIf - ok
09:48:10.0562 2872 bvrp_pci - ok
09:48:10.0578 2872 catchme - ok
09:48:10.0843 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:48:11.0000 2872 cbidf2k - ok
09:48:11.0265 2872 cd20xrnt - ok
09:48:11.0546 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:48:11.0718 2872 Cdaudio - ok
09:48:12.0093 2872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:48:12.0203 2872 Cdfs - ok
09:48:12.0406 2872 cdfsvc - ok
09:48:12.0765 2872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:48:12.0937 2872 Cdrom - ok
09:48:13.0218 2872 Changer - ok
09:48:13.0406 2872 cics.region1 - ok
09:48:13.0640 2872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:48:13.0796 2872 CiSvc - ok
09:48:14.0109 2872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:48:14.0265 2872 ClipSrv - ok
09:48:14.0484 2872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:48:14.0578 2872 clr_optimization_v2.0.50727_32 - ok
09:48:14.0765 2872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:14.0890 2872 clr_optimization_v4.0.30319_32 - ok
09:48:15.0125 2872 CmdIde - ok
09:48:15.0343 2872 COMSysApp - ok
09:48:15.0703 2872 Cpqarray - ok
09:48:16.0156 2872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:48:16.0359 2872 CryptSvc - ok
09:48:16.0687 2872 CTEDSPFX.DLL - ok
09:48:16.0890 2872 ctxhttp - ok
09:48:17.0078 2872 cxpt_service - ok
09:48:17.0359 2872 dac2w2k - ok
09:48:17.0562 2872 dac960nt - ok
09:48:17.0890 2872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:48:18.0156 2872 DcomLaunch - ok
09:48:18.0500 2872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:48:18.0765 2872 Dhcp - ok
09:48:19.0156 2872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:48:19.0343 2872 Disk - ok
09:48:19.0515 2872 dlbx_device - ok
09:48:19.0750 2872 DM9102 - ok
09:48:19.0953 2872 dmadmin - ok
09:48:20.0546 2872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:48:21.0343 2872 dmboot - ok
09:48:21.0812 2872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:48:21.0968 2872 dmio - ok
09:48:22.0250 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:48:22.0359 2872 dmload - ok
09:48:22.0625 2872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:48:22.0750 2872 dmserver - ok
09:48:23.0000 2872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:48:23.0125 2872 DMusic - ok
09:48:23.0375 2872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:48:23.0453 2872 Dnscache - ok
09:48:23.0828 2872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:48:23.0968 2872 Dot3svc - ok
09:48:24.0156 2872 downloadmanagerlite - ok
09:48:24.0421 2872 dpti2o - ok
09:48:24.0718 2872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:48:24.0828 2872 drmkaud - ok
09:48:25.0031 2872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:48:25.0140 2872 EapHost - ok
09:48:25.0312 2872 emu10k - ok
09:48:25.0546 2872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:48:25.0656 2872 ERSvc - ok
09:48:25.0890 2872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:48:25.0984 2872 Eventlog - ok
09:48:26.0296 2872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:48:26.0468 2872 EventSystem - ok
09:48:26.0828 2872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:48:27.0031 2872 Fastfat - ok
09:48:27.0281 2872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:48:27.0375 2872 FastUserSwitchingCompatibility - ok
09:48:27.0656 2872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:48:27.0796 2872 Fdc - ok
09:48:27.0953 2872 filemon701 - ok
09:48:28.0203 2872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:48:28.0375 2872 Fips - ok
09:48:28.0593 2872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:48:28.0734 2872 Flpydisk - ok
09:48:29.0015 2872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:48:29.0171 2872 FltMgr - ok
09:48:29.0421 2872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:48:29.0468 2872 FontCache3.0.0.0 - ok
09:48:29.0703 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:48:29.0812 2872 Fs_Rec - ok
09:48:30.0093 2872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:48:30.0218 2872 Ftdisk - ok
09:48:30.0421 2872 GBFSHook - ok
09:48:30.0703 2872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:48:30.0750 2872 GEARAspiWDM - ok
09:48:31.0015 2872 ggsemc - ok
09:48:31.0328 2872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:48:31.0437 2872 Gpc - ok
09:48:31.0734 2872 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:48:31.0765 2872 gupdate - ok
09:48:31.0828 2872 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:48:31.0859 2872 gupdatem - ok
09:48:31.0968 2872 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:48:32.0015 2872 gusvc - ok
09:48:32.0390 2872 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
09:48:32.0484 2872 HdAudAddService - ok
09:48:32.0781 2872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:48:32.0921 2872 HDAudBus - ok
09:48:33.0000 2872 helpsvc - ok
09:48:33.0187 2872 HidBth - ok
09:48:33.0484 2872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:48:33.0625 2872 HidServ - ok
09:48:33.0906 2872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:48:34.0000 2872 HidUsb - ok
09:48:34.0218 2872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:48:34.0375 2872 hkmsvc - ok
09:48:34.0593 2872 hpn - ok
09:48:34.0921 2872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:48:35.0140 2872 HTTP - ok
09:48:35.0375 2872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:48:35.0484 2872 HTTPFilter - ok
09:48:35.0734 2872 i2omgmt - ok
09:48:36.0000 2872 i2omp - ok
09:48:36.0265 2872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:48:36.0375 2872 i8042prt - ok
09:48:36.0562 2872 iAimTV5 - ok
09:48:38.0687 2872 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:48:42.0703 2872 ialm - ok
09:48:42.0984 2872 ibmsmbus - ok
09:48:43.0218 2872 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:48:43.0296 2872 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:48:43.0296 2872 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:48:43.0859 2872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:48:44.0453 2872 idsvc - ok
09:48:44.0828 2872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:48:44.0937 2872 Imapi - ok
09:48:45.0187 2872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:48:45.0312 2872 ImapiService - ok
09:48:45.0484 2872 ini910u - ok
09:48:45.0687 2872 IntelIde - ok
09:48:45.0906 2872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:48:46.0000 2872 intelppm - ok
09:48:46.0203 2872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:48:46.0312 2872 Ip6Fw - ok
09:48:46.0531 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:48:46.0671 2872 IpFilterDriver - ok
09:48:46.0875 2872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:48:46.0968 2872 IpInIp - ok
09:48:47.0203 2872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:48:47.0375 2872 IpNat - ok
09:48:47.0734 2872 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
09:48:47.0921 2872 iPod Service - ok
09:48:48.0250 2872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:48:48.0375 2872 IPSec - ok
09:48:48.0578 2872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:48:48.0687 2872 IRENUM - ok
09:48:48.0906 2872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:48:49.0046 2872 isapnp - ok
09:48:49.0218 2872 iviVD - ok
09:48:49.0515 2872 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:48:49.0609 2872 JavaQuickStarterService - ok
09:48:49.0875 2872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:48:49.0968 2872 Kbdclass - ok
09:48:50.0187 2872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:48:50.0265 2872 kbdhid - ok
09:48:50.0421 2872 klif - ok
09:48:50.0687 2872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:48:50.0828 2872 kmixer - ok
09:48:51.0078 2872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:48:51.0250 2872 KSecDD - ok
09:48:51.0484 2872 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
09:48:51.0562 2872 L1e - ok
09:48:51.0812 2872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:48:51.0890 2872 lanmanserver - ok
09:48:52.0140 2872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:48:52.0218 2872 lanmanworkstation - ok
09:48:52.0406 2872 Lbd - ok
09:48:52.0593 2872 lbrtfdc - ok
09:48:52.0781 2872 lexbces - ok
09:48:52.0953 2872 lirsgt - ok
09:48:53.0171 2872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:48:53.0281 2872 LmHosts - ok
09:48:53.0437 2872 lvckap - ok
09:48:53.0609 2872 lyncusbserv - ok
09:48:53.0859 2872 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:48:53.0906 2872 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning
09:48:53.0906 2872 mbamchameleon - detected UnsignedFile.Multi.Generic (1)
09:48:54.0062 2872 mcdetect.exe - ok
09:48:54.0234 2872 mcupdmgr.exe - ok
09:48:54.0453 2872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:48:54.0546 2872 Messenger - ok
09:48:54.0750 2872 mfeavfk - ok
09:48:54.0937 2872 mferkdk - ok
09:48:55.0203 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:48:55.0312 2872 mnmdd - ok
09:48:55.0515 2872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:48:55.0640 2872 mnmsrvc - ok
09:48:55.0843 2872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:48:55.0953 2872 Modem - ok
09:48:56.0578 2872 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
09:48:57.0390 2872 monfilt - ok
09:48:57.0625 2872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:48:57.0765 2872 Mouclass - ok
09:48:57.0984 2872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:48:58.0109 2872 mouhid - ok
09:48:58.0312 2872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:48:58.0421 2872 MountMgr - ok
09:48:58.0609 2872 mpservice - ok
09:48:58.0812 2872 mraid35x - ok
09:48:58.0984 2872 MREMP50a64 - ok
09:48:59.0218 2872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:48:59.0359 2872 MRxDAV - ok
09:48:59.0718 2872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:00.0031 2872 MRxSmb - ok
09:49:00.0250 2872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:49:00.0328 2872 MSDTC - ok
09:49:00.0546 2872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:49:00.0656 2872 Msfs - ok
09:49:00.0828 2872 MSIServer - ok
09:49:01.0031 2872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:01.0140 2872 MSKSSRV - ok
09:49:01.0328 2872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:01.0437 2872 MSPCLOCK - ok
09:49:01.0671 2872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:01.0781 2872 MSPQM - ok
09:49:01.0984 2872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:02.0078 2872 mssmbios - ok
09:49:02.0312 2872 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:49:02.0359 2872 MTsensor - ok
09:49:02.0625 2872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:49:02.0750 2872 Mup - ok
09:49:02.0937 2872 mwstick - ok
09:49:03.0109 2872 NAL - ok
09:49:03.0359 2872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:49:03.0546 2872 napagent - ok
09:49:03.0703 2872 navapel - ok
09:49:04.0078 2872 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:49:04.0453 2872 NBService - ok
09:49:04.0796 2872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:49:04.0953 2872 NDIS - ok
09:49:05.0187 2872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:05.0281 2872 NdisTapi - ok
09:49:05.0546 2872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:05.0640 2872 Ndisuio - ok
09:49:05.0859 2872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:05.0984 2872 NdisWan - ok
09:49:06.0218 2872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:06.0312 2872 NDProxy - ok
09:49:06.0515 2872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:06.0625 2872 NetBIOS - ok
09:49:06.0875 2872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:07.0015 2872 NetBT - ok
09:49:07.0265 2872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:49:07.0406 2872 NetDDE - ok
09:49:07.0437 2872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:49:07.0515 2872 NetDDEdsdm - ok
09:49:07.0718 2872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:07.0812 2872 Netlogon - ok
09:49:08.0109 2872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:49:08.0265 2872 Netman - ok
09:49:08.0484 2872 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:49:08.0531 2872 NetTcpPortSharing - ok
09:49:08.0703 2872 nfmservice - ok
09:49:08.0859 2872 ngdbserv - ok
09:49:09.0140 2872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:49:09.0281 2872 NIC1394 - ok
09:49:09.0437 2872 NICSer_WPC300N - ok
09:49:09.0750 2872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:49:09.0843 2872 Nla - ok
09:49:10.0109 2872 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:49:10.0187 2872 NMIndexingService - ok
09:49:10.0343 2872 nmwcdcm - ok
09:49:10.0609 2872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:49:10.0734 2872 Npfs - ok
09:49:10.0906 2872 NTACCESS - ok
09:49:11.0281 2872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:11.0625 2872 Ntfs - ok
09:49:11.0828 2872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:11.0906 2872 NtLmSsp - ok
09:49:12.0218 2872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:49:12.0515 2872 NtmsSvc - ok
09:49:12.0718 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:49:12.0828 2872 Null - ok
09:49:14.0015 2872 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:49:16.0015 2872 nv - ok
09:49:16.0359 2872 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:49:16.0406 2872 NVENETFD - ok
09:49:16.0562 2872 NVNET - ok
09:49:16.0796 2872 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:49:16.0843 2872 nvnetbus - ok
09:49:17.0062 2872 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
09:49:17.0125 2872 NVSvc - ok
09:49:17.0343 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:17.0468 2872 NwlnkFlt - ok
09:49:17.0671 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:17.0781 2872 NwlnkFwd - ok
09:49:18.0015 2872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:49:18.0156 2872 ohci1394 - ok
09:49:18.0343 2872 oracleorahomedatagatherer - ok
09:49:18.0515 2872 oracleorahomepagingserver - ok
09:49:18.0687 2872 oraclexeclragent - ok
09:49:18.0843 2872 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:18.0875 2872 ose - ok
09:49:19.0046 2872 p2pimsvc - ok
09:49:19.0218 2872 Packet - ok
09:49:19.0406 2872 pae_1394 - ok
09:49:19.0687 2872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:49:19.0828 2872 Parport - ok
09:49:20.0031 2872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:20.0140 2872 PartMgr - ok
09:49:20.0343 2872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:20.0453 2872 ParVdm - ok
09:49:20.0625 2872 pav_service - ok
09:49:20.0828 2872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:20.0953 2872 PCI - ok
09:49:21.0109 2872 PciBus - ok
09:49:21.0312 2872 PCIDump - ok
09:49:21.0515 2872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:21.0609 2872 PCIIde - ok
09:49:21.0859 2872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:49:21.0984 2872 Pcmcia - ok
09:49:22.0218 2872 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
09:49:22.0265 2872 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
09:49:22.0265 2872 Pcouffin - detected UnsignedFile.Multi.Generic (1)
09:49:22.0453 2872 PDCOMP - ok
09:49:22.0640 2872 PDFRAME - ok
09:49:22.0812 2872 pdiddcci - ok
09:49:22.0984 2872 PDRELI - ok
09:49:23.0171 2872 PDRFRAME - ok
09:49:23.0359 2872 perc2 - ok
09:49:23.0531 2872 perc2hib - ok
09:49:23.0796 2872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:49:23.0812 2872 PlugPlay - ok
09:49:24.0031 2872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:24.0109 2872 PolicyAgent - ok
09:49:24.0359 2872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:24.0468 2872 PptpMiniport - ok
09:49:24.0687 2872 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:49:24.0828 2872 Processor - ok
09:49:25.0000 2872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:25.0078 2872 ProtectedStorage - ok
09:49:25.0296 2872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:25.0406 2872 PSched - ok
09:49:25.0593 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:25.0718 2872 Ptilink - ok
09:49:25.0906 2872 purgeieservice - ok
09:49:26.0171 2872 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:26.0234 2872 PxHelp20 - ok
09:49:26.0421 2872 ql1080 - ok
09:49:26.0593 2872 Ql10wnt - ok
09:49:26.0781 2872 ql12160 - ok
09:49:26.0968 2872 ql1240 - ok
09:49:27.0140 2872 ql1280 - ok
09:49:27.0312 2872 ramaint - ok
09:49:27.0515 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:27.0625 2872 RasAcd - ok
09:49:27.0843 2872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:49:27.0953 2872 RasAuto - ok
09:49:28.0187 2872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:28.0312 2872 Rasl2tp - ok
09:49:28.0531 2872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:49:28.0671 2872 RasMan - ok
09:49:28.0859 2872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:28.0953 2872 RasPppoe - ok
09:49:29.0140 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:29.0265 2872 Raspti - ok
09:49:29.0515 2872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:29.0671 2872 Rdbss - ok
09:49:29.0890 2872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:29.0984 2872 RDPCDD - ok
09:49:30.0140 2872 rdpdr - ok
09:49:30.0406 2872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:30.0546 2872 RDPWD - ok
09:49:30.0781 2872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:49:30.0921 2872 RDSessMgr - ok
09:49:31.0171 2872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:31.0281 2872 redbook - ok
09:49:31.0500 2872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:49:31.0609 2872 RemoteAccess - ok
09:49:31.0781 2872 rimsptsk - ok
09:49:31.0953 2872 RIOXDRV - ok
09:49:32.0156 2872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:49:32.0250 2872 RpcLocator - ok
09:49:32.0562 2872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:49:32.0656 2872 RpcSs - ok
09:49:32.0828 2872 rp_fws - ok
09:49:33.0031 2872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:49:33.0171 2872 RSVP - ok
09:49:33.0343 2872 s116nd5 - ok
09:49:33.0515 2872 s125mgmt - ok
09:49:33.0687 2872 s616unic - ok
09:49:33.0843 2872 sagefserver - ok
09:49:34.0015 2872 SaiNtBus - ok
09:49:34.0218 2872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:49:34.0296 2872 SamSs - ok
09:49:34.0312 2872 SANDRA - ok
09:49:34.0468 2872 savrtpel - ok
09:49:34.0703 2872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:49:34.0812 2872 SCardSvr - ok
09:49:35.0062 2872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:49:35.0203 2872 Schedule - ok
09:49:35.0375 2872 sdbus - ok
09:49:35.0546 2872 SE26mdfl - ok
09:49:35.0796 2872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:35.0906 2872 Secdrv - ok
09:49:36.0078 2872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:49:36.0171 2872 seclogon - ok
09:49:36.0343 2872 SenFiltService - ok
09:49:36.0546 2872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:49:36.0656 2872 SENS - ok
09:49:36.0875 2872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:36.0984 2872 serenum - ok
09:49:37.0187 2872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:49:37.0296 2872 Serial - ok
09:49:37.0546 2872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:37.0656 2872 Sfloppy - ok
09:49:37.0812 2872 SGHIDI - ok
09:49:37.0984 2872 sglogplayer - ok
09:49:38.0265 2872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:49:38.0531 2872 SharedAccess - ok
09:49:38.0765 2872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:49:38.0781 2872 ShellHWDetection - ok
09:49:38.0953 2872 si3114r - ok
09:49:39.0125 2872 Simbad - ok
09:49:39.0296 2872 smserial - ok
09:49:39.0468 2872 SNP2UVC - ok
09:49:39.0640 2872 snpstd - ok
09:49:39.0828 2872 Sparrow - ok
09:49:40.0046 2872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:49:40.0140 2872 splitter - ok
09:49:40.0359 2872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:49:40.0421 2872 Spooler - ok
09:49:40.0671 2872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:40.0781 2872 sr - ok
09:49:41.0031 2872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:49:41.0156 2872 srservice - ok
09:49:41.0453 2872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:41.0703 2872 Srv - ok
09:49:41.0953 2872 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:49:41.0984 2872 sscdbus - ok
09:49:42.0187 2872 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:49:42.0203 2872 sscdmdfl - ok
09:49:42.0421 2872 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:49:42.0468 2872 sscdmdm - ok
09:49:42.0687 2872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:49:42.0812 2872 SSDPSRV - ok
09:49:42.0968 2872 ssfs0509 - ok
09:49:43.0140 2872 sskbfd - ok
09:49:43.0359 2872 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
09:49:43.0421 2872 StarOpen ( UnsignedFile.Multi.Generic ) - warning
09:49:43.0421 2872 StarOpen - detected UnsignedFile.Multi.Generic (1)
09:49:43.0687 2872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:49:43.0953 2872 stisvc - ok
09:49:44.0187 2872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:44.0265 2872 swenum - ok
09:49:44.0484 2872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:49:44.0593 2872 swmidi - ok
09:49:44.0781 2872 SwPrv - ok
09:49:45.0000 2872 symc810 - ok
09:49:45.0171 2872 symc8xx - ok
09:49:45.0359 2872 sym_hi - ok
09:49:45.0546 2872 sym_u3 - ok
09:49:45.0781 2872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:45.0875 2872 sysaudio - ok
09:49:46.0109 2872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:49:46.0234 2872 SysmonLog - ok
09:49:46.0515 2872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:49:46.0671 2872 TapiSrv - ok
09:49:47.0000 2872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:47.0171 2872 Tcpip - ok
09:49:47.0375 2872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:47.0484 2872 TDPIPE - ok
09:49:47.0687 2872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:47.0781 2872 TDTCP - ok
09:49:48.0000 2872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:48.0109 2872 TermDD - ok
09:49:48.0359 2872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:49:48.0562 2872 TermService - ok
09:49:48.0734 2872 tfsndrct - ok
09:49:48.0968 2872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:49:48.0984 2872 Themes - ok
09:49:49.0140 2872 tifm21 - ok
09:49:49.0328 2872 TosIde - ok
09:49:49.0500 2872 TPECioCtl - ok
09:49:49.0671 2872 TPPWRIF - ok
09:49:49.0828 2872 traprcvr - ok
09:49:50.0062 2872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:49:50.0187 2872 TrkWks - ok
09:49:50.0359 2872 TuneUp.Defrag - ok
09:49:50.0578 2872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:49:50.0687 2872 Udfs - ok
09:49:50.0859 2872 uhcd - ok
09:49:51.0031 2872 ultra - ok
09:49:51.0343 2872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:49:51.0625 2872 Update - ok
09:49:51.0781 2872 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:49:51.0890 2872 uploadmgr - ok
09:49:52.0125 2872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:49:52.0265 2872 upnphost - ok
09:49:52.0468 2872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:49:52.0562 2872 UPS - ok
09:49:52.0734 2872 USA49W2KP - ok
09:49:52.0984 2872 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:49:53.0031 2872 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
09:49:53.0031 2872 USBAAPL - detected UnsignedFile.Multi.Generic (1)
09:49:53.0234 2872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:53.0343 2872 usbccgp - ok
09:49:53.0578 2872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:53.0671 2872 usbehci - ok
09:49:53.0906 2872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:54.0015 2872 usbhub - ok
09:49:54.0218 2872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:49:54.0312 2872 usbohci - ok
09:49:54.0515 2872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:54.0625 2872 usbprint - ok
09:49:54.0843 2872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:54.0937 2872 usbscan - ok
09:49:55.0140 2872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:55.0234 2872 USBSTOR - ok
09:49:55.0484 2872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:55.0609 2872 usbuhci - ok
09:49:55.0828 2872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:49:55.0921 2872 VgaSave - ok
09:49:56.0218 2872 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys
09:49:56.0312 2872 VIAHdAudAddService - ok
09:49:56.0484 2872 ViaIde - ok
09:49:56.0671 2872 videoacceleratorengine - ok
09:49:56.0843 2872 VNUSB - ok
09:49:57.0062 2872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:57.0187 2872 VolSnap - ok
09:49:57.0359 2872 vsbus - ok
09:49:57.0531 2872 vsmon - ok
09:49:57.0796 2872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:49:57.0953 2872 VSS - ok
09:49:58.0125 2872 vzcdbsvc - ok
09:49:58.0359 2872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:49:58.0500 2872 W32Time - ok
09:49:58.0750 2872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:58.0890 2872 Wanarp - ok
09:49:59.0046 2872 wap3gx - ok
09:49:59.0218 2872 Wdf01000 - ok
09:49:59.0406 2872 WDICA - ok
09:49:59.0625 2872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:59.0718 2872 wdmaud - ok
09:49:59.0937 2872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:50:00.0093 2872 WebClient - ok
09:50:00.0265 2872 win32sl - ok
09:50:00.0562 2872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:50:00.0671 2872 winmgmt - ok
09:50:00.0843 2872 winvnc - ok
09:50:01.0062 2872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:50:01.0093 2872 WmdmPmSN - ok
09:50:01.0328 2872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:50:01.0468 2872 WmiApSrv - ok
09:50:01.0875 2872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:50:02.0359 2872 WMPNetworkSvc - ok
09:50:02.0640 2872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:50:02.0671 2872 WpdUsb - ok
09:50:03.0109 2872 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:50:03.0515 2872 WPFFontCache_v0400 - ok
09:50:03.0859 2872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:50:04.0000 2872 WS2IFSL - ok
09:50:04.0218 2872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:50:04.0343 2872 wscsvc - ok
09:50:04.0531 2872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:50:04.0625 2872 wuauserv - ok
09:50:04.0859 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:50:04.0921 2872 WudfPf - ok
09:50:05.0156 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:50:05.0187 2872 WudfRd - ok
09:50:05.0390 2872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:50:05.0421 2872 WudfSvc - ok
09:50:05.0781 2872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:50:06.0093 2872 WZCSVC - ok
09:50:06.0328 2872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:50:06.0453 2872 xmlprov - ok
09:50:06.0625 2872 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
09:50:06.0671 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:50:07.0031 2872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:50:07.0031 2872 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:50:07.0062 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:50:07.0234 2872 \Device\Harddisk1\DR1 - ok
09:50:07.0234 2872 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0
09:50:07.0234 2872 \Device\Harddisk0\DR0\Partition0 - ok
09:50:07.0234 2872 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0
09:50:07.0234 2872 \Device\Harddisk1\DR1\Partition0 - ok
09:50:07.0250 2872 ============================================================
09:50:07.0250 2872 Scan finished
09:50:07.0250 2872 ============================================================
09:50:07.0390 2092 Detected object count: 7
09:50:07.0390 2092 Actual detected object count: 7
09:50:35.0484 2092 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0484 2092 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0484 2092 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0484 2092 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0484 2092 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0484 2092 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
09:50:35.0484 2092 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
09:50:35.0640 2092 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:50:35.0703 2092 \Device\Harddisk0\DR0\TDLFS\module.dll - copied to quarantine
09:50:35.0703 2092 \Device\Harddisk0\DR0\TDLFS - deleted
09:50:35.0703 2092 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
09:50:56.0500 3700 Deinitialize success

...............................


ComboFix 12-03-22.01 - Owner 24/03/2012 10:08:44.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.595 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research
2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll
2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll
2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-23_15.44.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-24 00:05 . 2012-03-24 00:05 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=
"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
bridge
ibmsmbus
mferkdk
si3114r
p2pimsvc
cics.region1
nfmservice
b57w2k
gmer
vzcdbsvc
Bcim
GBFSHook
ssfs0509
lyncusbserv
CTEDSPFX.DLL
tifm21
winvnc
pae_1394
s616unic
SE26mdfl
vsbus
ATNT40K
NTACCESS
MREMP50a64
ntsvcmgr
sskbfd
aeaudio
sglogplayer
cdfsvc
smserial
SGHIDI
mwstick
TuneUp.Defrag
traprcvr
snpstd
NVNET
navapel
iviVD
avgfwsrv
oracleorahomedatagatherer
rdpdr
purgeieservice
pav_service
backupexecnamingservice
pdiddcci
aslm75
DM9102
NAL
ngdbserv
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
tfsndrct
s116nd5
mcdetect.exe
Packet
videoacceleratorengine
BrSerIf
Wdf01000
bdselfpr
emu10k
backupexecjobengine
s125mgmt
mpservice
mcupdmgr.exe
filemon701
SaiNtBus
ramaint
sagefserver
oraclexeclragent
iAimTV5
savrtpel
win32sl
PciBus
klif
mbr
uhcd
AppnApi
downloadmanagerlite
cxpt_service
VNUSB
lexbces
SNP2UVC
USA49W2KP
bvrp_pci
NICSer_WPC300N
mfeavfk
oracleorahomepagingserver
vsmon
dlbx_device
lirsgt
rimsptsk
rp_fws
nmwcdcm
lvckap
bocdrive
TPPWRIF
isdrv122
sdbus
RIOXDRV
ctxhttp
HidBth
wap3gx
ggsemc
TPECioCtl
uploadmgr
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]
.
2012-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: iinet.net.au\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 10:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff
"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff
.
[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-03-24 10:40:03
ComboFix-quarantined-files.txt 2012-03-24 00:39
ComboFix2.txt 2012-03-23 22:39
ComboFix3.txt 2012-03-23 15:54
ComboFix4.txt 2011-04-06 07:44
.
Pre-Run: 51,482,660,864 bytes free
Post-Run: 51,465,273,344 bytes free
.
- - End Of File - - 9060F0D76F9D0B205F334870CF8ED0B2

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 23 March 2012 - 08:51 PM

How's it running now?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 09:48 PM

Seems to be running ok now, no more avg threat popups, and have not had any more browser redirects yet. Might be good?

#17 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 23 March 2012 - 10:54 PM

Spoke too soon, avg threat just detected. Still the Trojan horse Crypt.AQLW. AVG found it in c:\system vol info\_restore{.......}\RP219\Aoo27260.dll

What now Obiwan?

#18 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 24 March 2012 - 06:14 AM

c:\system vol info\_restore

We'll kill that when you uninstall Combofix.



Good job Posted Image

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.


Log looks good :D


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.


  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn


  • JAVA Click this link and click on the Free JAVA Download


  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.


I would suggest you read:
PC Safety and Security--What Do I Need?.
How to Prevent Malware:


The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.




Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 grey hair

grey hair

    New Member

  • Members
  • Pip
  • 24 posts
  • Gender:Male
  • Location:Down Under

Posted 24 March 2012 - 08:00 AM

Thanks Larry, desktop seems to be ok now (touch wood), your help has been terrific.
Combofix uninstalled.
All passwords have been changed via clean laptop. Java 6-31 was installed on desktop and MS, AVG & MBAM all up to date.

Just a few quick questions if you don't mind, all for good security.
- What about tdsskiller? Leave it or remove it?
- I have a firewall on my D-Link router, is this normally good enough or would it be more advantageous to look at a software firewall as well. Don't want to have 2 runnng.
- I had not heard of M86 (thanks for the link). It looks similar to what my AVG LinkScanner does in warning of bad sites. Would the 2 programs conflict, say like using 2 antivirus/firewall programs?

Again, my thanks for your help, it is greatly appreciated.
Cheers.

#20 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 25 March 2012 - 08:05 AM 

What about tdsskiller? Leave it or remove it?
Delete it
- I have a firewall on my D-Link router, is this normally good enough or would it be more advantageous to look at a software firewall as well. Don't want to have 2 runnng.
Keep using only your D-Link
- I had not heard of M86 (thanks for the link). It looks similar to what my AVG LinkScanner does in warning of bad sites. Would the 2 programs conflict, say like using 2 antivirus/firewall programs?
LinkScanner should be fine



You're more than welcome.
Glad we were able to help
Peace be with you Posted Image
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·