Jump to content


Photo
- - - - -

I've been hijacked.


  • This topic is locked This topic is locked
10 replies to this topic

#1 tduro

tduro

    Regular Member

  • Honorary Members
  • PipPip
  • 60 posts

Posted 26 March 2012 - 05:28 PM

When I click a link from a Google search, I'm redirected to a bogus search engine or a bogus antivirus site. I updated and ran Malwarebytes and Avira Antivirus. Both found threats and purportedly eliminated them, but the problem remained. I'm not sure if this is related, but I can no longer access a Google or Bing front page. I can, however, get to other sites if I have a link to it or type it in the search bar directly. I ran DDS and the DDS.txt and Attach.txt are posted below:

DDS.TXT
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 18:18:01 on 2012-03-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.332 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [prmlt] rundll32.exe "c:\docume~1\hp_adm~1\locals~1\temp\prmlt.dll",EnumMCCustomSetNumberRelease
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://24.229.34.148/viewer/activeXViewer/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.shh.org/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{B7BBC842-5ECC-4F76-943A-4A4EE4342D2B} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 87.229.126.40 www.google.com
Hosts: 87.229.126.41 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-25 11608]
R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [2009-4-1 64160]
R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\drivers\NEOFLTR_700_17289.SYS [2011-6-30 84336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-25 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-25 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-25 66616]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2006-9-12 307295]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-10-5 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-10-5 1060352]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-10-5 484352]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-5-30 36224]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2006-9-12 109008]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-6 11520]
R4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-5-30 134912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [2007-1-4 516635]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-03-24 17:01:31 884 ---ha-r- c:\windows\system32\drivers\etc\hosts.sys
2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Waavy
2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Muycad
2012-03-11 13:02:44 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PMB Files
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:20:05.98 ===============


ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2006 8:59:42 PM
System Uptime: 3/26/2012 5:23:14 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3700+ | Socket 939 | 2188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 178 GiB total, 62.227 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.117 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (UDF)
L: is Removable
M: is FIXED (NTFS) - 1862 GiB total, 1756.306 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
==== System Restore Points ===================
.
RP220: 12/28/2011 11:45:07 AM - System Checkpoint
RP221: 12/29/2011 3:40:43 PM - System Checkpoint
RP222: 12/30/2011 3:45:09 PM - System Checkpoint
RP223: 1/1/2012 2:20:22 PM - System Checkpoint
RP224: 1/2/2012 2:45:02 PM - System Checkpoint
RP225: 1/3/2012 3:45:02 PM - System Checkpoint
RP226: 1/4/2012 4:33:18 PM - System Checkpoint
RP227: 1/5/2012 4:50:50 PM - System Checkpoint
RP228: 1/6/2012 7:16:18 PM - System Checkpoint
RP229: 1/7/2012 8:00:46 PM - System Checkpoint
RP230: 1/8/2012 9:00:41 PM - System Checkpoint
RP231: 1/9/2012 10:00:44 PM - System Checkpoint
RP232: 1/10/2012 10:03:33 PM - System Checkpoint
RP233: 1/11/2012 2:00:25 AM - Software Distribution Service 3.0
RP234: 1/12/2012 2:00:47 AM - System Checkpoint
RP235: 1/13/2012 2:05:32 AM - System Checkpoint
RP236: 1/14/2012 3:05:23 AM - System Checkpoint
RP237: 1/15/2012 4:05:32 AM - System Checkpoint
RP238: 1/16/2012 4:46:46 AM - System Checkpoint
RP239: 1/17/2012 5:46:46 AM - System Checkpoint
RP240: 1/18/2012 6:46:39 AM - System Checkpoint
RP241: 1/19/2012 6:52:41 AM - System Checkpoint
RP242: 1/20/2012 7:37:04 AM - System Checkpoint
RP243: 1/21/2012 10:08:02 AM - System Checkpoint
RP244: 1/22/2012 10:46:18 AM - System Checkpoint
RP245: 1/23/2012 11:25:59 AM - System Checkpoint
RP246: 1/24/2012 12:26:01 PM - System Checkpoint
RP247: 1/25/2012 12:38:08 PM - System Checkpoint
RP248: 1/26/2012 2:00:17 AM - Software Distribution Service 3.0
RP249: 1/27/2012 2:22:30 AM - System Checkpoint
RP250: 1/28/2012 3:22:31 AM - System Checkpoint
RP251: 1/29/2012 4:22:23 AM - System Checkpoint
RP252: 1/30/2012 5:22:35 AM - System Checkpoint
RP253: 1/31/2012 6:22:35 AM - System Checkpoint
RP254: 2/1/2012 7:38:36 AM - System Checkpoint
RP255: 2/2/2012 8:22:25 AM - System Checkpoint
RP256: 2/3/2012 8:41:06 AM - System Checkpoint
RP257: 2/4/2012 9:41:13 AM - System Checkpoint
RP258: 2/5/2012 11:02:16 AM - System Checkpoint
RP259: 2/6/2012 11:42:39 AM - System Checkpoint
RP260: 2/7/2012 11:53:08 AM - System Checkpoint
RP261: 2/8/2012 12:29:38 PM - System Checkpoint
RP262: 2/9/2012 12:41:57 PM - System Checkpoint
RP263: 2/10/2012 9:11:40 PM - System Checkpoint
RP264: 2/11/2012 10:21:47 PM - System Checkpoint
RP265: 2/12/2012 11:03:48 PM - System Checkpoint
RP266: 2/14/2012 12:04:00 AM - System Checkpoint
RP267: 2/15/2012 1:04:01 AM - System Checkpoint
RP268: 2/16/2012 2:00:20 AM - Software Distribution Service 3.0
RP269: 2/16/2012 9:03:27 PM - Removed iTunes
RP270: 2/17/2012 9:20:05 PM - System Checkpoint
RP271: 2/18/2012 9:48:11 PM - System Checkpoint
RP272: 2/19/2012 11:08:19 PM - System Checkpoint
RP273: 2/20/2012 11:24:06 PM - System Checkpoint
RP274: 2/22/2012 12:24:17 AM - System Checkpoint
RP275: 2/23/2012 1:24:17 AM - System Checkpoint
RP276: 2/24/2012 2:24:09 AM - System Checkpoint
RP277: 2/25/2012 3:24:21 AM - System Checkpoint
RP278: 2/26/2012 4:24:10 AM - System Checkpoint
RP279: 2/27/2012 5:24:29 AM - System Checkpoint
RP280: 2/28/2012 6:24:16 AM - System Checkpoint
RP281: 2/29/2012 7:51:31 AM - System Checkpoint
RP282: 3/1/2012 8:24:14 AM - System Checkpoint
RP283: 3/2/2012 8:41:59 AM - System Checkpoint
RP284: 3/3/2012 9:42:00 AM - System Checkpoint
RP285: 3/4/2012 10:42:04 AM - System Checkpoint
RP286: 3/5/2012 11:42:03 AM - System Checkpoint
RP287: 3/6/2012 12:42:06 PM - System Checkpoint
RP288: 3/7/2012 1:39:41 PM - System Checkpoint
RP289: 3/8/2012 2:39:44 PM - System Checkpoint
RP290: 3/9/2012 5:52:19 PM - System Checkpoint
RP291: 3/10/2012 7:16:25 PM - System Checkpoint
RP292: 3/11/2012 10:31:02 PM - System Checkpoint
RP293: 3/12/2012 10:35:38 PM - System Checkpoint
RP294: 3/13/2012 11:35:51 PM - System Checkpoint
RP295: 3/14/2012 2:00:26 AM - Software Distribution Service 3.0
RP296: 3/15/2012 2:17:01 AM - System Checkpoint
RP297: 3/16/2012 2:52:50 AM - System Checkpoint
RP298: 3/17/2012 3:17:15 AM - System Checkpoint
RP299: 3/18/2012 4:17:05 AM - System Checkpoint
RP300: 3/19/2012 5:17:07 AM - System Checkpoint
RP301: 3/20/2012 6:17:06 AM - System Checkpoint
RP302: 3/21/2012 6:41:34 AM - System Checkpoint
RP303: 3/22/2012 8:11:40 AM - System Checkpoint
RP304: 3/23/2012 8:41:47 AM - System Checkpoint
RP305: 3/24/2012 10:45:49 AM - System Checkpoint
RP306: 3/25/2012 11:30:13 AM - System Checkpoint
RP307: 3/26/2012 12:20:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
1600
1600_Help
1600Trb
5 Card Slingo from HP Media Center (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader Korean Fonts
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
AIM 6
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Amazon Add to Wish List IE Extension 1.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Check Point SSL Network Extender Components Shell
Check Point SSL Network Extender Service
Chuzzle Deluxe from HP Media Center (remove only)
Cisco AnyConnect VPN Client
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Dropbox
DWG TrueView 2007
Easy Internet Sign-up
Easy MOV Converter 1.3.7
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Exif Viewer Ver.1.1
Family Feud
Family Tree Maker
Fax
Fax_CDA
Fellowes/NEATO MediaFACE
FMS
Free M4a to MP3 Converter 6.2
GCalc 3
GdiplusUpgrade
GemMaster Mystic
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hallmark Card Studio
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Assistant
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
Java Auto Updater
Java™ 6 Update 24
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
K-Lite Codec Pack 4.0.0 (Full)
League of Legends
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LG USB Modem driver
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mp3tag v2.48
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
NewCopy
NewCopy_CDA
Otto
Pando Media Booster
PanoStandAlone
PC-Doctor 5 for Windows
PenCam SD Manager
PhotoGallery
Picasa 3
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
Protected Music Converter 1.0.0.10
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QBrew (remove only)
Quicken 2010
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Screen Cleaner
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Sibelius Scorch Plugin
SkinsHP1
Skype Toolbars
Skype™ 4.2
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from HP Media Center (remove only)
TaxACT 2005
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT 2008 Pennsylvania
TaxACT 2009
TaxACT 2009 Pennsylvania
TaxACT 2010
TaxACT 2010 Pennsylvania
TaxACT 2011 - 1040 Edition
TaxACT 2011 Pennsylvania
TaxACT Pennsylvania 2005
TaxACT Pennsylvania 2006
TaxACT Pennsylvania 2007
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
V CAST Music with Rhapsody
Visual CADD 4
WD SmartWare
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe from HP Media Center (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/24/2012 6:52:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
3/24/2012 10:47:39 PM, error: VolSnap [20] - The shadow copy of volume M: was aborted because of a failed free space computation.
3/20/2012 6:46:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.
3/20/2012 2:38:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vpnagent service.
3/20/2012 2:37:57 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 March 2012 - 10:23 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 tduro

tduro

    Regular Member

  • Honorary Members
  • PipPip
  • 60 posts

Posted 27 March 2012 - 11:34 AM

Hi MrC. Thank you for helping me. I ran RogueKiller. Below is the report.

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: HP_Administrator [Admin rights]
Mode: Scan -- Date: 03/27/2012 12:33:03
¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]
[SUSP PATH] prmlt.dll -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : prmlt (rundll32.exe "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll",EnumMCCustomSetNumberRelease) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xF7CEA114)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7CEA0CE)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xF7CEA11E)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7CEA0C4)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7CEA0D3)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7CEA0DD)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xF7CEA10F)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7CEA0E2)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7CEA0B0)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7CEA0B5)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7CEA0EC)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7CEA0E7)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xF7CEA123)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7CEA0D8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7CEA0BF)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7CEA128)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7CEA12D)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
87.229.126.40 www.google.com
87.229.126.41 www.bing.com

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2000JD-60KLB0 +++++
--- User ---
[MBR] 263c68a8674ee29e5ccfabab0b247ed4
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8714 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17848215 | Size: 182056 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 March 2012 - 11:57 AM

OK, run RogueKiller again and

Under......

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] prmlt.dll -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll -> KILLED [TermProc]

Select this one (uncheck the rest) and choose Delete on the right

-------------------------------------------

and under.....

¤¤¤ Registry Entries: 2 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : prmlt (rundll32.exe "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll",EnumMCCustomSetNumberRelease) -> FOUND

Select this one (uncheck the rest) and choose Delete on the right

-----------------------------------

These are bad:

¤¤¤ HOSTS File: ¤¤¤
87.229.126.40 www.google.com
87.229.126.41 www.bing.com

So click on the HostFix box on the right.

Reboot and let me know if that corrects your problem, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 tduro

tduro

    Regular Member

  • Honorary Members
  • PipPip
  • 60 posts

Posted 27 March 2012 - 04:56 PM

Wow! That seemed too easy. No more symptoms. Google and Bing home pages are accessible. Links to search results no longer redirect.

Is there anything else I need to do as a final cleanup?

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 March 2012 - 05:18 PM

Great, lets just do a quick check for any rootkits:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 tduro

tduro

    Regular Member

  • Honorary Members
  • PipPip
  • 60 posts

Posted 27 March 2012 - 05:29 PM

27 suspicious files, but none malicious. No prompt to reboot, but I'll do so now. Here's the report:

18:24:49.0828 2224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:24:50.0125 2224 ============================================================
18:24:50.0125 2224 Current date / time: 2012/03/27 18:24:50.0125
18:24:50.0125 2224 SystemInfo:
18:24:50.0125 2224
18:24:50.0125 2224 OS Version: 5.1.2600 ServicePack: 3.0
18:24:50.0125 2224 Product type: Workstation
18:24:50.0125 2224 ComputerName: YOUR-4DACD0EA75
18:24:50.0125 2224 UserName: HP_Administrator
18:24:50.0125 2224 Windows directory: C:\WINDOWS
18:24:50.0125 2224 System windows directory: C:\WINDOWS
18:24:50.0125 2224 Processor architecture: Intel x86
18:24:50.0125 2224 Number of processors: 1
18:24:50.0125 2224 Page size: 0x1000
18:24:50.0125 2224 Boot type: Normal boot
18:24:50.0125 2224 ============================================================
18:24:54.0546 2224 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:24:54.0656 2224 \Device\Harddisk0\DR0:
18:24:54.0656 2224 MBR used
18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758
18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x16394769
18:24:54.0703 2224 Initialize success
18:24:54.0703 2224 ============================================================
18:25:15.0484 0964 ============================================================
18:25:15.0484 0964 Scan started
18:25:15.0484 0964 Mode: Manual; SigCheck; TDLFS;
18:25:15.0484 0964 ============================================================
18:25:15.0875 0964 Abiosdsk - ok
18:25:15.0890 0964 abp480n5 - ok
18:25:16.0062 0964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:25:16.0484 0964 ACDaemon - ok
18:25:16.0546 0964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:25:18.0015 0964 ACPI - ok
18:25:18.0156 0964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:25:18.0312 0964 ACPIEC - ok
18:25:18.0328 0964 adpu160m - ok
18:25:18.0390 0964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:25:18.0562 0964 aec - ok
18:25:18.0609 0964 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:25:18.0656 0964 Afc - ok
18:25:18.0703 0964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:25:18.0765 0964 AFD - ok
18:25:18.0781 0964 Aha154x - ok
18:25:18.0796 0964 aic78u2 - ok
18:25:18.0812 0964 aic78xx - ok
18:25:19.0000 0964 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:25:19.0718 0964 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
18:25:19.0718 0964 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
18:25:19.0859 0964 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:25:20.0015 0964 Alerter - ok
18:25:20.0046 0964 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:25:20.0171 0964 ALG - ok
18:25:20.0218 0964 AliIde - ok
18:25:20.0265 0964 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:25:20.0312 0964 AmdK8 ( UnsignedFile.Multi.Generic ) - warning
18:25:20.0312 0964 AmdK8 - detected UnsignedFile.Multi.Generic (1)
18:25:20.0328 0964 amsint - ok
18:25:20.0437 0964 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:25:20.0515 0964 AntiVirSchedulerService - ok
18:25:20.0546 0964 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:25:20.0578 0964 AntiVirService - ok
18:25:20.0687 0964 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:25:20.0718 0964 Apple Mobile Device - ok
18:25:20.0828 0964 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:25:20.0984 0964 AppMgmt - ok
18:25:21.0046 0964 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
18:25:21.0093 0964 aracpi - ok
18:25:21.0187 0964 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
18:25:21.0218 0964 ArcCD ( UnsignedFile.Multi.Generic ) - warning
18:25:21.0218 0964 ArcCD - detected UnsignedFile.Multi.Generic (1)
18:25:21.0250 0964 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
18:25:21.0281 0964 ArcRec ( UnsignedFile.Multi.Generic ) - warning
18:25:21.0281 0964 ArcRec - detected UnsignedFile.Multi.Generic (1)
18:25:21.0312 0964 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
18:25:21.0375 0964 ArcUdfs ( UnsignedFile.Multi.Generic ) - warning
18:25:21.0375 0964 ArcUdfs - detected UnsignedFile.Multi.Generic (1)
18:25:21.0406 0964 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
18:25:21.0437 0964 arhidfltr - ok
18:25:21.0531 0964 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
18:25:21.0562 0964 arkbcfltr - ok
18:25:21.0640 0964 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
18:25:21.0703 0964 armoucfltr - ok
18:25:21.0765 0964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:25:21.0921 0964 Arp1394 - ok
18:25:21.0968 0964 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
18:25:22.0015 0964 ARPolicy - ok
18:25:22.0062 0964 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
18:25:23.0843 0964 ARSVC - ok
18:25:23.0953 0964 asc - ok
18:25:24.0000 0964 asc3350p - ok
18:25:24.0015 0964 asc3550 - ok
18:25:24.0125 0964 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:25:24.0187 0964 aspnet_state - ok
18:25:24.0234 0964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:25:24.0375 0964 AsyncMac - ok
18:25:24.0437 0964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:25:24.0562 0964 atapi - ok
18:25:24.0578 0964 Atdisk - ok
18:25:24.0625 0964 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe
18:25:24.0703 0964 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
18:25:24.0703 0964 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
18:25:24.0781 0964 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:25:24.0890 0964 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
18:25:24.0890 0964 ati2mtag - detected UnsignedFile.Multi.Generic (1)
18:25:24.0921 0964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:25:25.0062 0964 Atmarpc - ok
18:25:25.0109 0964 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:25:25.0250 0964 AudioSrv - ok
18:25:25.0359 0964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:25:25.0515 0964 audstub - ok
18:25:25.0609 0964 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:25:25.0625 0964 avgio - ok
18:25:25.0687 0964 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:25:25.0718 0964 avgntflt - ok
18:25:25.0765 0964 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:25:25.0796 0964 avipbb - ok
18:25:25.0828 0964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:25:25.0984 0964 Beep - ok
18:25:26.0046 0964 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:25:26.0265 0964 BITS - ok
18:25:26.0359 0964 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
18:25:26.0406 0964 Bonjour Service - ok
18:25:26.0515 0964 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:25:26.0687 0964 Browser - ok
18:25:26.0796 0964 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys
18:25:26.0890 0964 btaudio ( UnsignedFile.Multi.Generic ) - warning
18:25:26.0890 0964 btaudio - detected UnsignedFile.Multi.Generic (1)
18:25:26.0937 0964 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys
18:25:26.0984 0964 BTDriver ( UnsignedFile.Multi.Generic ) - warning
18:25:26.0984 0964 BTDriver - detected UnsignedFile.Multi.Generic (1)
18:25:27.0046 0964 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:25:27.0218 0964 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0218 0964 BTKRNL - detected UnsignedFile.Multi.Generic (1)
18:25:27.0359 0964 btwdins (cba04ea1d394951549d26ea2ec3d85e6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:25:27.0421 0964 btwdins ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0421 0964 btwdins - detected UnsignedFile.Multi.Generic (1)
18:25:27.0546 0964 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:25:27.0593 0964 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0593 0964 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
18:25:27.0640 0964 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys
18:25:27.0671 0964 btwhid ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0671 0964 btwhid - detected UnsignedFile.Multi.Generic (1)
18:25:27.0718 0964 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
18:25:27.0765 0964 btwmodem ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0765 0964 btwmodem - detected UnsignedFile.Multi.Generic (1)
18:25:27.0796 0964 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys
18:25:27.0812 0964 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
18:25:27.0812 0964 BTWUSB - detected UnsignedFile.Multi.Generic (1)
18:25:27.0875 0964 Ca100v (9b908a67f3b344b60cdaaf984ad547d1) C:\WINDOWS\system32\Drivers\Ca100v.sys
18:25:28.0062 0964 Ca100v - ok
18:25:28.0203 0964 catchme - ok
18:25:28.0250 0964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:25:28.0406 0964 cbidf2k - ok
18:25:28.0546 0964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:25:28.0687 0964 CCDECODE - ok
18:25:28.0734 0964 cd20xrnt - ok
18:25:28.0750 0964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:25:28.0906 0964 Cdaudio - ok
18:25:28.0968 0964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:25:29.0093 0964 Cdfs - ok
18:25:29.0140 0964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:25:29.0281 0964 Cdrom - ok
18:25:29.0296 0964 Changer - ok
18:25:29.0343 0964 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:25:29.0484 0964 CiSvc - ok
18:25:29.0531 0964 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:25:29.0671 0964 ClipSrv - ok
18:25:29.0781 0964 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:29.0843 0964 clr_optimization_v2.0.50727_32 - ok
18:25:29.0937 0964 CmdIde - ok
18:25:29.0968 0964 COMSysApp - ok
18:25:30.0078 0964 cpextender (7684bc5b9ec71ca29776efa194108df5) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
18:25:30.0156 0964 cpextender ( UnsignedFile.Multi.Generic ) - warning
18:25:30.0156 0964 cpextender - detected UnsignedFile.Multi.Generic (1)
18:25:30.0187 0964 Cpqarray - ok
18:25:30.0203 0964 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:25:30.0343 0964 CryptSvc - ok
18:25:30.0359 0964 dac2w2k - ok
18:25:30.0375 0964 dac960nt - ok
18:25:30.0437 0964 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:25:30.0531 0964 DcomLaunch - ok
18:25:30.0609 0964 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:25:30.0734 0964 Dhcp - ok
18:25:30.0968 0964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:25:31.0125 0964 Disk - ok
18:25:31.0265 0964 dmadmin - ok
18:25:31.0359 0964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:25:31.0609 0964 dmboot - ok
18:25:31.0656 0964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:25:31.0828 0964 dmio - ok
18:25:31.0875 0964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:25:32.0015 0964 dmload - ok
18:25:32.0109 0964 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:25:32.0250 0964 dmserver - ok
18:25:32.0343 0964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:25:32.0484 0964 DMusic - ok
18:25:32.0515 0964 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:25:32.0625 0964 Dnscache - ok
18:25:32.0671 0964 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:25:32.0828 0964 Dot3svc - ok
18:25:32.0843 0964 dpti2o - ok
18:25:32.0890 0964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:25:33.0015 0964 drmkaud - ok
18:25:33.0046 0964 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:25:33.0187 0964 EapHost - ok
18:25:33.0265 0964 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe
18:25:33.0296 0964 ehRecvr - ok
18:25:33.0375 0964 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
18:25:33.0453 0964 ehSched - ok
18:25:33.0562 0964 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:25:33.0687 0964 ERSvc - ok
18:25:33.0734 0964 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:25:33.0828 0964 Eventlog - ok
18:25:33.0875 0964 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:25:33.0937 0964 EventSystem - ok
18:25:34.0000 0964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:25:34.0125 0964 Fastfat - ok
18:25:34.0171 0964 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:25:34.0250 0964 FastUserSwitchingCompatibility - ok
18:25:34.0328 0964 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:25:34.0500 0964 Fax - ok
18:25:34.0562 0964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:25:34.0703 0964 Fdc - ok
18:25:34.0781 0964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:25:34.0921 0964 Fips - ok
18:25:34.0968 0964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:25:35.0125 0964 Flpydisk - ok
18:25:35.0218 0964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:25:35.0375 0964 FltMgr - ok
18:25:35.0484 0964 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:25:35.0531 0964 FontCache3.0.0.0 - ok
18:25:35.0625 0964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:25:35.0781 0964 Fs_Rec - ok
18:25:35.0843 0964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:25:36.0015 0964 Ftdisk - ok
18:25:36.0078 0964 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
18:25:36.0125 0964 ftsata2 ( UnsignedFile.Multi.Generic ) - warning
18:25:36.0125 0964 ftsata2 - detected UnsignedFile.Multi.Generic (1)
18:25:36.0218 0964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:25:36.0234 0964 GEARAspiWDM - ok
18:25:36.0281 0964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:25:36.0406 0964 Gpc - ok
18:25:36.0531 0964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:36.0546 0964 gupdate - ok
18:25:36.0593 0964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:25:36.0593 0964 gupdatem - ok
18:25:36.0656 0964 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:25:36.0703 0964 gusvc - ok
18:25:36.0781 0964 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:25:36.0921 0964 helpsvc - ok
18:25:36.0968 0964 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:25:37.0109 0964 HidServ - ok
18:25:37.0234 0964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:25:37.0375 0964 HidUsb - ok
18:25:37.0453 0964 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:25:37.0625 0964 hkmsvc - ok
18:25:37.0640 0964 hpn - ok
18:25:37.0687 0964 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:25:37.0812 0964 HPZid412 - ok
18:25:37.0828 0964 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:25:37.0906 0964 HPZipr12 - ok
18:25:37.0937 0964 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:25:38.0015 0964 HPZius12 - ok
18:25:38.0062 0964 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:25:38.0140 0964 HSFHWBS2 - ok
18:25:38.0203 0964 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:25:38.0375 0964 HSF_DP - ok
18:25:38.0531 0964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:25:38.0593 0964 HTTP - ok
18:25:38.0640 0964 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:25:38.0781 0964 HTTPFilter - ok
18:25:38.0796 0964 i2omgmt - ok
18:25:38.0812 0964 i2omp - ok
18:25:38.0859 0964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:25:39.0000 0964 i8042prt - ok
18:25:39.0078 0964 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:25:39.0250 0964 iaStor ( UnsignedFile.Multi.Generic ) - warning
18:25:39.0250 0964 iaStor - detected UnsignedFile.Multi.Generic (1)
18:25:39.0406 0964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:25:39.0468 0964 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:25:39.0468 0964 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:25:39.0687 0964 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:25:39.0906 0964 idsvc - ok
18:25:40.0031 0964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:25:40.0171 0964 Imapi - ok
18:25:40.0234 0964 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:25:40.0343 0964 ImapiService - ok
18:25:40.0359 0964 ini910u - ok
18:25:40.0375 0964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:25:40.0500 0964 IntelIde - ok
18:25:40.0578 0964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:25:40.0703 0964 intelppm - ok
18:25:40.0750 0964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:25:40.0875 0964 Ip6Fw - ok
18:25:40.0921 0964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:25:41.0078 0964 IpFilterDriver - ok
18:25:41.0125 0964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:25:41.0250 0964 IpInIp - ok
18:25:41.0296 0964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:25:41.0421 0964 IpNat - ok
18:25:41.0468 0964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:25:41.0593 0964 IPSec - ok
18:25:41.0625 0964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:25:41.0734 0964 IRENUM - ok
18:25:41.0812 0964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:25:41.0953 0964 isapnp - ok
18:25:41.0968 0964 ivusb - ok
18:25:42.0093 0964 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
18:25:42.0140 0964 JavaQuickStarterService - ok
18:25:42.0187 0964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:25:42.0312 0964 Kbdclass - ok
18:25:42.0343 0964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:25:42.0468 0964 kbdhid - ok
18:25:42.0500 0964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:25:42.0609 0964 kmixer - ok
18:25:42.0656 0964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:25:42.0750 0964 KSecDD - ok
18:25:42.0796 0964 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:25:42.0859 0964 lanmanserver - ok
18:25:42.0890 0964 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:25:42.0968 0964 lanmanworkstation - ok
18:25:43.0046 0964 lbrtfdc - ok
18:25:43.0156 0964 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:25:43.0203 0964 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:25:43.0203 0964 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:25:43.0265 0964 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:25:43.0406 0964 LmHosts - ok
18:25:43.0484 0964 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
18:25:43.0546 0964 McrdSvc - ok
18:25:43.0562 0964 MCSTRM - ok
18:25:43.0625 0964 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:25:43.0671 0964 MDM - ok
18:25:43.0703 0964 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:25:43.0765 0964 mdmxsdk - ok
18:25:43.0796 0964 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:25:43.0953 0964 Messenger - ok
18:25:44.0031 0964 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:25:44.0140 0964 MHN ( UnsignedFile.Multi.Generic ) - warning
18:25:44.0140 0964 MHN - detected UnsignedFile.Multi.Generic (1)
18:25:44.0250 0964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:25:44.0296 0964 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:25:44.0296 0964 MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:25:44.0359 0964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:25:44.0515 0964 mnmdd - ok
18:25:44.0546 0964 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:25:44.0671 0964 mnmsrvc - ok
18:25:44.0718 0964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:25:44.0828 0964 Modem - ok
18:25:44.0843 0964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:25:44.0984 0964 Mouclass - ok
18:25:45.0015 0964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:25:45.0203 0964 mouhid - ok
18:25:45.0250 0964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:25:45.0390 0964 MountMgr - ok
18:25:45.0406 0964 mraid35x - ok
18:25:45.0437 0964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:25:45.0578 0964 MRxDAV - ok
18:25:45.0640 0964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:25:45.0828 0964 MRxSmb - ok
18:25:45.0906 0964 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:25:46.0031 0964 MSDTC - ok
18:25:46.0140 0964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:25:46.0265 0964 Msfs - ok
18:25:46.0281 0964 MSIServer - ok
18:25:46.0328 0964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:25:46.0453 0964 MSKSSRV - ok
18:25:46.0484 0964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:25:46.0609 0964 MSPCLOCK - ok
18:25:46.0656 0964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:25:46.0781 0964 MSPQM - ok
18:25:46.0828 0964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:25:46.0937 0964 mssmbios - ok
18:25:46.0984 0964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:25:47.0125 0964 MSTEE - ok
18:25:47.0156 0964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:25:47.0203 0964 Mup - ok
18:25:47.0234 0964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:25:47.0359 0964 NABTSFEC - ok
18:25:47.0453 0964 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:25:47.0687 0964 napagent - ok
18:25:47.0796 0964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:25:47.0937 0964 NDIS - ok
18:25:48.0000 0964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:25:48.0125 0964 NdisIP - ok
18:25:48.0171 0964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:25:48.0234 0964 NdisTapi - ok
18:25:48.0281 0964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:25:48.0453 0964 Ndisuio - ok
18:25:48.0515 0964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:25:48.0640 0964 NdisWan - ok
18:25:48.0687 0964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:25:48.0750 0964 NDProxy - ok
18:25:48.0828 0964 NEOFLTR_600_14137 (8624b03dc85183f1dcf8432c502cbcf4) C:\WINDOWS\system32\Drivers\NEOFLTR_600_14137.SYS
18:25:48.0859 0964 NEOFLTR_600_14137 - ok
18:25:48.0937 0964 NEOFLTR_700_17289 (21795b5ee8f96d094ed4e6b87ad31895) C:\WINDOWS\system32\Drivers\NEOFLTR_700_17289.SYS
18:25:48.0953 0964 NEOFLTR_700_17289 - ok
18:25:49.0031 0964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:25:49.0171 0964 NetBIOS - ok
18:25:49.0203 0964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:25:49.0343 0964 NetBT - ok
18:25:49.0375 0964 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:25:49.0515 0964 NetDDE - ok
18:25:49.0531 0964 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:25:49.0625 0964 NetDDEdsdm - ok
18:25:49.0687 0964 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:49.0812 0964 Netlogon - ok
18:25:49.0843 0964 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:25:49.0953 0964 Netman - ok
18:25:50.0078 0964 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:50.0125 0964 NetTcpPortSharing - ok
18:25:50.0203 0964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:25:50.0312 0964 NIC1394 - ok
18:25:50.0406 0964 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:25:50.0421 0964 Nla - ok
18:25:50.0484 0964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:25:50.0625 0964 Npfs - ok
18:25:50.0687 0964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:25:50.0906 0964 Ntfs - ok
18:25:50.0953 0964 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:51.0062 0964 NtLmSsp - ok
18:25:51.0109 0964 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:25:51.0312 0964 NtmsSvc - ok
18:25:51.0359 0964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:25:51.0515 0964 Null - ok
18:25:51.0546 0964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:25:51.0687 0964 NwlnkFlt - ok
18:25:51.0718 0964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:25:51.0875 0964 NwlnkFwd - ok
18:25:51.0906 0964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:25:52.0031 0964 ohci1394 - ok
18:25:52.0078 0964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:25:52.0203 0964 Parport - ok
18:25:52.0281 0964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:25:52.0406 0964 PartMgr - ok
18:25:52.0421 0964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:25:52.0593 0964 ParVdm - ok
18:25:52.0625 0964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:25:52.0765 0964 PCI - ok
18:25:52.0781 0964 PCIDump - ok
18:25:52.0828 0964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:25:52.0984 0964 PCIIde - ok
18:25:53.0031 0964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:25:53.0171 0964 Pcmcia - ok
18:25:53.0187 0964 PDCOMP - ok
18:25:53.0203 0964 PDFRAME - ok
18:25:53.0218 0964 PDRELI - ok
18:25:53.0234 0964 PDRFRAME - ok
18:25:53.0250 0964 perc2 - ok
18:25:53.0265 0964 perc2hib - ok
18:25:53.0343 0964 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:25:53.0578 0964 PlugPlay - ok
18:25:53.0718 0964 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
18:25:53.0781 0964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:25:53.0781 0964 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:25:53.0859 0964 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:53.0968 0964 PolicyAgent - ok
18:25:54.0046 0964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:25:54.0171 0964 PptpMiniport - ok
18:25:54.0203 0964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:25:54.0312 0964 Processor - ok
18:25:54.0328 0964 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:54.0437 0964 ProtectedStorage - ok
18:25:54.0484 0964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:25:54.0531 0964 Ps2 - ok
18:25:54.0546 0964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:25:54.0687 0964 PSched - ok
18:25:54.0734 0964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:25:54.0875 0964 Ptilink - ok
18:25:54.0921 0964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:25:54.0953 0964 PxHelp20 - ok
18:25:55.0000 0964 ql1080 - ok
18:25:55.0015 0964 Ql10wnt - ok
18:25:55.0031 0964 ql12160 - ok
18:25:55.0046 0964 ql1240 - ok
18:25:55.0062 0964 ql1280 - ok
18:25:55.0078 0964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:25:55.0234 0964 RasAcd - ok
18:25:55.0281 0964 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:25:55.0421 0964 RasAuto - ok
18:25:55.0453 0964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:25:55.0593 0964 Rasl2tp - ok
18:25:55.0640 0964 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:25:55.0765 0964 RasMan - ok
18:25:55.0828 0964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:25:55.0953 0964 RasPppoe - ok
18:25:55.0984 0964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:25:56.0140 0964 Raspti - ok
18:25:56.0187 0964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:25:56.0328 0964 Rdbss - ok
18:25:56.0375 0964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:25:56.0531 0964 RDPCDD - ok
18:25:56.0562 0964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:25:56.0718 0964 rdpdr - ok
18:25:56.0812 0964 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:25:56.0921 0964 RDPWD - ok
18:25:57.0031 0964 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:25:57.0171 0964 RDSessMgr - ok
18:25:57.0250 0964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:25:57.0375 0964 redbook - ok
18:25:57.0421 0964 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:25:57.0546 0964 RemoteAccess - ok
18:25:57.0593 0964 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:25:57.0734 0964 RemoteRegistry - ok
18:25:57.0765 0964 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:25:57.0937 0964 RpcLocator - ok
18:25:58.0000 0964 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:25:58.0093 0964 RpcSs - ok
18:25:58.0171 0964 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:25:58.0390 0964 RSVP - ok
18:25:58.0453 0964 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:25:58.0515 0964 RTL8023xp - ok
18:25:58.0546 0964 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:25:58.0625 0964 rtl8139 - ok
18:25:58.0656 0964 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:25:58.0750 0964 SamSs - ok
18:25:58.0781 0964 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:25:58.0921 0964 SCardSvr - ok
18:25:58.0984 0964 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:25:59.0125 0964 Schedule - ok
18:25:59.0187 0964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:25:59.0312 0964 Secdrv - ok
18:25:59.0359 0964 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:25:59.0468 0964 seclogon - ok
18:25:59.0500 0964 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:25:59.0609 0964 SENS - ok
18:25:59.0687 0964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:25:59.0812 0964 Serial - ok
18:25:59.0875 0964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:00.0000 0964 Sfloppy - ok
18:26:00.0062 0964 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:26:00.0218 0964 SharedAccess - ok
18:26:00.0281 0964 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:26:00.0296 0964 ShellHWDetection - ok
18:26:00.0343 0964 Simbad - ok
18:26:00.0390 0964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:26:00.0515 0964 SLIP - ok
18:26:00.0531 0964 Sparrow - ok
18:26:00.0578 0964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:00.0687 0964 splitter - ok
18:26:00.0750 0964 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:26:00.0812 0964 Spooler - ok
18:26:00.0890 0964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:01.0015 0964 sr - ok
18:26:01.0109 0964 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:26:01.0250 0964 srservice - ok
18:26:01.0296 0964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:01.0421 0964 Srv - ok
18:26:01.0453 0964 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:26:01.0609 0964 SSDPSRV - ok
18:26:01.0781 0964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:26:01.0859 0964 ssmdrv - ok
18:26:01.0906 0964 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:26:02.0125 0964 stisvc - ok
18:26:02.0187 0964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:26:02.0328 0964 streamip - ok
18:26:02.0375 0964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:02.0515 0964 swenum - ok
18:26:02.0562 0964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:02.0687 0964 swmidi - ok
18:26:02.0703 0964 SwPrv - ok
18:26:02.0718 0964 symc810 - ok
18:26:02.0734 0964 symc8xx - ok
18:26:02.0750 0964 sym_hi - ok
18:26:02.0765 0964 sym_u3 - ok
18:26:02.0796 0964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:02.0937 0964 sysaudio - ok
18:26:02.0984 0964 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:26:03.0234 0964 SysmonLog - ok
18:26:03.0281 0964 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:26:03.0406 0964 TapiSrv - ok
18:26:03.0468 0964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:03.0531 0964 Tcpip - ok
18:26:03.0609 0964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:03.0750 0964 TDPIPE - ok
18:26:03.0781 0964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:03.0906 0964 TDTCP - ok
18:26:03.0968 0964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:04.0093 0964 TermDD - ok
18:26:04.0140 0964 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:26:04.0296 0964 TermService - ok
18:26:04.0343 0964 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:26:04.0359 0964 Themes - ok
18:26:04.0390 0964 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:26:04.0515 0964 TlntSvr - ok
18:26:04.0562 0964 TosIde - ok
18:26:04.0625 0964 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:26:04.0750 0964 TrkWks - ok
18:26:04.0812 0964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:04.0953 0964 Udfs - ok
18:26:04.0984 0964 ultra - ok
18:26:05.0000 0964 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
18:26:05.0062 0964 UMWdf - ok
18:26:05.0125 0964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:05.0296 0964 Update - ok
18:26:05.0343 0964 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:26:05.0484 0964 upnphost - ok
18:26:05.0515 0964 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:26:05.0640 0964 UPS - ok
18:26:05.0687 0964 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:26:05.0765 0964 USBAAPL - ok
18:26:05.0843 0964 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
18:26:05.0937 0964 usbbus - ok
18:26:06.0031 0964 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk100.sys
18:26:06.0078 0964 USBCamera - ok
18:26:06.0140 0964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:26:06.0265 0964 usbccgp - ok
18:26:06.0312 0964 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
18:26:06.0359 0964 UsbDiag - ok
18:26:06.0406 0964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:06.0546 0964 usbehci - ok
18:26:06.0578 0964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:06.0750 0964 usbhub - ok
18:26:06.0828 0964 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
18:26:06.0875 0964 USBModem - ok
18:26:06.0968 0964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:26:07.0078 0964 usbohci - ok
18:26:07.0125 0964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:26:07.0234 0964 usbprint - ok
18:26:07.0312 0964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:07.0437 0964 usbscan - ok
18:26:07.0468 0964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:26:07.0578 0964 usbstor - ok
18:26:07.0640 0964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:26:07.0765 0964 usbuhci - ok
18:26:07.0812 0964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:07.0937 0964 VgaSave - ok
18:26:07.0984 0964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:26:08.0109 0964 ViaIde - ok
18:26:08.0156 0964 VNA (3bb079ac39b37b257a88e68116808069) C:\WINDOWS\system32\DRIVERS\vna.sys
18:26:08.0203 0964 VNA - ok
18:26:08.0250 0964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:08.0375 0964 VolSnap - ok
18:26:08.0453 0964 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
18:26:08.0546 0964 vpnagent - ok
18:26:08.0671 0964 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
18:26:08.0703 0964 vpnva - ok
18:26:08.0765 0964 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:26:08.0937 0964 VSS - ok
18:26:09.0000 0964 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:26:09.0125 0964 W32Time - ok
18:26:09.0156 0964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:09.0312 0964 Wanarp - ok
18:26:09.0359 0964 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:26:09.0437 0964 WDC_SAM - ok
18:26:09.0546 0964 WDDMService (5ae4bfd04563afe55a0f666da23f252f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:26:09.0578 0964 WDDMService ( UnsignedFile.Multi.Generic ) - warning
18:26:09.0578 0964 WDDMService - detected UnsignedFile.Multi.Generic (1)
18:26:09.0625 0964 WDFME (f1361e91bc6e118a6ed0480ba60eab39) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
18:26:09.0718 0964 WDFME ( UnsignedFile.Multi.Generic ) - warning
18:26:09.0718 0964 WDFME - detected UnsignedFile.Multi.Generic (1)
18:26:09.0812 0964 WDICA - ok
18:26:09.0859 0964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:10.0000 0964 wdmaud - ok
18:26:10.0015 0964 WDSC (637cd767a88938560e8ee26572080729) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
18:26:10.0140 0964 WDSC ( UnsignedFile.Multi.Generic ) - warning
18:26:10.0140 0964 WDSC - detected UnsignedFile.Multi.Generic (1)
18:26:10.0203 0964 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:26:10.0343 0964 WebClient - ok
18:26:10.0421 0964 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:26:10.0546 0964 winachsf - ok
18:26:10.0609 0964 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:26:10.0750 0964 winmgmt - ok
18:26:10.0843 0964 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:26:10.0937 0964 WLSetupSvc - ok
18:26:11.0015 0964 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll
18:26:11.0062 0964 WmdmPmSN - ok
18:26:11.0140 0964 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:26:11.0250 0964 Wmi - ok
18:26:11.0296 0964 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:26:11.0453 0964 WmiApSrv - ok
18:26:11.0531 0964 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:26:11.0578 0964 WpdUsb - ok
18:26:11.0625 0964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:26:11.0781 0964 WS2IFSL - ok
18:26:11.0812 0964 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:26:11.0953 0964 wscsvc - ok
18:26:12.0000 0964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:26:12.0125 0964 WSTCODEC - ok
18:26:12.0218 0964 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:26:12.0343 0964 wuauserv - ok
18:26:12.0406 0964 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:26:12.0578 0964 WZCSVC - ok
18:26:12.0609 0964 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:26:12.0750 0964 xmlprov - ok
18:26:12.0796 0964 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
18:26:12.0875 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:26:12.0875 0964 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:26:12.0875 0964 Boot (0x1200) (24cfe822ba3421ec6520f040f536559e) \Device\Harddisk0\DR0\Partition0
18:26:12.0875 0964 \Device\Harddisk0\DR0\Partition0 - ok
18:26:12.0875 0964 Boot (0x1200) (f9144b3a6772d7992b16247922b7cffb) \Device\Harddisk0\DR0\Partition1
18:26:12.0890 0964 \Device\Harddisk0\DR0\Partition1 - ok
18:26:12.0890 0964 ============================================================
18:26:12.0890 0964 Scan finished
18:26:12.0890 0964 ============================================================
18:26:13.0031 2348 Detected object count: 27
18:26:13.0031 2348 Actual detected object count: 27
18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 March 2012 - 05:36 PM

They are OK, just unsigned files.

If everything is OK.......

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 tduro

tduro

    Regular Member

  • Honorary Members
  • PipPip
  • 60 posts

Posted 27 March 2012 - 07:08 PM

So far, so good. I have a WD external HD that I unplugged when I started this cleanup. Can I just plug it back in, or should I do something to ensure it's clean too?

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 27 March 2012 - 07:34 PM

It should be OK to plug back in, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 March 2012 - 07:57 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users