Jump to content


Photo
- - - - -

mbam doesn't run anymore


  • This topic is locked This topic is locked
11 replies to this topic

#1 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 27 March 2012 - 08:16 AM

Hi. MalwareBytes seems to have stopped running. It will start go for a couple of minutes then crash. SuperAntiSpyware does the same thing. Was able to run them both in Safe Mode and they both found a few things. But it still isn't working logged in normally. I suspect it still has a virus. I disconnected from the internet and disabled the AV briefly to run the DDS program. Now after reconnecting and turning the AV back on it mysteriously won't connect to the internet anymore.

Any help would be much appreciated. Thank you. Chrystal

Attached File  dds.txt   13.4KB   8 downloadsAttached File  attach.txt   20.23KB   5 downloads

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 08:27 AM

Hello chcjcamo,

If need be, restart the system, and right away, before Windows loads, tap & re-tap F8 Function-key to get to Advanced Boot Options.
Then use Up/down keyboard arrows & select Safe mode with Networking

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.


Step 7
RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.
Use separate replies as needed if logs do not fit into one reply box.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 27 March 2012 - 09:21 AM

Thank you for the quick reply. Instructions completed and logs follow:

Logfile of random's system information tool 1.09 (written by random/random)
Run by administrator at 2012-03-27 15:04:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 49 GB (47%) free of 104 GB
Total RAM: 1919 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:03, on 27/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Desktop\RSIT.exe
C:\Program Files\trend micro\administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fevershamcollege.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bradfordlearning.net:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fevershamcollege.mrooms2.net;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PCE Client] C:\WINDOWS\system32\PCENT\PCClient.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [CS32] C:\WINDOWS\c32cs2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1228725012820
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1256125088860
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fevershamcollege.com
O17 - HKLM\Software\..\Telephony: DomainName = fevershamcollege.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fevershamcollege.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7860 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\DEFRAG.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AD44862F-11C3-4500-90A7-129F5F3235DA}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-23 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-23 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-23 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCE Client"=C:\WINDOWS\system32\PCENT\PCClient.exe [2008-07-31 1015877]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14032184]
C:\Documents and Settings\All Users\Application Data\14032184\14032184.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE [2002-12-09 208896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-05-03 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe /m=2 /w /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-05-03 163840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2011-10-24 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe [2005-12-21 1187840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2006-03-10 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
C:\WINDOWS\SMINST\Scheduler.exe [2006-10-09 697976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-03-07 3905920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVOHST]
svohst.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator.FEVERSHAM_COLL^Start Menu^Programs^Startup^CCC.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2007-07-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^CCC.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2007-07-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-02-06 561213]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2007-05-23 192512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\client32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoAddPrinter"=1
"NoDeletePrinter"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PCENT\PCClient.Exe"="C:\WINDOWS\system32\PCENT\PCClient.Exe:*:Enabled:PCE Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.wmv3"=wmv9vcm.dll
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.inf - install -
.scr - install -
.cpl - cplopen -
======List of files/folders created in the last 1 month======
2012-03-27 15:04:41 ----D---- C:\Program Files\trend micro
2012-03-27 15:04:40 ----D---- C:\rsit
2012-03-27 15:00:52 ----D---- C:\WINDOWS\ERDNT
2012-03-27 15:00:05 ----D---- C:\Program Files\ERUNT
2012-03-27 13:31:42 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-03-27 11:18:49 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-27 10:44:20 ----A---- C:\WINDOWS\system32\rundll32.exe
2012-03-26 14:29:28 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2012-03-26 14:15:14 ----D---- C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Application Data\Malwarebytes
2012-03-26 14:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-03-26 14:15:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-03-26 14:14:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-23 14:20:33 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-03-23 14:20:33 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-03-23 14:20:31 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-03-23 14:20:31 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-03-23 14:20:30 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-03-23 14:20:30 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-03-23 14:20:30 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-03-23 14:20:29 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-03-23 14:19:55 ----A---- C:\WINDOWS\avastSS.scr
2012-03-23 14:19:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-03-23 14:19:31 ----D---- C:\Program Files\AVAST Software
2012-03-23 14:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-03-23 12:46:57 ----D---- C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Application Data\Auslogics
2012-03-23 12:45:32 ----D---- C:\Program Files\Auslogics
2012-03-23 12:42:44 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-23 12:41:43 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-03-23 12:41:39 ----D---- C:\Program Files\SpywareBlaster
2012-03-23 12:38:48 ----D---- C:\Program Files\Common Files\Java
2012-03-23 12:38:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2012-03-23 12:37:42 ----A---- C:\WINDOWS\system32\javaws.exe
2012-03-23 12:37:42 ----A---- C:\WINDOWS\system32\javaw.exe
2012-03-23 12:37:42 ----A---- C:\WINDOWS\system32\java.exe
2012-03-23 12:37:42 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-03-23 12:30:25 ----D---- C:\Program Files\Apple Software Update
2012-03-23 12:30:22 ----SHD---- C:\Config.Msi
2012-03-23 11:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-23 11:58:55 ----D---- C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Application Data\SUPERAntiSpyware.com
2012-03-23 11:57:33 ----D---- C:\ccleaner
2012-03-23 11:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-23 11:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-23 11:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-23 10:59:08 ----D---- C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Application Data\Apple Computer
======List of files/folders modified in the last 1 month======
2012-03-27 15:04:41 ----RD---- C:\Program Files
2012-03-27 15:00:52 ----D---- C:\WINDOWS
2012-03-27 14:57:44 ----D---- C:\WINDOWS\system32
2012-03-27 14:57:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-27 14:53:31 ----SHD---- C:\System Volume Information
2012-03-27 14:48:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-27 14:48:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-27 14:03:51 ----D---- C:\WINDOWS\Prefetch
2012-03-27 14:00:37 ----D---- C:\WINDOWS\system32\Restore
2012-03-27 14:00:05 ----SD---- C:\WINDOWS\Tasks
2012-03-27 13:57:06 ----D---- C:\WINDOWS\Temp
2012-03-27 13:48:13 ----SH---- C:\boot.ini
2012-03-27 13:48:13 ----A---- C:\WINDOWS\win.ini
2012-03-27 13:48:13 ----A---- C:\WINDOWS\system.ini
2012-03-27 13:31:42 ----D---- C:\WINDOWS\system32\drivers
2012-03-27 11:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-03-27 11:05:50 ----SHD---- C:\WINDOWS\Installer
2012-03-27 10:49:03 ----D---- C:\WINDOWS\security
2012-03-27 10:47:16 ----D---- C:\WINDOWS\system32\inetsrv
2012-03-27 10:44:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-03-27 10:18:09 ----SHD---- C:\WINDOWS\CSC
2012-03-26 15:42:27 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-03-26 14:16:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-03-26 12:01:26 ----D---- C:\WINDOWS\Minidump
2012-03-23 15:42:07 ----D---- C:\WINDOWS\WinSxS
2012-03-23 13:15:03 ----D---- C:\WINDOWS\system32\config
2012-03-23 12:51:20 ----D---- C:\WINDOWS\system32\LogFiles
2012-03-23 12:38:48 ----D---- C:\Program Files\Common Files
2012-03-23 12:21:19 ----D---- C:\WINDOWS\system32\Adobe
2012-03-23 12:02:44 ----D---- C:\found.000
2012-03-23 12:00:31 ----D---- C:\WINDOWS\Debug
2012-03-23 11:55:50 ----HD---- C:\WINDOWS\inf
2012-03-23 11:55:27 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-23 11:49:05 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-23 11:48:52 ----D---- C:\Program Files\Microsoft Office
2012-03-23 11:43:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-03-23 11:42:16 ----D---- C:\Program Files\MSN Messenger
2012-03-23 11:38:41 ----D---- C:\WINDOWS\system32\CatRoot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;HP Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2006-07-24 17920]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-07-24 22016]
R3 b57w2k;Broadcom NetLink ™ Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-27 160256]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
S1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
S2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
S2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-23 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-22 1251720]
S2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe []
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-03-27 15:05:08
======Uninstall list======
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
ACDSee 3.1 (SR-1)-->MsiExec.exe /I{047882CA-975E-41FC-BE02-6D6396106C4E}
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -maintain activex
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advancing Physics AS+A2 Teacher Network Client-->MsiExec.exe /I{7272D78D-3178-4ACA-83A6-98C4EE8F983F}
Agere Systems HDA Modem-->C:\WINDOWS\agrsmdel
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Aslogics BoostSpeed-->"C:\Program Files\Auslogics\Auslogics BoostSpeed\unins000.exe"
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Boardworks A2 Biology-->MsiExec.exe /X{5FFBB6DD-9A79-4B6E-98DA-2DA990ED8C05}
Boardworks AS Biology-->MsiExec.exe /X{1891F44C-A14B-4D41-B202-009C6CF544EC}
Boardworks AS Chemistry-->MsiExec.exe /X{615D761B-8957-468D-A9E8-A5ED6E5E8050}
Boardworks AS Physics-->MsiExec.exe /X{A8351E61-C85E-4D83-88C6-CC280FE7E1AA}
Boardworks GCSE Additional Science-->MsiExec.exe /X{0996C3E7-BCD0-4807-8F80-24B43C1E25FF}
Boardworks GCSE Science-->MsiExec.exe /X{5DBE48C5-5D6E-4EDC-AD88-B1DB6DD53F34}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Catalyst Control Center - Branding-->MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
ccc-Branding-->MsiExec.exe /I{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
e-Science-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{12149783-577C-4520-B582-4241A934A8E7}
Exampro AQA AS-A Chemistry-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AA_CH.LOG
Exampro AQA AS-A Biology-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AA_BIO.LOG
Exampro AQA AS-A Physics A-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AA_PA.LOG
Exampro AQA GCSE Biology-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AG_BIO.LOG
Exampro AQA GCSE Chemistry-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AG_CHEM.LOG
Exampro AQA GCSE Physics-->C:\PROGRA~1\EXAMPR~1\UNWISE.EXE C:\PROGRA~1\EXAMPR~1\AG_PHYS.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Quick Launch Buttons 6.20 F2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0064-->MsiExec.exe /I{E25AA53F-6878-4C64-8130-EB8D678DF303}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
K-Lite Mega Codec Pack 1.61-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Multimedia Science School 16-18 Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E8EF88C7-0D9E-4AC2-8A07-90452DAF8B6D}
Multimedia Science School-->MsiExec.exe /X{B96C6380-4CF7-445F-8169-A82D39DE2CD8}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Ranger Outpost Remote Client-->C:\Program Files\Ranger Outpost Client\Setup\Rgrbatch.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0809 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2482017)-->"C:\WINDOWS\ie7updates\KB2482017-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2559049)-->"C:\WINDOWS\ie7updates\KB2559049-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2618444)-->"C:\WINDOWS\ie7updates\KB2618444-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2647516)-->"C:\WINDOWS\ie7updates\KB2647516-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpywareBlaster 4.6-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Testbase Key Stage 3 Science-->C:\PROGRA~1\TESTBA~1\UNWISE.EXE C:\PROGRA~1\TESTBA~1\K3_SCI.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! Antivirus
======System event log======
Computer Name: FEVSW05
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 48042
Source Name: Cdrom
Time Written: 20120122160048.000000+000
Event Type: warning
User:
Computer Name: FEVSW05
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 48041
Source Name: Cdrom
Time Written: 20120122160048.000000+000
Event Type: warning
User:
Computer Name: FEVSW05
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 48040
Source Name: Cdrom
Time Written: 20120122160048.000000+000
Event Type: warning
User:
Computer Name: FEVSW05
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 48039
Source Name: Cdrom
Time Written: 20120122160048.000000+000
Event Type: warning
User:
Computer Name: FEVSW05
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 48038
Source Name: Cdrom
Time Written: 20120122160048.000000+000
Event Type: warning
User:
=====Application event log=====
Computer Name: FEVSW05
Event Code: 51
Message:
Record Number: 52456
Source Name: Symantec AntiVirus
Time Written: 20120308001733.000000+000
Event Type: error
User:
Computer Name: FEVSW05
Event Code: 51
Message:
Record Number: 52455
Source Name: Symantec AntiVirus
Time Written: 20120308001728.000000+000
Event Type: error
User:
Computer Name: FEVSW05
Event Code: 51
Message:
Record Number: 52454
Source Name: Symantec AntiVirus
Time Written: 20120308001723.000000+000
Event Type: error
User:
Computer Name: FEVSW05
Event Code: 51
Message:
Record Number: 52453
Source Name: Symantec AntiVirus
Time Written: 20120308001718.000000+000
Event Type: error
User:
Computer Name: FEVSW05
Event Code: 51
Message:
Record Number: 52452
Source Name: Symantec AntiVirus
Time Written: 20120308001714.000000+000
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Ranger Outpost Remote Client
Exampro AQA AS-A Biology
Exampro AQA GCSE Biology
Boardworks AS Biology
Boardworks A2 Biology
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
SUPERAntiSpyware
Java™ 6 Update 31
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 27 March 2012 - 09:22 AM

QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Tue Mar 27 15:09:45 2012
Machine ID: 20285DCA

No infection found.
-------------------

Processes
---------
Core Service 264 C:\Program Files\SUPERAntiSpyware\SASCore.exe
(verified) Microsoft® Windows® Operating System 1408 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 772 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 852 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1008 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1336 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 796 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 696 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1476 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 173.194.41.169
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 2.18.191.139
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 23.65.22.8
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 199.7.54.190
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 199.7.59.190
Process iexplore.exe (1476) connected on port 80 (HTTP) --> 66.235.142.2
Process svchost.exe (1008) listens on ports: 3389 (Terminal Server)
Process svchost.exe (1092) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
ATI External Event Utility for Windows C:\WINDOWS\system32\Ati2evxx.dll
avast! Antivirus C:\Program Files\AVAST Software\Avast\avastUI.exe
Microsoft Synchronization Manager C:\WINDOWS\system32\mobsync.exe
Microsoft® Windows® Operating System C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\cleanmgr.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\regsvr32.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Policy Central Enterprise C:\WINDOWS\system32\PCENT\PCClient.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Windows Disk Defragmenter C:\WINDOWS\system32\defrag.exe
XSS ShellvRTF E:\info.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\wpdshserviceobj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java™ Platform SE 6 U31 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U31 C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
Java™ Platform SE 6 U31 c:\program files\java\jre6\bin\ssv.dll
Java™ Platform SE 6 U31 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
Process Scanner C:\WINDOWS\Downloaded Program Files\sabspx.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealPlayer Version Plugin C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files
-------------
File not found: C:\WINDOWS\c32cs2.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\"CS32"
File not found: c:\windows\system32\fev.scr
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

Scan
----
MD5: db64bcd0d4f6820793066a8b24c2dc98 C:\Program Files\AVAST Software\Avast\AhAScr.dll
MD5: 713590d7d3630f780560ca510f669b90 c:\program files\avast software\avast\aswwebrepie.dll
MD5: 2695e3e9497bf72abb44b5010ec5da16 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 2e9a1a6555c20424fc6dcc3af21f4d68 C:\Program Files\AVAST Software\Avast\avastUI.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 213822072085b5bbad9af30ab577d817 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
MD5: 31d8b705dcd5f2366186e731f87c7a71 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
MD5: 04c1dcbb226c6ae647b794833ce3ceb6 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
MD5: 630a79b805ce654edb42d27ed0269a0e C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: d99e62c440b4a0463baa47b1256ff0a7 C:\Program Files\Internet Explorer\xpshims.dll
MD5: a9770771b622a871643ea2a4a3983e95 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 0a5709543986843d37a92290b7838340 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
MD5: 8e6c86726b67d3faa3144849b9aac06c c:\program files\java\jre6\bin\ssv.dll
MD5: 59b9f6abac6cbbc356e092c556ff8ea5 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: f0b8c822a200250edf60049f07e4cc41 C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
MD5: 9c9d3b7a05445b1ab2df4d0c4d6b77e8 C:\Program Files\LSI SoftModem\agrsmsvc.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: 9d38320bb32230349379df5ddbbf7fce C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
MD5: b6d347c26f861ddd4ad4863f5a1596b9 C:\Program Files\PDF Complete\pdfsvc.exe
MD5: c0393eb99a6c72c6bef9bfc4a72b33a6 C:\Program Files\SUPERAntiSpyware\SASCore.exe
MD5: 39763504067962108505bff25f024345 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
MD5: 77b9fc20084b48408ad3e87570eb4a85 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: 2975c66459c426c20bc22d639df6b611 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 2ab3a3c80c935bc6c86f3880f8f34bcc C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
MD5: 3f9a3232e5f942874488981f3242c989 C:\Program Files\UPHClean\uphclean.exe
MD5: 0ece2b1910527ae85691151d56621891 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
MD5: 94a85e956a065e23e0010a6a7826243b C:\Program Files\Windows Live\installer\WLSetupSvc.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 5002991ada7920b35e46e7ea80c134fe C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: ebc89d1526dc72917d4421551656c54e C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 37823fcaffb40d7a3b3724a9b8250d6d C:\WINDOWS\Downloaded Program Files\sabspx.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: a81135541c9d4ebce43efa8ad31395b4 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
MD5: 5eeb45f500e3e97153cb75723f8ca185 C:\WINDOWS\SMINST\PCAngel.exe
MD5: 4676a8e1ee37e71486717ecd1e61c17b C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 30a0daaff1d5ef3c16b7c47d5a128fa5 C:\WINDOWS\system32\Ati2evxx.dll
MD5: 8afb4aff8837254e6d14338b1b11e690 C:\WINDOWS\system32\Ati2evxx.exe
MD5: 2c4e4027e418eb4f0ed1e3793a4834df C:\WINDOWS\system32\cleanmgr.exe
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: 29d41e4ed94b2048f96583d18bc1950f C:\WINDOWS\system32\defrag.exe
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 558a0039f0ef634397e1f61055504478 C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
MD5: 7356eff52ad50b8946d346002118ce62 C:\WINDOWS\system32\drivers\ADIHdAud.sys
MD5: fff87a9b1ab36ee4b7bec98a4cb01b79 C:\WINDOWS\system32\drivers\AEAudio.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 3712986cc3abf0dc656b43525b9d1279 C:\WINDOWS\system32\DRIVERS\AGRSM.sys
MD5: efbb0956baed786e137351b5ca272aef C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: d0c00ee032994b698b47837a3561717a C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 293e8cc3c246a89f4cca75b024ad757f C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
MD5: 74a65415dfaad20f06e7550fa9b6e012 C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: 37f385a93c620cbe0f89c17e45f697a1 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
MD5: ba57f31eab93dc597d772f6f5b9ed54f C:\WINDOWS\system32\DRIVERS\btkrnl.sys
MD5: 57e91e9925976bbc98984eebaaf1d84c C:\WINDOWS\System32\Drivers\btwusb.sys
MD5: de15777902a5d9121857d155873a1d1b C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
MD5: e88b0cfcecf745211bba87f44f85d0dd C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
MD5: 5953c0952e4dd2b25b9adef05ab0285c C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
MD5: f67554da27d5b55efcb6c7cb4818fbfd C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
MD5: 7ffd29fafcde7aaf89b689b6e156d5b0 C:\WINDOWS\system32\drivers\mbamchameleon.sys
MD5: 0db7527db188c7d967a37bb51bbf3963 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
MD5: 70c14f5cca5cf73f8a645c73a01d8726 C:\WINDOWS\system32\drivers\mqac.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 7afd0e39ab15cb355487b7cc19f4e2c5 C:\WINDOWS\system32\DRIVERS\netaapl.sys
MD5: 175cc28dcf819f78caa3fbd44ad9e52a C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
MD5: 96f7a9a7bf0c9c0440a967440065d33c C:\WINDOWS\system32\drivers\RMCast.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 5876072999220ef2fba1ddec86d2b97e C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: 8e16bf5600797e678ea97051cf93e6bf C:\WINDOWS\system32\dumprep.exe
MD5: 578ebb9ef96529b9aa398c2c646cb385 C:\WINDOWS\system32\duvdlmu.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 790a4ca68f44be35967b3df61f3e4675 C:\WINDOWS\system32\FsUsbExDisk.SYS
MD5: d3f9205cc4cb07553f2f9472c767ea87 C:\WINDOWS\system32\FsUsbExService.Exe
MD5: 3cecda26586ca4db9be51241a6db7c3c C:\WINDOWS\system32\HPZipm12.dll
MD5: 2c849ef63c0086287e427bf65fc64d09 C:\WINDOWS\system32\IEFRAME.dll
MD5: b43140c2edc49c4b7c140f1f4e3f6877 C:\WINDOWS\system32\iepeers.dll
MD5: e236ecb439a9e824fab18c49d6526136 C:\WINDOWS\system32\iertutil.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: d2938c8085cb65a7c0c3448e673e8c39 C:\WINDOWS\system32\Macromed\Flash\Flash11f.ocx
MD5: 95786e866a54c7782e60855d2bae5410 C:\WINDOWS\system32\mobsync.exe
MD5: afb909b537aae1beae7bbdb6a36d40b0 C:\WINDOWS\system32\mqsvc.exe
MD5: 7f955ff3b1bb93376ebe75d5accdc6db C:\WINDOWS\system32\mqtgsvc.exe
MD5: a9259cd226283cd4f798c00909754a94 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: a3a6ffc8673c6f75738a7f1a630b69f9 C:\WINDOWS\system32\PCENT\PCClient.exe
MD5: c7c84df7233f4834cd190f3dccaf50ca C:\WINDOWS\system32\rdpwsx.dll
MD5: fbdb9d0935b9907b809b381fddf1627f C:\WINDOWS\system32\regsvr32.exe
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 407bc2813b30bc2f8a341d5091828caa C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: f362d50fbdc6e34918df41bde1770e5c C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
MD5: 6c487182578d1253831725a7cdc606c3 E:\info.exe
The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\system32\PCENT\PCClient.exe
Upload started - 1 file(s)
PCClient.exe (1015877)
Upload speed - 110 KB/s
Upload finished - 1 uploaded, 0 failed
The uploaded file(s) were found clean.
Scan finished - communication took 9 sec
Total traffic - 0.97 MB sent, 0.57 KB recvd
Scanned 491 files and modules - 31 seconds
==============================================================================

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: administrator [Admin rights]
Mode: Scan -- Date: 03/27/2012 15:13:23
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKLM\[...]\RunServices : CS32 (C:\WINDOWS\c32cs2.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.bradfordlearning.net:3128) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9120822AS +++++
--- User ---
[MBR] cd4bd12b28bbbf5081eca143a377821c
[BSP] 544f5a2395c1665ae5377f8043cc4c3d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 104218 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 213439590 | Size: 10252 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#5 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 March 2012 - 09:58 AM

Step 1
Download aswMBR.exe ( 511KB ) to your desktop.
Double click on aswMBR.exe to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe Posted Image & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Step 4
Copy & Paste the contents of aswMBR log
TDSSKILLER log
C:\Combofix.txt

and tell me, How is the system now ? :excl

There will be more to do later.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#6 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 28 March 2012 - 03:47 AM

Step 1 - the Fix button was not enabled. Results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 08:36:35
-----------------------------
08:36:35.469 OS Version: Windows 5.1.2600 Service Pack 3
08:36:35.469 Number of processors: 2 586 0x6801
08:36:35.469 ComputerName: FEVSW05 UserName:
08:36:36.266 Initialize success
08:36:36.688 AVAST engine defs: 12032800
08:37:12.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:37:12.934 Disk 0 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
08:37:13.012 Disk 0 MBR read successfully
08:37:13.028 Disk 0 MBR scan
08:37:13.044 Disk 0 unknown MBR code
08:37:13.075 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 104218 MB offset 63
08:37:13.122 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10252 MB offset 213439590
08:37:13.169 Disk 0 scanning sectors +234436545
08:37:13.278 Disk 0 scanning C:\WINDOWS\system32\drivers
08:37:24.063 Service scanning
08:37:41.037 Modules scanning
08:37:53.885 Scan finished successfully
08:38:18.299 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Desktop\MBR.dat"
08:38:18.346 The log file has been saved successfully to "C:\Documents and Settings\Administrator.FEVERSHAM_COLL\Desktop\aswMBR.txt"

Step 2 - no reboot was required.

08:41:30.0625 2808 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
08:41:30.0719 2808 ============================================================
08:41:30.0719 2808 Current date / time: 2012/03/28 08:41:30.0719
08:41:30.0719 2808 SystemInfo:
08:41:30.0719 2808
08:41:30.0719 2808 OS Version: 5.1.2600 ServicePack: 3.0
08:41:30.0719 2808 Product type: Workstation
08:41:30.0719 2808 ComputerName: FEVSW05
08:41:30.0719 2808 UserName: administrator
08:41:30.0719 2808 Windows directory: C:\WINDOWS
08:41:30.0719 2808 System windows directory: C:\WINDOWS
08:41:30.0719 2808 Processor architecture: Intel x86
08:41:30.0719 2808 Number of processors: 2
08:41:30.0719 2808 Page size: 0x1000
08:41:30.0719 2808 Boot type: Normal boot
08:41:30.0719 2808 ============================================================
08:41:31.0688 2808 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:41:31.0688 2808 \Device\Harddisk0\DR0:
08:41:31.0688 2808 MBR used
08:41:31.0688 2808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCB8D427
08:41:31.0688 2808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCB8D466, BlocksNum 0x140635B
08:41:31.0766 2808 Initialize success
08:41:31.0766 2808 ============================================================
08:41:47.0408 2084 ============================================================
08:41:47.0408 2084 Scan started
08:41:47.0408 2084 Mode: Manual;
08:41:47.0408 2084 ============================================================
08:41:47.0815 2084 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:41:47.0815 2084 !SASCORE - ok
08:41:48.0034 2084 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:41:48.0034 2084 Aavmker4 - ok
08:41:48.0080 2084 Abiosdsk - ok
08:41:48.0159 2084 abp480n5 - ok
08:41:48.0221 2084 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
08:41:48.0237 2084 Accelerometer - ok
08:41:48.0315 2084 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:41:48.0315 2084 ACPI - ok
08:41:48.0424 2084 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:41:48.0424 2084 ACPIEC - ok
08:41:48.0518 2084 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:41:48.0534 2084 ADIHdAudAddService - ok
08:41:48.0596 2084 adpu160m - ok
08:41:48.0627 2084 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
08:41:48.0627 2084 AEAudio - ok
08:41:48.0768 2084 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:41:48.0784 2084 aec - ok
08:41:48.0862 2084 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:41:48.0862 2084 AFD - ok
08:41:48.0940 2084 AgereModemAudio (9c9d3b7a05445b1ab2df4d0c4d6b77e8) C:\Program Files\LSI SoftModem\agrsmsvc.exe
08:41:48.0940 2084 AgereModemAudio - ok
08:41:49.0065 2084 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:41:49.0127 2084 AgereSoftModem - ok
08:41:49.0174 2084 Aha154x - ok
08:41:49.0252 2084 aic78u2 - ok
08:41:49.0331 2084 aic78xx - ok
08:41:49.0440 2084 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:41:49.0440 2084 Alerter - ok
08:41:49.0487 2084 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:41:49.0487 2084 ALG - ok
08:41:49.0565 2084 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:41:49.0565 2084 AliIde - ok
08:41:49.0627 2084 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:41:49.0627 2084 AmdK8 - ok
08:41:49.0674 2084 amsint - ok
08:41:49.0784 2084 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:41:49.0784 2084 Apple Mobile Device - ok
08:41:49.0940 2084 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:41:49.0940 2084 AppMgmt - ok
08:41:50.0018 2084 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:41:50.0018 2084 Arp1394 - ok
08:41:50.0081 2084 asc - ok
08:41:50.0159 2084 asc3350p - ok
08:41:50.0237 2084 asc3550 - ok
08:41:50.0424 2084 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:41:50.0487 2084 aspnet_state - ok
08:41:50.0549 2084 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:41:50.0549 2084 aswFsBlk - ok
08:41:50.0612 2084 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
08:41:50.0612 2084 aswMon2 - ok
08:41:50.0674 2084 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
08:41:50.0674 2084 aswRdr - ok
08:41:50.0784 2084 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
08:41:50.0784 2084 aswSnx - ok
08:41:50.0878 2084 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
08:41:50.0893 2084 aswSP - ok
08:41:50.0971 2084 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
08:41:50.0971 2084 aswTdi - ok
08:41:51.0065 2084 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:41:51.0065 2084 AsyncMac - ok
08:41:51.0175 2084 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:41:51.0175 2084 atapi - ok
08:41:51.0221 2084 Atdisk - ok
08:41:51.0346 2084 Ati HotKey Poller (8afb4aff8837254e6d14338b1b11e690) C:\WINDOWS\system32\Ati2evxx.exe
08:41:51.0362 2084 Ati HotKey Poller - ok
08:41:51.0581 2084 ati2mtag (d0c00ee032994b698b47837a3561717a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:41:51.0628 2084 ati2mtag - ok
08:41:51.0737 2084 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:41:51.0737 2084 Atmarpc - ok
08:41:51.0846 2084 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
08:41:51.0846 2084 ATSWPDRV - ok
08:41:51.0909 2084 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:41:51.0909 2084 AudioSrv - ok
08:41:51.0971 2084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:41:51.0987 2084 audstub - ok
08:41:52.0081 2084 avast! Antivirus (2695e3e9497bf72abb44b5010ec5da16) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:41:52.0081 2084 avast! Antivirus - ok
08:41:52.0175 2084 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:41:52.0175 2084 b57w2k - ok
08:41:52.0347 2084 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:41:52.0378 2084 BCM43XX - ok
08:41:52.0487 2084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:41:52.0487 2084 Beep - ok
08:41:52.0597 2084 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:41:52.0675 2084 BITS - ok
08:41:52.0768 2084 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
08:41:52.0768 2084 Bonjour Service - ok
08:41:52.0893 2084 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:41:52.0893 2084 Browser - ok
08:41:53.0065 2084 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
08:41:53.0081 2084 BTKRNL - ok
08:41:53.0159 2084 btwdins (0ece2b1910527ae85691151d56621891) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
08:41:53.0175 2084 btwdins - ok
08:41:53.0362 2084 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
08:41:53.0362 2084 BTWUSB - ok
08:41:53.0440 2084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:41:53.0440 2084 cbidf2k - ok
08:41:53.0456 2084 cd20xrnt - ok
08:41:53.0503 2084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:41:53.0503 2084 Cdaudio - ok
08:41:53.0550 2084 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:41:53.0550 2084 Cdfs - ok
08:41:53.0581 2084 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:41:53.0581 2084 Cdrom - ok
08:41:53.0597 2084 Changer - ok
08:41:53.0659 2084 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:41:53.0659 2084 CiSvc - ok
08:41:53.0690 2084 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:41:53.0690 2084 ClipSrv - ok
08:41:53.0769 2084 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:41:53.0956 2084 clr_optimization_v2.0.50727_32 - ok
08:41:54.0065 2084 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:41:54.0065 2084 CmBatt - ok
08:41:54.0112 2084 CmdIde - ok
08:41:54.0144 2084 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:41:54.0159 2084 Compbatt - ok
08:41:54.0191 2084 COMSysApp - ok
08:41:54.0284 2084 Cpqarray - ok
08:41:54.0409 2084 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:41:54.0409 2084 CryptSvc - ok
08:41:54.0456 2084 dac2w2k - ok
08:41:54.0519 2084 dac960nt - ok
08:41:54.0612 2084 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:41:54.0644 2084 DcomLaunch - ok
08:41:54.0722 2084 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:41:54.0722 2084 Dhcp - ok
08:41:54.0816 2084 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:41:54.0816 2084 Disk - ok
08:41:54.0862 2084 dmadmin - ok
08:41:55.0003 2084 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:41:55.0034 2084 dmboot - ok
08:41:55.0112 2084 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:41:55.0128 2084 dmio - ok
08:41:55.0191 2084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:41:55.0206 2084 dmload - ok
08:41:55.0300 2084 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:41:55.0300 2084 dmserver - ok
08:41:55.0378 2084 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:41:55.0394 2084 DMusic - ok
08:41:55.0472 2084 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:41:55.0472 2084 Dnscache - ok
08:41:55.0566 2084 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:41:55.0581 2084 Dot3svc - ok
08:41:55.0675 2084 dpti2o - ok
08:41:55.0753 2084 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:41:55.0769 2084 drmkaud - ok
08:41:55.0847 2084 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
08:41:55.0847 2084 eabfiltr - ok
08:41:55.0925 2084 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:41:55.0941 2084 EapHost - ok
08:41:56.0003 2084 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:41:56.0003 2084 ERSvc - ok
08:41:56.0066 2084 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:41:56.0081 2084 Eventlog - ok
08:41:56.0144 2084 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:41:56.0159 2084 EventSystem - ok
08:41:56.0253 2084 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:41:56.0253 2084 Fastfat - ok
08:41:56.0316 2084 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:41:56.0331 2084 FastUserSwitchingCompatibility - ok
08:41:56.0378 2084 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:41:56.0378 2084 Fdc - ok
08:41:56.0425 2084 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:41:56.0425 2084 Fips - ok
08:41:56.0456 2084 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:41:56.0456 2084 Flpydisk - ok
08:41:56.0519 2084 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:41:56.0519 2084 FltMgr - ok
08:41:56.0660 2084 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:41:56.0660 2084 FontCache3.0.0.0 - ok
08:41:56.0769 2084 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
08:41:56.0769 2084 FsUsbExDisk - ok
08:41:56.0831 2084 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
08:41:56.0847 2084 FsUsbExService - ok
08:41:56.0988 2084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:41:56.0988 2084 Fs_Rec - ok
08:41:57.0050 2084 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:41:57.0050 2084 Ftdisk - ok
08:41:57.0128 2084 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:41:57.0128 2084 GEARAspiWDM - ok
08:41:57.0206 2084 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:41:57.0206 2084 Gpc - ok
08:41:57.0285 2084 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
08:41:57.0285 2084 HBtnKey - ok
08:41:57.0363 2084 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:41:57.0363 2084 HDAudBus - ok
08:41:57.0503 2084 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:41:57.0519 2084 helpsvc - ok
08:41:57.0519 2084 Suspicious service (NoAccess): hgnxf
08:41:57.0550 2084 hgnxf ( LockedService.Multi.Generic ) - warning
08:41:57.0550 2084 hgnxf - detected LockedService.Multi.Generic (1)
08:41:57.0644 2084 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:41:57.0644 2084 HidServ - ok
08:41:57.0785 2084 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:41:57.0800 2084 HidUsb - ok
08:41:57.0878 2084 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:41:57.0894 2084 hkmsvc - ok
08:41:57.0988 2084 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
08:41:57.0988 2084 hpdskflt - ok
08:41:58.0035 2084 hpn - ok
08:41:58.0207 2084 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
08:41:58.0207 2084 hpqwmiex - ok
08:41:58.0300 2084 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:41:58.0300 2084 HTTP - ok
08:41:58.0394 2084 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:41:58.0394 2084 HTTPFilter - ok
08:41:58.0441 2084 i2omgmt - ok
08:41:58.0488 2084 i2omp - ok
08:41:58.0550 2084 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:41:58.0566 2084 i8042prt - ok
08:41:58.0691 2084 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:41:58.0691 2084 IDriverT - ok
08:41:58.0910 2084 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:41:58.0957 2084 idsvc - ok
08:41:59.0129 2084 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
08:41:59.0129 2084 IFXTPM - ok
08:41:59.0222 2084 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:41:59.0222 2084 Imapi - ok
08:41:59.0285 2084 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:41:59.0300 2084 ImapiService - ok
08:41:59.0379 2084 ini910u - ok
08:41:59.0472 2084 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:41:59.0488 2084 IntelIde - ok
08:41:59.0566 2084 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:41:59.0566 2084 Ip6Fw - ok
08:41:59.0676 2084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:41:59.0676 2084 IpFilterDriver - ok
08:41:59.0722 2084 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:41:59.0722 2084 IpInIp - ok
08:41:59.0769 2084 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:41:59.0785 2084 IpNat - ok
08:41:59.0879 2084 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
08:41:59.0941 2084 iPod Service - ok
08:42:00.0097 2084 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:42:00.0097 2084 IPSec - ok
08:42:00.0160 2084 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:42:00.0160 2084 IRENUM - ok
08:42:00.0238 2084 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:42:00.0238 2084 isapnp - ok
08:42:00.0347 2084 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
08:42:00.0347 2084 IviRegMgr - ok
08:42:00.0426 2084 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:42:00.0426 2084 JavaQuickStarterService - ok
08:42:00.0582 2084 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:42:00.0597 2084 Kbdclass - ok
08:42:00.0644 2084 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:42:00.0644 2084 kbdhid - ok
08:42:00.0707 2084 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:42:00.0723 2084 kmixer - ok
08:42:00.0801 2084 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:42:00.0801 2084 KSecDD - ok
08:42:00.0863 2084 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:42:00.0879 2084 lanmanserver - ok
08:42:00.0957 2084 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:42:00.0988 2084 lanmanworkstation - ok
08:42:01.0035 2084 lbrtfdc - ok
08:42:01.0207 2084 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:42:01.0207 2084 LightScribeService - ok
08:42:01.0285 2084 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:42:01.0301 2084 LmHosts - ok
08:42:01.0394 2084 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
08:42:01.0394 2084 mbamchameleon - ok
08:42:01.0504 2084 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
08:42:01.0504 2084 MBAMSwissArmy - ok
08:42:01.0598 2084 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:42:01.0598 2084 Messenger - ok
08:42:01.0707 2084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:42:01.0707 2084 mnmdd - ok
08:42:01.0754 2084 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:42:01.0754 2084 mnmsrvc - ok
08:42:01.0801 2084 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:42:01.0801 2084 Modem - ok
08:42:01.0816 2084 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:42:01.0816 2084 Mouclass - ok
08:42:01.0895 2084 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:42:01.0895 2084 mouhid - ok
08:42:01.0941 2084 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:42:01.0941 2084 MountMgr - ok
08:42:02.0020 2084 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
08:42:02.0020 2084 MQAC - ok
08:42:02.0035 2084 mraid35x - ok
08:42:02.0082 2084 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:42:02.0098 2084 MRxDAV - ok
08:42:02.0191 2084 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:42:02.0207 2084 MRxSmb - ok
08:42:02.0301 2084 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:42:02.0301 2084 MSDTC - ok
08:42:02.0379 2084 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:42:02.0379 2084 Msfs - ok
08:42:02.0426 2084 MSIServer - ok
08:42:02.0504 2084 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:42:02.0504 2084 MSKSSRV - ok
08:42:02.0598 2084 MSMQ (afb909b537aae1beae7bbdb6a36d40b0) C:\WINDOWS\system32\mqsvc.exe
08:42:02.0598 2084 MSMQ - ok
08:42:02.0660 2084 MSMQTriggers (7f955ff3b1bb93376ebe75d5accdc6db) C:\WINDOWS\system32\mqtgsvc.exe
08:42:02.0676 2084 MSMQTriggers - ok
08:42:02.0770 2084 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:42:02.0785 2084 MSPCLOCK - ok
08:42:02.0863 2084 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:42:02.0863 2084 MSPQM - ok
08:42:02.0926 2084 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:42:02.0926 2084 mssmbios - ok
08:42:02.0973 2084 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:42:02.0988 2084 Mup - ok
08:42:03.0067 2084 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:42:03.0082 2084 napagent - ok
08:42:03.0160 2084 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:42:03.0160 2084 NDIS - ok
08:42:03.0223 2084 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:42:03.0223 2084 NdisTapi - ok
08:42:03.0254 2084 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:42:03.0270 2084 Ndisuio - ok
08:42:03.0317 2084 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:42:03.0317 2084 NdisWan - ok
08:42:03.0395 2084 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:42:03.0395 2084 NDProxy - ok
08:42:03.0473 2084 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
08:42:03.0473 2084 Netaapl - ok
08:42:03.0535 2084 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:42:03.0535 2084 NetBIOS - ok
08:42:03.0598 2084 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:42:03.0598 2084 NetBT - ok
08:42:03.0676 2084 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:42:03.0692 2084 NetDDE - ok
08:42:03.0707 2084 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:42:03.0723 2084 NetDDEdsdm - ok
08:42:03.0770 2084 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:42:03.0770 2084 Netlogon - ok
08:42:03.0801 2084 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:42:03.0817 2084 Netman - ok
08:42:03.0957 2084 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:03.0957 2084 NetTcpPortSharing - ok
08:42:04.0114 2084 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:42:04.0114 2084 NIC1394 - ok
08:42:04.0207 2084 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:42:04.0223 2084 Nla - ok
08:42:04.0270 2084 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:42:04.0270 2084 Npfs - ok
08:42:04.0348 2084 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:42:04.0364 2084 Ntfs - ok
08:42:04.0426 2084 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:42:04.0426 2084 NtLmSsp - ok
08:42:04.0520 2084 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:42:04.0551 2084 NtmsSvc - ok
08:42:04.0629 2084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:42:04.0645 2084 Null - ok
08:42:04.0707 2084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:42:04.0707 2084 NwlnkFlt - ok
08:42:04.0785 2084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:42:04.0785 2084 NwlnkFwd - ok
08:42:04.0879 2084 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:42:04.0879 2084 ohci1394 - ok
08:42:05.0004 2084 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:42:05.0020 2084 ose - ok
08:42:05.0067 2084 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:42:05.0082 2084 Parport - ok
08:42:05.0129 2084 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:42:05.0129 2084 PartMgr - ok
08:42:05.0207 2084 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:42:05.0207 2084 ParVdm - ok
08:42:05.0317 2084 PCA (5eeb45f500e3e97153cb75723f8ca185) C:\WINDOWS\SMINST\PCAngel.exe
08:42:05.0317 2084 PCA - ok
08:42:05.0411 2084 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:42:05.0426 2084 pccsmcfd - ok
08:42:05.0489 2084 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:42:05.0504 2084 PCI - ok
08:42:05.0536 2084 PCIDump - ok
08:42:05.0598 2084 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:42:05.0598 2084 PCIIde - ok
08:42:05.0629 2084 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:42:05.0629 2084 Pcmcia - ok
08:42:05.0676 2084 PDCOMP - ok
08:42:05.0754 2084 pdfcDispatcher - ok
08:42:05.0801 2084 PDFRAME - ok
08:42:05.0832 2084 PDRELI - ok
08:42:05.0879 2084 PDRFRAME - ok
08:42:05.0911 2084 perc2 - ok
08:42:05.0957 2084 perc2hib - ok
08:42:06.0082 2084 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:42:06.0098 2084 PlugPlay - ok
08:42:06.0192 2084 Pml Driver HPZ12 (3cecda26586ca4db9be51241a6db7c3c) C:\WINDOWS\system32\HPZipm12.dll
08:42:06.0208 2084 Pml Driver HPZ12 - ok
08:42:06.0254 2084 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:42:06.0254 2084 PolicyAgent - ok
08:42:06.0379 2084 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:42:06.0379 2084 PptpMiniport - ok
08:42:06.0442 2084 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:42:06.0442 2084 Processor - ok
08:42:06.0489 2084 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:42:06.0504 2084 ProtectedStorage - ok
08:42:06.0551 2084 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:42:06.0551 2084 PSched - ok
08:42:06.0645 2084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:42:06.0645 2084 Ptilink - ok
08:42:06.0708 2084 ql1080 - ok
08:42:06.0770 2084 Ql10wnt - ok
08:42:06.0817 2084 ql12160 - ok
08:42:06.0879 2084 ql1240 - ok
08:42:06.0942 2084 ql1280 - ok
08:42:07.0004 2084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:42:07.0004 2084 RasAcd - ok
08:42:07.0098 2084 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:42:07.0114 2084 RasAuto - ok
08:42:07.0192 2084 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:42:07.0208 2084 Rasl2tp - ok
08:42:07.0270 2084 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:42:07.0286 2084 RasMan - ok
08:42:07.0333 2084 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:42:07.0333 2084 RasPppoe - ok
08:42:07.0395 2084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:42:07.0395 2084 Raspti - ok
08:42:07.0458 2084 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:42:07.0473 2084 Rdbss - ok
08:42:07.0520 2084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:42:07.0536 2084 RDPCDD - ok
08:42:07.0598 2084 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:42:07.0598 2084 rdpdr - ok
08:42:07.0739 2084 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:42:07.0739 2084 RDPWD - ok
08:42:07.0817 2084 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:42:07.0833 2084 RDSessMgr - ok
08:42:07.0895 2084 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:42:07.0911 2084 redbook - ok
08:42:07.0989 2084 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:42:08.0005 2084 RemoteAccess - ok
08:42:08.0098 2084 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:42:08.0114 2084 RemoteRegistry - ok
08:42:08.0192 2084 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
08:42:08.0208 2084 RMCAST - ok
08:42:08.0317 2084 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:42:08.0333 2084 RpcLocator - ok
08:42:08.0427 2084 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:42:08.0442 2084 RpcSs - ok
08:42:08.0505 2084 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:42:08.0536 2084 RSVP - ok
08:42:08.0598 2084 SABProcEnum - ok
08:42:08.0661 2084 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:42:08.0677 2084 SamSs - ok
08:42:08.0708 2084 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:42:08.0723 2084 SASDIFSV - ok
08:42:08.0739 2084 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:42:08.0755 2084 SASKUTIL - ok
08:42:08.0848 2084 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:42:08.0864 2084 SCardSvr - ok
08:42:08.0927 2084 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:42:08.0942 2084 Schedule - ok
08:42:09.0036 2084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:42:09.0036 2084 Secdrv - ok
08:42:09.0098 2084 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:42:09.0114 2084 seclogon - ok
08:42:09.0177 2084 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:42:09.0192 2084 SENS - ok
08:42:09.0239 2084 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:42:09.0239 2084 Serial - ok
08:42:09.0380 2084 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:42:09.0395 2084 ServiceLayer - ok
08:42:09.0614 2084 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:42:09.0614 2084 Sfloppy - ok
08:42:09.0724 2084 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:42:09.0739 2084 SharedAccess - ok
08:42:09.0864 2084 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:42:09.0880 2084 ShellHWDetection - ok
08:42:10.0005 2084 Simbad - ok
08:42:10.0067 2084 Smcinst - ok
08:42:10.0145 2084 Sparrow - ok
08:42:10.0192 2084 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:42:10.0192 2084 splitter - ok
08:42:10.0239 2084 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:42:10.0255 2084 Spooler - ok
08:42:10.0286 2084 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:42:10.0286 2084 sr - ok
08:42:10.0380 2084 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:42:10.0395 2084 srservice - ok
08:42:10.0474 2084 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:42:10.0489 2084 Srv - ok
08:42:10.0536 2084 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:42:10.0552 2084 SSDPSRV - ok
08:42:10.0614 2084 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
08:42:10.0630 2084 ss_bbus - ok
08:42:10.0677 2084 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
08:42:10.0692 2084 ss_bmdfl - ok
08:42:10.0739 2084 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
08:42:10.0739 2084 ss_bmdm - ok
08:42:10.0849 2084 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:42:10.0864 2084 stisvc - ok
08:42:10.0927 2084 stllssvr - ok
08:42:11.0021 2084 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:42:11.0021 2084 swenum - ok
08:42:11.0083 2084 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:42:11.0083 2084 swmidi - ok
08:42:11.0099 2084 SwPrv - ok
08:42:11.0302 2084 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
08:42:11.0317 2084 Symantec Core LC - ok
08:42:11.0458 2084 symc810 - ok
08:42:11.0521 2084 symc8xx - ok
08:42:11.0614 2084 sym_hi - ok
08:42:11.0693 2084 sym_u3 - ok
08:42:11.0849 2084 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:42:11.0864 2084 SynTP - ok
08:42:11.0943 2084 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:42:11.0943 2084 sysaudio - ok
08:42:12.0036 2084 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:42:12.0052 2084 SysmonLog - ok
08:42:12.0099 2084 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:42:12.0130 2084 TapiSrv - ok
08:42:12.0239 2084 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:42:12.0255 2084 Tcpip - ok
08:42:12.0349 2084 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:42:12.0349 2084 TDPIPE - ok
08:42:12.0396 2084 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:42:12.0396 2084 TDTCP - ok
08:42:12.0427 2084 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:42:12.0443 2084 TermDD - ok
08:42:12.0489 2084 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:42:12.0521 2084 TermService - ok
08:42:12.0568 2084 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:42:12.0583 2084 Themes - ok
08:42:12.0661 2084 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:42:12.0677 2084 TlntSvr - ok
08:42:12.0786 2084 TosIde - ok
08:42:12.0849 2084 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:42:12.0865 2084 TrkWks - ok
08:42:12.0943 2084 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:42:12.0943 2084 Udfs - ok
08:42:13.0005 2084 ultra - ok
08:42:13.0099 2084 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:42:13.0115 2084 Update - ok
08:42:13.0224 2084 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
08:42:13.0224 2084 UPHClean - ok
08:42:13.0318 2084 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:42:13.0333 2084 upnphost - ok
08:42:13.0380 2084 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:42:13.0396 2084 UPS - ok
08:42:13.0521 2084 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:42:13.0521 2084 USBAAPL - ok
08:42:13.0599 2084 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:42:13.0599 2084 usbccgp - ok
08:42:13.0661 2084 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:42:13.0661 2084 usbehci - ok
08:42:13.0740 2084 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:42:13.0740 2084 usbhub - ok
08:42:13.0787 2084 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:42:13.0787 2084 usbohci - ok
08:42:13.0865 2084 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:42:13.0865 2084 usbscan - ok
08:42:13.0958 2084 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:42:13.0974 2084 usbstor - ok
08:42:14.0052 2084 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:42:14.0068 2084 usbuhci - ok
08:42:14.0130 2084 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:42:14.0130 2084 VgaSave - ok
08:42:14.0193 2084 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:42:14.0193 2084 ViaIde - ok
08:42:14.0255 2084 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:42:14.0255 2084 VolSnap - ok
08:42:14.0380 2084 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:42:14.0412 2084 VSS - ok
08:42:14.0458 2084 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:42:14.0474 2084 W32Time - ok
08:42:14.0583 2084 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:42:14.0599 2084 Wanarp - ok
08:42:14.0693 2084 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:42:14.0724 2084 Wdf01000 - ok
08:42:14.0755 2084 WDICA - ok
08:42:14.0818 2084 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:42:14.0818 2084 wdmaud - ok
08:42:14.0865 2084 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:42:14.0896 2084 WebClient - ok
08:42:15.0052 2084 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:42:15.0052 2084 winmgmt - ok
08:42:15.0177 2084 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
08:42:15.0193 2084 WLSetupSvc - ok
08:42:15.0271 2084 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:42:15.0287 2084 WmdmPmSN - ok
08:42:15.0365 2084 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:42:15.0412 2084 Wmi - ok
08:42:15.0505 2084 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:42:15.0505 2084 WmiAcpi - ok
08:42:15.0646 2084 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:42:15.0646 2084 WmiApSrv - ok
08:42:15.0802 2084 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:42:15.0849 2084 WMPNetworkSvc - ok
08:42:16.0006 2084 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:42:16.0021 2084 wscsvc - ok
08:42:16.0084 2084 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:42:16.0099 2084 wuauserv - ok
08:42:16.0240 2084 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:42:16.0240 2084 WudfPf - ok
08:42:16.0318 2084 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:42:16.0334 2084 WudfRd - ok
08:42:16.0443 2084 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:42:16.0459 2084 WudfSvc - ok
08:42:16.0568 2084 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:42:16.0615 2084 WZCSVC - ok
08:42:16.0709 2084 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:42:16.0724 2084 xmlprov - ok
08:42:16.0787 2084 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
08:42:16.0974 2084 \Device\Harddisk0\DR0 - ok
08:42:16.0990 2084 Boot (0x1200) (ff9ed2e24855c68fe4e66028a5499c69) \Device\Harddisk0\DR0\Partition0
08:42:16.0990 2084 \Device\Harddisk0\DR0\Partition0 - ok
08:42:17.0006 2084 Boot (0x1200) (8e48ea3f42216c6ecc3dfa28209eb5dd) \Device\Harddisk0\DR0\Partition1
08:42:17.0006 2084 \Device\Harddisk0\DR0\Partition1 - ok
08:42:17.0021 2084 ============================================================
08:42:17.0021 2084 Scan finished
08:42:17.0021 2084 ============================================================
08:42:17.0053 2216 Detected object count: 1
08:42:17.0053 2216 Actual detected object count: 1
08:42:29.0992 2216 hgnxf ( LockedService.Multi.Generic ) - skipped by user
08:42:29.0992 2216 hgnxf ( LockedService.Multi.Generic ) - User select action: Skip

Step 3 - I ran combofix and answered the questions as they appeared. Unfortunately I had to leave the room and when I returned it had restarted and was back at the login. I cannot find the log anywhere. I've done a search but can't seem to find it. Sorry.

#7 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 28 March 2012 - 08:13 AM

Hi. The laptop seems ok. But I tried super antispyware and malwarebytes as a test and they both crashed a few minutes into the scans.
Thanks again.

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 March 2012 - 11:46 AM

Your logs show you installed Avast on March the 23, after removing Removed Symantec Endpoint Protection.
Sometimes Norton/Symantec (other vendors too) do not fully un-install all their components.

What other antivirus products have been on this system? What was provided when you first bought this system?
Is this a home system?

Close and save any open documents you have, and exit any programs you started.

Download, Save, then run the Norton/Symantec removal tool
http://solutions.sym...0070816103157EN

Once it finishes, Logoff and Restart the system fresh.

Step 2
Disable CD-ROM Emulation Software:
Please download the following tool DeFogger to your desktop.
◦Double click DeFogger to run the tool.
◦The application window will appear
◦Click the Disable button to disable your CD Emulation drivers.
◦Click Yes to continue
◦A 'Finished!' message will appear
◦Click OK
DeFogger will now ask to reboot the machine - click OK :excl:

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
◦Do not re-enable these drivers until otherwise instructed.

Step 3
Leave aside S**r Antimalware. I do not need for you to run it.
Kindly only do the steps I outline.

Step 4
Be sure you are logged in to Windows with an administrator-rights account.

Since you have Avast antivirus, let's make sure to set trust exclusions in bot Avast & MBAM
See section K of the Frequently Asked Questions on MBAM :excl:
http://forums.malwar...post&pid=417798

Do the trust settings in Avast :excl:
Do the trust settings in MBAM :excl:

Step 4
Turn OFF your Avast antivirus.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 5
  • Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
  • Once the Help file opens, click on a Chameleon button (starting with #1) until you see a black DOS/command prompt window that remains open and says
    MBAM-chameleon ver. 1.60.2 at the top
  • Press any key to continue as it says in the window {space-bar will do}
  • Have infinite patience during this process
  • Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  • Once the update completes and it says your database is updated, click on OK :excl:
  • Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  • Upon completion, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  • A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  • Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  • If prompted to restart your computer to complete the removal process, click Yes :excl:
  • If no threats are found, press EXIT to end MBAM.
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
Step 6
Re-Enable your antivirus program

Reply with copy of the MBAM scan log for review
and tell me, How is your system now ?  :excl:

Edited by Maurice Naggar, 28 March 2012 - 11:57 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 29 March 2012 - 08:35 AM

Hi. As far as I know there has only been Norton on this but unfortunately the license ran out a while back (I am looking at this laptop as a favour for a friend).

No error or log for DeFogger. No problems with RKill.

Malware Bytes has finally finished. It kept crashing at a spot in \administrator\Local Settings\Temporary Internet Files\Content.IE5 so I ended up deleting everything in the folder and it finished normally. I restared

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.29.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
administrator :: FEVSW05 [administrator]
29/03/2012 14:10:55
mbam-log-2012-03-29 (14-10-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 218420
Time elapsed: 6 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Everything seems ok now. Thank you.

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 29 March 2012 - 09:44 AM

Good run of MBAM !
I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.
Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Enable button to re-enable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
ERUNT you may keep & use on a regular basis to backup the Windows registry.

Delete the following tools, if still present:
RKILL
RogueKiller.exe
aswMBR.exe
TDSSKILLER.exe

Insecure utilities:
Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.
Get latest Adobe Reader version
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

You need to remove older versions of Java runtime. Do this:
Download & Save to your Desktop or a new folder Javara.zip

Extract the contents of the zip file. Then double click Javara.exe to run it.
JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

We are finished here. Best regards.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 chcjcamo

chcjcamo

    New Member

  • Members
  • Pip
  • 13 posts
  • Gender:Female
  • Location:UK

Posted 30 March 2012 - 05:39 AM

I have followed all your suggestions. Thank you very much for your time on this. It is very much appreciated.
Chrystal

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 March 2012 - 07:22 AM

Chrystal,
You're quite welcome. I am glad to have helped. It is a pleasure to have worked with you. :) Best to you.

I am now closing this topic.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users