Jump to content


Photo
- - - - -

Have Google Redirect Virus - April 2012

google redirect virus disabled AV

  • This topic is locked This topic is locked
35 replies to this topic

#1 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 04 April 2012 - 07:47 PM

So I'm pretty sure I picked up some nasty malware/virus while streaming tv shows a month back. I've been unable to start Windows security center or Microsoft Security Essentials and I get redirected if I click on the top Google links. However, I can't seem to find the stupid thing (used malware bytes, Spybot Search & Destroy, Kapresky stuff, etc).

I've attached below my logs from running DDS. Thanks, Alex.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by User at 1:35:52 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.542 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1
TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan
2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}
2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}
2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}
2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}
2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}
2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}
2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}
2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}
2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}
2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan
2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager
2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}
2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}
2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}
2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}
2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}
2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}
2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}
2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}
2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}
2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll
2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}
2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll
2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}
2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}
2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}
2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}
2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}
2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}
2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}
2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}
2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}
2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}
2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}
2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}
2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}
2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}
2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}
2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}
2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}
2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}
2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}
2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}
2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43
2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}
2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}
2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}
2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}
2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake
2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}
2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}
2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}
2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}
2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}
2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks
2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild
2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake
2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}
2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}
2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}
2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}
2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}
2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}
2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}
2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}
2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}
2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}
2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN
2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}
2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}
2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}
2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}
2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}
2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}
2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}
2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}
2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}
2012-03-06 16:05:50 -------- d-----w- c:\users\user\appdata\local\{6FE4ACCE-7DDB-450F-8556-9DBB2351CCC5}
2012-03-06 04:05:26 -------- d-----w- c:\users\user\appdata\local\{A094D666-7F3A-49F6-94E1-AC01BCC809F8}
2012-03-06 04:05:14 -------- d-----w- c:\users\user\appdata\local\{AED62BE4-B43F-4EC7-914F-53F3EA72C0A2}
.
==================== Find3M ====================
.
2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:37:13.54 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/02/2012 18:45:54
System Uptime: 05/04/2012 00:43:47 (1 hours ago)
.
Motherboard: Acer | | Aspire 4810T
Processor: Genuine Intel® CPU U4100 @ 1.30GHz | CPU | 1300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 387.262 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Apple Software Update
µTorrent
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Cisco EAP-FAST Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dropbox
DVD43 v4.6.0
Google Chrome
GStreamer WinBuilds 0.10.6 (GPL)
HandBrake 0.9.6
HP MediaSmart Server 3.0 Update 1
HP Update
Java Auto Updater
Java™ 6 Update 31
Lightworks
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2010
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
Nitro Reader 2
Picasa 3
QuickTime
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sky Go Desktop
Skype Click to Call
Skype™ 5.8
Spotify
TunnelBear 1.0.29
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.0
Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6)
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
05/04/2012 01:36:09, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.
05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK.
04/04/2012 11:07:57, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
02/04/2012 08:19:43, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
.
==== End Of File ===========================

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 April 2012 - 07:23 AM

Hello Alex and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

µTorrent - It is against our policy. Take a look here
uTorrentControl2 Toolbar - A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 05 April 2012 - 05:51 PM

Hey Maniac,

Thank you for helping me out. Please see below the report from TDSSKiller log


23:29:07.0892 5660 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
23:29:08.0027 5660 ============================================================
23:29:08.0027 5660 Current date / time: 2012/04/05 23:29:08.0027
23:29:08.0027 5660 SystemInfo:
23:29:08.0027 5660
23:29:08.0028 5660 OS Version: 6.1.7601 ServicePack: 1.0
23:29:08.0028 5660 Product type: Workstation
23:29:08.0028 5660 ComputerName: USER-PC
23:29:08.0028 5660 UserName: User
23:29:08.0028 5660 Windows directory: C:\Windows
23:29:08.0028 5660 System windows directory: C:\Windows
23:29:08.0028 5660 Processor architecture: Intel x86
23:29:08.0028 5660 Number of processors: 2
23:29:08.0028 5660 Page size: 0x1000
23:29:08.0028 5660 Boot type: Normal boot
23:29:08.0028 5660 ============================================================
23:29:09.0873 5660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:29:09.0937 5660 \Device\Harddisk0\DR0:
23:29:09.0937 5660 MBR used
23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:29:09.0979 5660 Initialize success
23:29:09.0979 5660 ============================================================
23:30:25.0602 3144 ============================================================
23:30:25.0602 3144 Scan started
23:30:25.0602 3144 Mode: Manual; SigCheck; TDLFS;
23:30:25.0602 3144 ============================================================
23:30:28.0273 3144 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:30:28.0433 3144 1394ohci - ok
23:30:28.0572 3144 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:30:28.0602 3144 ACPI - ok
23:30:28.0654 3144 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:30:28.0736 3144 AcpiPmi - ok
23:30:28.0848 3144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:28.0886 3144 adp94xx - ok
23:30:28.0923 3144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:30:28.0953 3144 adpahci - ok
23:30:28.0996 3144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:30:29.0016 3144 adpu320 - ok
23:30:29.0066 3144 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:30:29.0158 3144 AeLookupSvc - ok
23:30:29.0272 3144 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:30:29.0354 3144 AFD - ok
23:30:29.0448 3144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:30:29.0472 3144 agp440 - ok
23:30:29.0538 3144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:30:29.0559 3144 aic78xx - ok
23:30:29.0666 3144 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:30:29.0716 3144 ALG - ok
23:30:29.0788 3144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:30:29.0807 3144 aliide - ok
23:30:29.0844 3144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:30:29.0865 3144 amdagp - ok
23:30:29.0900 3144 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:30:29.0920 3144 amdide - ok
23:30:29.0986 3144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:30:30.0038 3144 AmdK8 - ok
23:30:30.0139 3144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:30:30.0199 3144 AmdPPM - ok
23:30:30.0311 3144 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:30:30.0333 3144 amdsata - ok
23:30:30.0397 3144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:30.0422 3144 amdsbs - ok
23:30:30.0472 3144 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:30:30.0492 3144 amdxata - ok
23:30:30.0544 3144 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:30:30.0603 3144 AppID - ok
23:30:30.0682 3144 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:30:30.0752 3144 AppIDSvc - ok
23:30:30.0802 3144 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:30:30.0902 3144 Appinfo - ok
23:30:30.0982 3144 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:30:31.0002 3144 arc - ok
23:30:31.0042 3144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:30:31.0062 3144 arcsas - ok
23:30:31.0131 3144 arXfrSvc (0ef69443881cde7d8354408f05cf23df) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
23:30:31.0155 3144 arXfrSvc - ok
23:30:31.0257 3144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:31.0363 3144 AsyncMac - ok
23:30:31.0467 3144 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:30:31.0485 3144 atapi - ok
23:30:31.0549 3144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:30:31.0617 3144 AudioEndpointBuilder - ok
23:30:31.0633 3144 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:30:31.0682 3144 Audiosrv - ok
23:30:31.0751 3144 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:30:31.0831 3144 AxInstSV - ok
23:30:31.0933 3144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:30:32.0006 3144 b06bdrv - ok
23:30:32.0108 3144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:30:32.0172 3144 b57nd60x - ok
23:30:32.0275 3144 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:30:32.0368 3144 BDESVC - ok
23:30:32.0469 3144 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:30:32.0526 3144 Beep - ok
23:30:32.0637 3144 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:30:32.0710 3144 BFE - ok
23:30:32.0799 3144 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:30:32.0879 3144 BITS - ok
23:30:32.0934 3144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:32.0970 3144 blbdrive - ok
23:30:33.0048 3144 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:30:33.0090 3144 bowser - ok
23:30:33.0167 3144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:33.0214 3144 BrFiltLo - ok
23:30:33.0251 3144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:33.0293 3144 BrFiltUp - ok
23:30:33.0370 3144 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:30:33.0430 3144 Browser - ok
23:30:33.0481 3144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:30:33.0543 3144 Brserid - ok
23:30:33.0635 3144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:33.0676 3144 BrSerWdm - ok
23:30:33.0705 3144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:33.0747 3144 BrUsbMdm - ok
23:30:33.0833 3144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:33.0883 3144 BrUsbSer - ok
23:30:33.0978 3144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:34.0016 3144 BTHMODEM - ok
23:30:34.0100 3144 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:30:34.0152 3144 bthserv - ok
23:30:34.0210 3144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:30:34.0276 3144 cdfs - ok
23:30:34.0381 3144 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
23:30:34.0415 3144 cdrom - ok
23:30:34.0489 3144 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:30:34.0546 3144 CertPropSvc - ok
23:30:34.0590 3144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:30:34.0627 3144 circlass - ok
23:30:34.0703 3144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:30:34.0732 3144 CLFS - ok
23:30:34.0812 3144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:34.0832 3144 clr_optimization_v2.0.50727_32 - ok
23:30:34.0931 3144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:34.0990 3144 clr_optimization_v4.0.30319_32 - ok
23:30:35.0094 3144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:35.0125 3144 CmBatt - ok
23:30:35.0205 3144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:30:35.0225 3144 cmdide - ok
23:30:35.0279 3144 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:30:35.0325 3144 CNG - ok
23:30:35.0446 3144 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:30:35.0466 3144 Compbatt - ok
23:30:35.0604 3144 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:30:35.0642 3144 CompositeBus - ok
23:30:35.0716 3144 COMSysApp - ok
23:30:35.0771 3144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:35.0791 3144 crcdisk - ok
23:30:35.0870 3144 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:30:35.0927 3144 CryptSvc - ok
23:30:35.0976 3144 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:30:36.0046 3144 DcomLaunch - ok
23:30:36.0132 3144 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:30:36.0192 3144 defragsvc - ok
23:30:36.0255 3144 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:30:36.0310 3144 DfsC - ok
23:30:36.0392 3144 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:30:36.0454 3144 Dhcp - ok
23:30:36.0511 3144 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:30:36.0567 3144 discache - ok
23:30:36.0671 3144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:30:36.0696 3144 Disk - ok
23:30:36.0729 3144 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:30:36.0796 3144 Dnscache - ok
23:30:36.0886 3144 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:30:36.0951 3144 dot3svc - ok
23:30:37.0050 3144 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:30:37.0254 3144 DPS - ok
23:30:37.0351 3144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:30:37.0391 3144 drmkaud - ok
23:30:37.0504 3144 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
23:30:37.0534 3144 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
23:30:37.0534 3144 dvd43llh - detected UnsignedFile.Multi.Generic (1)
23:30:37.0596 3144 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:30:37.0648 3144 DXGKrnl - ok
23:30:37.0687 3144 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:30:37.0742 3144 EapHost - ok
23:30:37.0871 3144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:30:37.0998 3144 ebdrv - ok
23:30:38.0079 3144 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:30:38.0129 3144 EFS - ok
23:30:38.0165 3144 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:30:38.0258 3144 ehRecvr - ok
23:30:38.0294 3144 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:30:38.0364 3144 ehSched - ok
23:30:38.0442 3144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:30:38.0477 3144 elxstor - ok
23:30:38.0519 3144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:30:38.0550 3144 ErrDev - ok
23:30:38.0603 3144 esClient (27aa2c6917c94f6636563d416c8ee24f) C:\Program Files\Windows Home Server\esClient.exe
23:30:38.0621 3144 esClient - ok
23:30:38.0712 3144 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:30:38.0780 3144 EventSystem - ok
23:30:38.0850 3144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:30:38.0901 3144 exfat - ok
23:30:38.0967 3144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:30:39.0032 3144 fastfat - ok
23:30:39.0125 3144 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:30:39.0193 3144 Fax - ok
23:30:39.0283 3144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:30:39.0319 3144 fdc - ok
23:30:39.0370 3144 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:30:39.0427 3144 fdPHost - ok
23:30:39.0490 3144 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:30:39.0538 3144 FDResPub - ok
23:30:39.0576 3144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:30:39.0596 3144 FileInfo - ok
23:30:39.0605 3144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:30:39.0665 3144 Filetrace - ok
23:30:39.0692 3144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:39.0731 3144 flpydisk - ok
23:30:39.0843 3144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:30:39.0869 3144 FltMgr - ok
23:30:39.0944 3144 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:30:40.0043 3144 FontCache - ok
23:30:40.0138 3144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:30:40.0157 3144 FontCache3.0.0.0 - ok
23:30:40.0235 3144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:30:40.0255 3144 FsDepends - ok
23:30:40.0300 3144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:30:40.0321 3144 Fs_Rec - ok
23:30:40.0387 3144 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:30:40.0417 3144 fvevol - ok
23:30:40.0511 3144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:40.0534 3144 gagp30kx - ok
23:30:40.0588 3144 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:30:40.0668 3144 gpsvc - ok
23:30:40.0763 3144 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:30:40.0785 3144 gusvc - ok
23:30:40.0876 3144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:30:40.0963 3144 hcw85cir - ok
23:30:41.0077 3144 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:30:41.0123 3144 HdAudAddService - ok
23:30:41.0222 3144 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:30:41.0265 3144 HDAudBus - ok
23:30:41.0363 3144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:41.0397 3144 HidBatt - ok
23:30:41.0498 3144 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:30:41.0541 3144 HidBth - ok
23:30:41.0649 3144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:30:41.0689 3144 HidIr - ok
23:30:41.0735 3144 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
23:30:41.0808 3144 hidserv - ok
23:30:41.0921 3144 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
23:30:41.0951 3144 HidUsb - ok
23:30:42.0000 3144 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:30:42.0046 3144 hkmsvc - ok
23:30:42.0088 3144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:30:42.0178 3144 HomeGroupListener - ok
23:30:42.0205 3144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:30:42.0250 3144 HomeGroupProvider - ok
23:30:42.0317 3144 HPMSSConnectorSvc (4092496c2e1b1438665b086548512b13) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
23:30:42.0326 3144 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - warning
23:30:42.0326 3144 HPMSSConnectorSvc - detected UnsignedFile.Multi.Generic (1)
23:30:42.0433 3144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:30:42.0454 3144 HpSAMD - ok
23:30:42.0506 3144 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:30:42.0572 3144 HTTP - ok
23:30:42.0640 3144 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:30:42.0661 3144 hwpolicy - ok
23:30:42.0741 3144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:30:42.0775 3144 i8042prt - ok
23:30:42.0903 3144 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:30:42.0934 3144 iaStorV - ok
23:30:43.0006 3144 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:30:43.0067 3144 idsvc - ok
23:30:43.0363 3144 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:30:43.0702 3144 igfx - ok
23:30:43.0817 3144 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:30:43.0837 3144 iirsp - ok
23:30:43.0890 3144 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:30:43.0972 3144 IKEEXT - ok
23:30:44.0027 3144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:30:44.0045 3144 intelide - ok
23:30:44.0135 3144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:30:44.0160 3144 intelppm - ok
23:30:44.0230 3144 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:30:44.0299 3144 IPBusEnum - ok
23:30:44.0344 3144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:44.0404 3144 IpFilterDriver - ok
23:30:44.0511 3144 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:30:44.0585 3144 iphlpsvc - ok
23:30:44.0677 3144 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:30:44.0719 3144 IPMIDRV - ok
23:30:44.0766 3144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:30:44.0828 3144 IPNAT - ok
23:30:44.0926 3144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:30:44.0992 3144 IRENUM - ok
23:30:45.0097 3144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:30:45.0117 3144 isapnp - ok
23:30:45.0154 3144 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:30:45.0182 3144 iScsiPrt - ok
23:30:45.0220 3144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:30:45.0241 3144 kbdclass - ok
23:30:45.0479 3144 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:30:45.0519 3144 kbdhid - ok
23:30:45.0595 3144 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:30:45.0617 3144 KeyIso - ok
23:30:45.0673 3144 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:30:45.0694 3144 KSecDD - ok
23:30:45.0748 3144 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:30:45.0772 3144 KSecPkg - ok
23:30:45.0832 3144 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:30:45.0906 3144 KtmRm - ok
23:30:45.0995 3144 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
23:30:46.0049 3144 L1C - ok
23:30:46.0140 3144 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
23:30:46.0207 3144 LanmanServer - ok
23:30:46.0312 3144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:30:46.0362 3144 LanmanWorkstation - ok
23:30:46.0443 3144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:30:46.0511 3144 lltdio - ok
23:30:46.0565 3144 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:30:46.0629 3144 lltdsvc - ok
23:30:46.0684 3144 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:30:46.0742 3144 lmhosts - ok
23:30:46.0801 3144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:46.0824 3144 LSI_FC - ok
23:30:46.0917 3144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:46.0939 3144 LSI_SAS - ok
23:30:46.0976 3144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:46.0992 3144 LSI_SAS2 - ok
23:30:47.0023 3144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:47.0039 3144 LSI_SCSI - ok
23:30:47.0086 3144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:30:47.0146 3144 luafv - ok
23:30:47.0228 3144 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:30:47.0255 3144 Mcx2Svc - ok
23:30:47.0335 3144 MediaCollectorService (75e31d760ff9a57da66cb2e336c40316) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
23:30:47.0359 3144 MediaCollectorService ( UnsignedFile.Multi.Generic ) - warning
23:30:47.0359 3144 MediaCollectorService - detected UnsignedFile.Multi.Generic (1)
23:30:47.0453 3144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:30:47.0473 3144 megasas - ok
23:30:47.0604 3144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:47.0630 3144 MegaSR - ok
23:30:47.0717 3144 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:30:47.0735 3144 Microsoft Office Groove Audit Service - ok
23:30:47.0813 3144 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:30:47.0873 3144 MMCSS - ok
23:30:47.0938 3144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:30:47.0998 3144 Modem - ok
23:30:48.0098 3144 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:30:48.0131 3144 monitor - ok
23:30:48.0238 3144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
23:30:48.0257 3144 mouclass - ok
23:30:48.0321 3144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:30:48.0352 3144 mouhid - ok
23:30:48.0429 3144 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:30:48.0450 3144 mountmgr - ok
23:30:48.0508 3144 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:30:48.0534 3144 MpFilter - ok
23:30:48.0570 3144 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:30:48.0592 3144 mpio - ok
23:30:48.0621 3144 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:30:48.0638 3144 MpNWMon - ok
23:30:48.0670 3144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:30:48.0718 3144 mpsdrv - ok
23:30:48.0775 3144 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:30:48.0865 3144 MpsSvc - ok
23:30:48.0965 3144 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:30:49.0010 3144 MRxDAV - ok
23:30:49.0101 3144 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:49.0167 3144 mrxsmb - ok
23:30:49.0263 3144 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:49.0296 3144 mrxsmb10 - ok
23:30:49.0328 3144 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:49.0368 3144 mrxsmb20 - ok
23:30:49.0458 3144 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:30:49.0478 3144 msahci - ok
23:30:49.0522 3144 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:30:49.0547 3144 msdsm - ok
23:30:49.0591 3144 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:30:49.0634 3144 MSDTC - ok
23:30:49.0705 3144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:30:49.0754 3144 Msfs - ok
23:30:49.0796 3144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:30:49.0855 3144 mshidkmdf - ok
23:30:49.0894 3144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:30:49.0913 3144 msisadrv - ok
23:30:49.0999 3144 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:30:50.0056 3144 MSiSCSI - ok
23:30:50.0072 3144 msiserver - ok
23:30:50.0119 3144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:30:50.0178 3144 MSKSSRV - ok
23:30:50.0256 3144 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
23:30:50.0274 3144 MsMpSvc - ok
23:30:50.0378 3144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:50.0435 3144 MSPCLOCK - ok
23:30:50.0546 3144 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:30:50.0595 3144 MSPQM - ok
23:30:50.0637 3144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:30:50.0653 3144 MsRPC - ok
23:30:50.0723 3144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:30:50.0743 3144 mssmbios - ok
23:30:50.0793 3144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:30:50.0843 3144 MSTEE - ok
23:30:50.0883 3144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:50.0923 3144 MTConfig - ok
23:30:50.0983 3144 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:30:51.0003 3144 Mup - ok
23:30:51.0083 3144 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:30:51.0153 3144 napagent - ok
23:30:51.0273 3144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:30:51.0313 3144 NativeWifiP - ok
23:30:51.0423 3144 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:30:51.0483 3144 NDIS - ok
23:30:51.0563 3144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:51.0613 3144 NdisCap - ok
23:30:51.0663 3144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:51.0723 3144 NdisTapi - ok
23:30:51.0793 3144 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:51.0863 3144 Ndisuio - ok
23:30:51.0943 3144 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:52.0013 3144 NdisWan - ok
23:30:52.0083 3144 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:30:52.0143 3144 NDProxy - ok
23:30:52.0213 3144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:30:52.0273 3144 NetBIOS - ok
23:30:52.0342 3144 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:30:52.0406 3144 NetBT - ok
23:30:52.0485 3144 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:30:52.0508 3144 Netlogon - ok
23:30:52.0582 3144 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:30:52.0649 3144 Netman - ok
23:30:52.0741 3144 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:30:52.0810 3144 netprofm - ok
23:30:52.0914 3144 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
23:30:52.0987 3144 netr28u - ok
23:30:53.0084 3144 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:30:53.0103 3144 NetTcpPortSharing - ok
23:30:53.0351 3144 NETwNs32 (6de8d8d6e23f42d819eae39fa3f6f31d) C:\Windows\system32\DRIVERS\NETwNs32.sys
23:30:53.0639 3144 NETwNs32 - ok
23:30:53.0753 3144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:53.0773 3144 nfrd960 - ok
23:30:53.0825 3144 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:30:53.0841 3144 NisDrv - ok
23:30:53.0916 3144 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
23:30:53.0941 3144 NisSrv - ok
23:30:54.0059 3144 NitroReaderDriverReadSpool2 (88ba747aa5c103566fe6289b4ac3937d) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
23:30:54.0084 3144 NitroReaderDriverReadSpool2 - ok
23:30:54.0178 3144 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:30:54.0240 3144 NlaSvc - ok
23:30:54.0292 3144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:30:54.0340 3144 Npfs - ok
23:30:54.0442 3144 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:30:54.0506 3144 nsi - ok
23:30:54.0570 3144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:30:54.0619 3144 nsiproxy - ok
23:30:54.0725 3144 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:30:54.0805 3144 Ntfs - ok
23:30:54.0850 3144 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:30:54.0905 3144 Null - ok
23:30:54.0977 3144 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:30:55.0001 3144 nvraid - ok
23:30:55.0059 3144 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:30:55.0083 3144 nvstor - ok
23:30:55.0136 3144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:30:55.0162 3144 nv_agp - ok
23:30:55.0260 3144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:30:55.0292 3144 odserv - ok
23:30:55.0390 3144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:30:55.0422 3144 ohci1394 - ok
23:30:55.0496 3144 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:55.0516 3144 ose - ok
23:30:55.0680 3144 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:30:55.0901 3144 osppsvc - ok
23:30:55.0988 3144 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:30:56.0046 3144 p2pimsvc - ok
23:30:56.0141 3144 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:30:56.0192 3144 p2psvc - ok
23:30:56.0247 3144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:30:56.0272 3144 Parport - ok
23:30:56.0338 3144 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:30:56.0362 3144 partmgr - ok
23:30:56.0397 3144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:30:56.0431 3144 Parvdm - ok
23:30:56.0462 3144 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:30:56.0503 3144 PcaSvc - ok
23:30:56.0553 3144 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:30:56.0578 3144 pci - ok
23:30:56.0622 3144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:30:56.0642 3144 pciide - ok
23:30:56.0673 3144 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:56.0697 3144 pcmcia - ok
23:30:56.0724 3144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:30:56.0746 3144 pcw - ok
23:30:56.0784 3144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:30:56.0875 3144 PEAUTH - ok
23:30:57.0017 3144 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:30:57.0132 3144 pla - ok
23:30:57.0212 3144 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:30:57.0273 3144 PlugPlay - ok
23:30:57.0329 3144 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:30:57.0371 3144 PNRPAutoReg - ok
23:30:57.0407 3144 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:30:57.0489 3144 PNRPsvc - ok
23:30:57.0529 3144 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:30:57.0596 3144 PolicyAgent - ok
23:30:57.0684 3144 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:30:57.0790 3144 Power - ok
23:30:57.0900 3144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:30:57.0954 3144 PptpMiniport - ok
23:30:58.0047 3144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:30:58.0079 3144 Processor - ok
23:30:58.0172 3144 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:30:58.0222 3144 ProfSvc - ok
23:30:58.0252 3144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:30:58.0274 3144 ProtectedStorage - ok
23:30:58.0336 3144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:30:58.0401 3144 Psched - ok
23:30:58.0482 3144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:30:58.0563 3144 ql2300 - ok
23:30:58.0624 3144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:58.0648 3144 ql40xx - ok
23:30:58.0695 3144 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:30:58.0741 3144 QWAVE - ok
23:30:58.0798 3144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:30:58.0834 3144 QWAVEdrv - ok
23:30:58.0910 3144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:30:58.0974 3144 RasAcd - ok
23:30:59.0076 3144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:59.0123 3144 RasAgileVpn - ok
23:30:59.0166 3144 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:30:59.0219 3144 RasAuto - ok
23:30:59.0272 3144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:59.0341 3144 Rasl2tp - ok
23:30:59.0434 3144 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:30:59.0501 3144 RasMan - ok
23:30:59.0604 3144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:59.0654 3144 RasPppoe - ok
23:30:59.0714 3144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:30:59.0764 3144 RasSstp - ok
23:30:59.0824 3144 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:30:59.0891 3144 rdbss - ok
23:30:59.0976 3144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:31:00.0006 3144 rdpbus - ok
23:31:00.0036 3144 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:00.0106 3144 RDPCDD - ok
23:31:00.0206 3144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:31:00.0256 3144 RDPENCDD - ok
23:31:00.0286 3144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:31:00.0346 3144 RDPREFMP - ok
23:31:00.0446 3144 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
23:31:00.0521 3144 RDPWD - ok
23:31:00.0630 3144 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:31:00.0655 3144 rdyboost - ok
23:31:00.0694 3144 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:31:00.0756 3144 RemoteAccess - ok
23:31:00.0809 3144 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:31:00.0869 3144 RemoteRegistry - ok
23:31:00.0982 3144 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows\system32\Drivers\RimUsb.sys
23:31:01.0040 3144 RimUsb - ok
23:31:01.0142 3144 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
23:31:01.0176 3144 RimVSerPort - ok
23:31:01.0286 3144 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
23:31:01.0347 3144 ROOTMODEM - ok
23:31:01.0409 3144 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:31:01.0458 3144 RpcEptMapper - ok
23:31:01.0487 3144 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:31:01.0529 3144 RpcLocator - ok
23:31:01.0574 3144 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:31:01.0626 3144 RpcSs - ok
23:31:01.0693 3144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:31:01.0755 3144 rspndr - ok
23:31:01.0795 3144 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:31:01.0817 3144 SamSs - ok
23:31:01.0870 3144 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:31:01.0892 3144 sbp2port - ok
23:31:01.0932 3144 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:31:01.0992 3144 SCardSvr - ok
23:31:02.0019 3144 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:31:02.0085 3144 scfilter - ok
23:31:02.0147 3144 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:31:02.0243 3144 Schedule - ok
23:31:02.0276 3144 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:31:02.0320 3144 SCPolicySvc - ok
23:31:02.0348 3144 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:31:02.0413 3144 SDRSVC - ok
23:31:02.0514 3144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:31:02.0578 3144 secdrv - ok
23:31:02.0618 3144 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:31:02.0683 3144 seclogon - ok
23:31:02.0750 3144 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:31:02.0803 3144 SENS - ok
23:31:02.0838 3144 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:31:02.0904 3144 SensrSvc - ok
23:31:03.0000 3144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:31:03.0039 3144 Serenum - ok
23:31:03.0146 3144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:31:03.0173 3144 Serial - ok
23:31:03.0220 3144 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:31:03.0243 3144 sermouse - ok
23:31:03.0305 3144 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:31:03.0359 3144 SessionEnv - ok
23:31:03.0410 3144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:31:03.0448 3144 sffdisk - ok
23:31:03.0532 3144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:31:03.0578 3144 sffp_mmc - ok
23:31:03.0666 3144 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:31:03.0692 3144 sffp_sd - ok
23:31:03.0731 3144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:31:03.0763 3144 sfloppy - ok
23:31:03.0813 3144 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:31:03.0879 3144 SharedAccess - ok
23:31:03.0978 3144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:31:04.0033 3144 ShellHWDetection - ok
23:31:04.0084 3144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:31:04.0105 3144 sisagp - ok
23:31:04.0158 3144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:31:04.0179 3144 SiSRaid2 - ok
23:31:04.0205 3144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:31:04.0226 3144 SiSRaid4 - ok
23:31:04.0292 3144 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
23:31:04.0311 3144 SkypeUpdate - ok
23:31:04.0419 3144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:31:04.0469 3144 Smb - ok
23:31:04.0524 3144 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:31:04.0550 3144 SNMPTRAP - ok
23:31:04.0577 3144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:31:04.0597 3144 spldr - ok
23:31:04.0641 3144 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:31:04.0715 3144 Spooler - ok
23:31:04.0827 3144 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:31:04.0978 3144 sppsvc - ok
23:31:05.0066 3144 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:31:05.0134 3144 sppuinotify - ok
23:31:05.0208 3144 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:31:05.0262 3144 srv - ok
23:31:05.0364 3144 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:31:05.0413 3144 srv2 - ok
23:31:05.0515 3144 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:31:05.0605 3144 srvnet - ok
23:31:05.0801 3144 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:31:05.0854 3144 SSDPSRV - ok
23:31:05.0879 3144 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:31:05.0937 3144 SstpSvc - ok
23:31:05.0995 3144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:31:06.0015 3144 stexstor - ok
23:31:06.0106 3144 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:31:06.0168 3144 StiSvc - ok
23:31:06.0240 3144 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:31:06.0259 3144 swenum - ok
23:31:06.0299 3144 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:31:06.0374 3144 swprv - ok
23:31:06.0433 3144 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:31:06.0502 3144 SysMain - ok
23:31:06.0545 3144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:31:06.0594 3144 TabletInputService - ok
23:31:06.0639 3144 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\Windows\system32\DRIVERS\tap0901.sys
23:31:06.0716 3144 tap0901 - ok
23:31:06.0800 3144 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:31:06.0870 3144 TapiSrv - ok
23:31:06.0917 3144 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:31:06.0975 3144 TBS - ok
23:31:07.0073 3144 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:31:07.0151 3144 Tcpip - ok
23:31:07.0217 3144 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:31:07.0265 3144 TCPIP6 - ok
23:31:07.0387 3144 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:31:07.0443 3144 tcpipreg - ok
23:31:07.0541 3144 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:31:07.0592 3144 TDPIPE - ok
23:31:07.0632 3144 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:31:07.0662 3144 TDTCP - ok
23:31:07.0692 3144 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:31:07.0742 3144 tdx - ok
23:31:07.0782 3144 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:31:07.0802 3144 TermDD - ok
23:31:07.0852 3144 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:31:07.0922 3144 TermService - ok
23:31:07.0952 3144 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:31:08.0002 3144 Themes - ok
23:31:08.0102 3144 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:31:08.0152 3144 THREADORDER - ok
23:31:08.0213 3144 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:31:08.0277 3144 TrkWks - ok
23:31:08.0353 3144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:31:08.0410 3144 TrustedInstaller - ok
23:31:08.0491 3144 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:08.0551 3144 tssecsrv - ok
23:31:08.0664 3144 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:31:08.0722 3144 TsUsbFlt - ok
23:31:08.0832 3144 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:31:08.0899 3144 tunnel - ok
23:31:08.0954 3144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:31:08.0975 3144 uagp35 - ok
23:31:09.0029 3144 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:31:09.0086 3144 udfs - ok
23:31:09.0131 3144 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:31:09.0166 3144 UI0Detect - ok
23:31:09.0271 3144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:31:09.0291 3144 uliagpkx - ok
23:31:09.0350 3144 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:31:09.0378 3144 umbus - ok
23:31:09.0480 3144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:31:09.0516 3144 UmPass - ok
23:31:09.0606 3144 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:31:09.0666 3144 upnphost - ok
23:31:09.0716 3144 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:09.0806 3144 usbccgp - ok
23:31:09.0902 3144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:31:09.0930 3144 usbcir - ok
23:31:09.0988 3144 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:31:10.0012 3144 usbehci - ok
23:31:10.0055 3144 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:31:10.0085 3144 usbhub - ok
23:31:10.0143 3144 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:31:10.0176 3144 usbohci - ok
23:31:10.0239 3144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:31:10.0265 3144 usbprint - ok
23:31:10.0340 3144 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:10.0399 3144 USBSTOR - ok
23:31:10.0494 3144 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:31:10.0519 3144 usbuhci - ok
23:31:10.0574 3144 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
23:31:10.0612 3144 usbvideo - ok
23:31:10.0693 3144 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:31:10.0747 3144 UxSms - ok
23:31:10.0797 3144 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:31:10.0819 3144 VaultSvc - ok
23:31:10.0924 3144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:31:10.0947 3144 vdrvroot - ok
23:31:11.0005 3144 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:31:11.0083 3144 vds - ok
23:31:11.0191 3144 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:11.0242 3144 vga - ok
23:31:11.0284 3144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:31:11.0343 3144 VgaSave - ok
23:31:11.0378 3144 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:31:11.0403 3144 vhdmp - ok
23:31:11.0495 3144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:31:11.0518 3144 viaagp - ok
23:31:11.0562 3144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:31:11.0590 3144 ViaC7 - ok
23:31:11.0622 3144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:31:11.0642 3144 viaide - ok
23:31:11.0678 3144 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:31:11.0701 3144 volmgr - ok
23:31:11.0750 3144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:31:11.0780 3144 volmgrx - ok
23:31:11.0822 3144 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:31:11.0849 3144 volsnap - ok
23:31:11.0940 3144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:31:11.0965 3144 vsmraid - ok
23:31:12.0036 3144 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:31:12.0127 3144 VSS - ok
23:31:12.0172 3144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:31:12.0208 3144 vwifibus - ok
23:31:12.0276 3144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:31:12.0306 3144 vwififlt - ok
23:31:12.0344 3144 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:31:12.0392 3144 W32Time - ok
23:31:12.0455 3144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:31:12.0483 3144 WacomPen - ok
23:31:12.0538 3144 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:31:12.0592 3144 WANARP - ok
23:31:12.0597 3144 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:31:12.0638 3144 Wanarpv6 - ok
23:31:12.0770 3144 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:31:12.0852 3144 WatAdminSvc - ok
23:31:12.0927 3144 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:31:13.0012 3144 wbengine - ok
23:31:13.0055 3144 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:31:13.0101 3144 WbioSrvc - ok
23:31:13.0180 3144 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:31:13.0219 3144 wcncsvc - ok
23:31:13.0271 3144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:31:13.0316 3144 WcsPlugInService - ok
23:31:13.0361 3144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:31:13.0380 3144 Wd - ok
23:31:13.0414 3144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:31:13.0449 3144 Wdf01000 - ok
23:31:13.0490 3144 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:31:13.0562 3144 WdiServiceHost - ok
23:31:13.0572 3144 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:31:13.0602 3144 WdiSystemHost - ok
23:31:13.0642 3144 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:31:13.0682 3144 WebClient - ok
23:31:13.0712 3144 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:31:13.0772 3144 Wecsvc - ok
23:31:13.0792 3144 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:31:13.0872 3144 wercplsupport - ok
23:31:13.0912 3144 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:31:13.0962 3144 WerSvc - ok
23:31:14.0012 3144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:14.0052 3144 WfpLwf - ok
23:31:14.0132 3144 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe
23:31:14.0152 3144 WHSConnector - ok
23:31:14.0242 3144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:31:14.0262 3144 WIMMount - ok
23:31:14.0322 3144 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:31:14.0392 3144 WinDefend - ok
23:31:14.0402 3144 WinHttpAutoProxySvc - ok
23:31:14.0492 3144 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:31:14.0543 3144 Winmgmt - ok
23:31:14.0613 3144 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:31:14.0699 3144 WinRM - ok
23:31:14.0757 3144 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:31:14.0836 3144 Wlansvc - ok
23:31:14.0933 3144 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:31:14.0950 3144 wlcrasvc - ok
23:31:15.0060 3144 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:31:15.0159 3144 wlidsvc - ok
23:31:15.0223 3144 wltrysvc - ok
23:31:15.0291 3144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:31:15.0315 3144 WmiAcpi - ok
23:31:15.0408 3144 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:31:15.0437 3144 wmiApSrv - ok
23:31:15.0542 3144 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:31:15.0623 3144 WMPNetworkSvc - ok
23:31:15.0676 3144 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:31:15.0730 3144 WPCSvc - ok
23:31:15.0768 3144 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:31:15.0840 3144 WPDBusEnum - ok
23:31:15.0881 3144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:31:15.0939 3144 ws2ifsl - ok
23:31:15.0993 3144 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
23:31:16.0070 3144 wscsvc - ok
23:31:16.0259 3144 WSearch - ok
23:31:16.0364 3144 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
23:31:16.0483 3144 wuauserv - ok
23:31:16.0540 3144 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:31:16.0580 3144 WudfPf - ok
23:31:16.0668 3144 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:16.0719 3144 WUDFRd - ok
23:31:16.0772 3144 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:31:16.0826 3144 wudfsvc - ok
23:31:16.0865 3144 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:31:16.0900 3144 WwanSvc - ok
23:31:16.0960 3144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:31:17.0154 3144 \Device\Harddisk0\DR0 - ok
23:31:17.0159 3144 Boot (0x1200) (31638fbd96d2f70885b4eec84498ca76) \Device\Harddisk0\DR0\Partition0
23:31:17.0162 3144 \Device\Harddisk0\DR0\Partition0 - ok
23:31:17.0196 3144 Boot (0x1200) (86e0e3b5b2f41cc4613a054b8c283b50) \Device\Harddisk0\DR0\Partition1
23:31:17.0198 3144 \Device\Harddisk0\DR0\Partition1 - ok
23:31:17.0199 3144 ============================================================
23:31:17.0199 3144 Scan finished
23:31:17.0199 3144 ============================================================
23:31:17.0217 0700 Detected object count: 3
23:31:17.0217 0700 Actual detected object count: 3
23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

05/04/2012 23:34:53
mbam-log-2012-04-05 (23-34-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202342
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 05 April 2012 - 05:59 PM

<p>And here is my new DDS log:</p>
<p> </p>
<p> </p>
<div>.</div>
<div>DDS (Ver_2011-08-26.01) - NTFSx86 </div>
<div>Internet Explorer: 9.0.8112.16421</div>
<div>Run by User at 23:54:12 on 2012-04-05</div>
<div>Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00]</div>
<div>.</div>
<div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div>
<div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div>
<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div>.</div>
<div>============== Running Processes ===============</div>
<div>.</div>
<div>C:\Windows\system32\wininit.exe</div>
<div>C:\Windows\system32\lsm.exe</div>
<div>C:\Windows\system32\svchost.exe -k DcomLaunch</div>
<div>C:\Windows\system32\svchost.exe -k RPCSS</div>
<div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div>
<div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div>
<div>C:\Windows\system32\svchost.exe -k netsvcs</div>
<div>C:\Windows\system32\svchost.exe -k LocalService</div>
<div>C:\Windows\system32\svchost.exe -k NetworkService</div>
<div>C:\Windows\System32\WLTRYSVC.EXE</div>
<div>C:\Windows\System32\bcmwltry.exe</div>
<div>C:\Windows\system32\taskeng.exe</div>
<div>C:\Windows\System32\spoolsv.exe</div>
<div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div>
<div>C:\Windows\system32\rundll32.exe</div>
<div>C:\Program Files\Windows Home Server\esClient.exe</div>
<div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe</div>
<div>C:\Windows\system32\taskhost.exe</div>
<div>C:\Windows\system32\Dwm.exe</div>
<div>C:\Windows\Explorer.EXE</div>
<div>C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe</div>
<div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div>
<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>
<div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe</div>
<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div>
<div>C:\Program Files\Windows Home Server\WHSConnector.exe</div>
<div>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted</div>
<div>C:\Windows\System32\rundll32.exe</div>
<div>C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe</div>
<div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div>
<div>C:\Windows\system32\SearchIndexer.exe</div>
<div>C:\Windows\System32\igfxtray.exe</div>
<div>C:\Windows\System32\hkcmd.exe</div>
<div>C:\Windows\System32\igfxpers.exe</div>
<div>C:\Windows\System32\WLTRAY.EXE</div>
<div>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe</div>
<div>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe</div>
<div>C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div>
<div>C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe</div>
<div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div>
<div>C:\Program Files\dvd43\DVD43_Tray.exe</div>
<div>C:\Program Files\Windows Sidebar\sidebar.exe</div>
<div>C:\Program Files\Skype\Phone\Skype.exe</div>
<div>C:\Program Files\Windows Live\Mesh\WLSync.exe</div>
<div>C:\Program Files\Windows Home Server\WHSTrayApp.exe</div>
<div>C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe</div>
<div>C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe</div>
<div>C:\Program Files\Windows Live\Mesh\MOE.exe</div>
<div>C:\Program Files\Windows Live\Contacts\wlcomm.exe</div>
<div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div>
<div>C:\Windows\system32\DllHost.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Windows\system32\rundll32.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Windows\system32\notepad.exe</div>
<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>
<div>C:\Program Files\Malwarebytes&#39; Anti-Malware\mbam.exe</div>
<div>C:\Windows\notepad.exe</div>
<div>C:\Windows\system32\WerFault.exe</div>
<div>C:\Windows\system32\SearchProtocolHost.exe</div>
<div>C:\Windows\system32\SearchFilterHost.exe</div>
<div>C:\Windows\system32\DllHost.exe</div>
<div>C:\Windows\system32\DllHost.exe</div>
<div>C:\Windows\system32\conhost.exe</div>
<div>C:\Windows\system32\wbem\wmiprvse.exe</div>
<div>.</div>
<div>============== Pseudo HJT Report ===============</div>
<div>.</div>
<div>uStart Page = hxxp://www.google.co.uk/</div>
<div>BHO: DivX Plus Web Player HTML5 &lt;video&gt;: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll</div>
<div>BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div>
<div>BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll</div>
<div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll</div>
<div>BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll</div>
<div>BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>
<div>BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL</div>
<div>BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll</div>
<div>TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll</div>
<div>uRun: [Google Update] &quot;c:\users\user\appdata\local\google\update\GoogleUpdate.exe&quot; /c</div>
<div>uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun</div>
<div>uRun: [Skype] &quot;c:\program files\skype\phone\Skype.exe&quot; /minimized /regrun</div>
<div>uRun: [WLSync] &quot;c:\program files\windows live\mesh\WLSync.exe&quot; /background</div>
<div>mRun: [IgfxTray] c:\windows\system32\igfxtray.exe</div>
<div>mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe</div>
<div>mRun: [Persistence] c:\windows\system32\igfxpers.exe</div>
<div>mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe</div>
<div>mRun: [GrooveMonitor] &quot;c:\program files\microsoft office\office12\GrooveMonitor.exe&quot;</div>
<div>mRun: [MSC] &quot;c:\program files\microsoft security client\msseces.exe&quot; -hide -runkey</div>
<div>mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe</div>
<div>mRun: [DivXUpdate] &quot;c:\program files\divx\divx update\DivXUpdate.exe&quot; /CHECKNOW</div>
<div>mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe</div>
<div>mRun: [QuickTime Task] &quot;c:\program files\quicktime\QTTask.exe&quot; -atboottime</div>
<div>mRun: [SunJavaUpdateSched] &quot;c:\program files\common files\java\java update\jusched.exe&quot;</div>
<div>mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe</div>
<div>StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe</div>
<div>StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe</div>
<div>mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)</div>
<div>mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)</div>
<div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div>
<div>IE: Add to Google Photos Screensa&amp;ver - c:\windows\system32\GPhotos.scr/200</div>
<div>IE: E&amp;xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000</div>
<div>IE: Se&amp;nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105</div>
<div>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll</div>
<div>IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll</div>
<div>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>
<div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL</div>
<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>
<div>DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>
<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>
<div>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</div>
<div>TCP: DhcpNameServer = 192.168.1.254</div>
<div>TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8</div>
<div>TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254</div>
<div>TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1</div>
<div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254</div>
<div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1</div>
<div>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll</div>
<div>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>
<div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL</div>
<div>Notify: igfxcui - igfxdev.dll</div>
<div>SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div>
<div>.</div>
<div>============= SERVICES / DRIVERS ===============</div>
<div>.</div>
<div>R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]</div>
<div>R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]</div>
<div>R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]</div>
<div>R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]</div>
<div>R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]</div>
<div>R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]</div>
<div>R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]</div>
<div>R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]</div>
<div>R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]</div>
<div>R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776]</div>
<div>R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]</div>
<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>
<div>S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]</div>
<div>S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]</div>
<div>S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]</div>
<div>S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]</div>
<div>S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]</div>
<div>S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]</div>
<div>S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]</div>
<div>S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]</div>
<div>S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]</div>
<div>S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]</div>
<div>.</div>
<div>=============== Created Last 30 ================</div>
<div>.</div>
<div>2012-04-05 22:33:59<span class="Apple-tab-span" style="white-space:pre"> </span>40776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamswissarmy.sys</div>
<div>2012-04-05 00:28:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\QuickScan</div>
<div>2012-04-04 23:48:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}</div>
<div>2012-04-04 23:47:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}</div>
<div>2012-04-04 23:37:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}</div>
<div>2012-04-04 23:37:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}</div>
<div>2012-04-04 23:32:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}</div>
<div>2012-04-04 23:31:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}</div>
<div>2012-04-04 08:04:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}</div>
<div>2012-04-03 19:29:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}</div>
<div>2012-04-01 19:28:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}</div>
<div>2012-03-28 22:54:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SecTaskMan</div>
<div>2012-03-28 22:54:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Security Task Manager</div>
<div>2012-03-28 16:16:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}</div>
<div>2012-03-28 04:16:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}</div>
<div>2012-03-28 04:15:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}</div>
<div>2012-03-27 22:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\Malwarebytes</div>
<div>2012-03-27 22:45:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>
<div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>20464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes&#39; Anti-Malware</div>
<div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Spybot - Search &amp; Destroy</div>
<div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search &amp; Destroy</div>
<div>2012-03-27 11:09:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}</div>
<div>2012-03-27 11:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}</div>
<div>2012-03-26 23:08:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}</div>
<div>2012-03-26 23:08:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}</div>
<div>2012-03-26 11:07:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}</div>
<div>2012-03-25 23:07:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}</div>
<div>2012-03-25 13:26:41<span class="Apple-tab-span" style="white-space:pre"> </span>102912<span class="Apple-tab-span" style="white-space:pre"> </span>--sha-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\C_20297U.dll</div>
<div>2012-03-25 11:06:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}</div>
<div>2012-03-25 01:05:19<span class="Apple-tab-span" style="white-space:pre"> </span>6582328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll</div>
<div>2012-03-24 21:48:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}</div>
<div>2012-03-24 09:48:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}</div>
<div>2012-03-23 21:47:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}</div>
<div>2012-03-23 21:47:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}</div>
<div>2012-03-23 09:46:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}</div>
<div>2012-03-22 21:46:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}</div>
<div>2012-03-22 19:12:12<span class="Apple-tab-span" style="white-space:pre"> </span>4435968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GPhotos.scr</div>
<div>2012-03-22 09:45:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}</div>
<div>2012-03-22 09:45:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}</div>
<div>2012-03-21 21:45:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}</div>
<div>2012-03-21 21:44:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}</div>
<div>2012-03-21 09:44:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}</div>
<div>2012-03-20 21:30:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}</div>
<div>2012-03-20 21:30:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}</div>
<div>2012-03-20 09:29:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}</div>
<div>2012-03-19 21:29:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}</div>
<div>2012-03-19 09:29:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}</div>
<div>2012-03-18 20:09:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}</div>
<div>2012-03-18 20:09:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}</div>
<div>2012-03-18 15:49:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}</div>
<div>2012-03-18 08:45:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}</div>
<div>2012-03-18 08:31:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}</div>
<div>2012-03-17 23:01:22<span class="Apple-tab-span" style="white-space:pre"> </span>18816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\dvd43llh.sys</div>
<div>2012-03-17 23:01:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\dvd43</div>
<div>2012-03-17 20:31:20<span class="Apple-tab-span" style="white-space:pre"> </span>805376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FntCache.dll</div>
<div>2012-03-17 20:31:19<span class="Apple-tab-span" style="white-space:pre"> </span>739840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d2d1.dll</div>
<div>2012-03-17 11:27:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}</div>
<div>2012-03-17 09:10:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}</div>
<div>2012-03-16 21:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}</div>
<div>2012-03-16 21:10:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}</div>
<div>2012-03-16 20:28:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\HandBrake</div>
<div>2012-03-16 09:09:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}</div>
<div>2012-03-15 21:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}</div>
<div>2012-03-15 21:08:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}</div>
<div>2012-03-15 09:08:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}</div>
<div>2012-03-15 09:08:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}</div>
<div>2012-03-15 03:01:06<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>
<div>2012-03-15 03:01:05<span class="Apple-tab-span" style="white-space:pre"> </span>3913584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>
<div>2012-03-15 01:12:08<span class="Apple-tab-span" style="white-space:pre"> </span>4178264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\D3DX9_41.dll</div>
<div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>69448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAPOFX1_3.dll</div>
<div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>517448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAudio2_4.dll</div>
<div>2012-03-15 01:12:04<span class="Apple-tab-span" style="white-space:pre"> </span>22360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\X3DAudio1_6.dll</div>
<div>2012-03-15 01:11:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Lightworks</div>
<div>2012-03-15 00:36:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\OSSBuild</div>
<div>2012-03-15 00:27:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Handbrake</div>
<div>2012-03-14 23:47:46<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2012-03-14 21:07:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}</div>
<div>2012-03-13 23:50:39<span class="Apple-tab-span" style="white-space:pre"> </span>2343424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>
<div>2012-03-13 23:50:37<span class="Apple-tab-span" style="white-space:pre"> </span>1077248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\DWrite.dll</div>
<div>2012-03-13 23:49:24<span class="Apple-tab-span" style="white-space:pre"> </span>8192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdrmemptylst.exe</div>
<div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>58880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpwsx.dll</div>
<div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>129536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcorekmts.dll</div>
<div>2012-03-13 23:49:21<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div>
<div>2012-03-13 23:49:20<span class="Apple-tab-span" style="white-space:pre"> </span>24576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tdtcp.sys</div>
<div>2012-03-13 23:49:19<span class="Apple-tab-span" style="white-space:pre"> </span>183808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\rdpwd.sys</div>
<div>2012-03-13 20:22:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}</div>
<div>2012-03-13 08:22:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}</div>
<div>2012-03-12 20:21:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}</div>
<div>2012-03-12 08:21:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}</div>
<div>2012-03-12 08:21:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}</div>
<div>2012-03-11 20:20:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}</div>
<div>2012-03-11 08:19:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}</div>
<div>2012-03-10 20:19:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}</div>
<div>2012-03-10 08:19:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}</div>
<div>2012-03-09 22:12:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VideoLAN</div>
<div>2012-03-09 20:18:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}</div>
<div>2012-03-09 08:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}</div>
<div>2012-03-09 08:18:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}</div>
<div>2012-03-08 20:17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}</div>
<div>2012-03-08 08:17:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}</div>
<div>2012-03-07 20:16:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}</div>
<div>2012-03-07 20:16:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}</div>
<div>2012-03-07 08:16:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}</div>
<div>2012-03-07 08:15:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}</div>
<div>.</div>
<div>==================== Find3M  ====================</div>
<div>.</div>
<div>2012-03-06 23:50:08<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>
<div>2012-02-20 07:39:41<span class="Apple-tab-span" style="white-space:pre"> </span>152576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msclmd.dll</div>
<div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>27640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalmon2.dll</div>
<div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>18936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalui2.dll</div>
<div>2012-02-03 14:19:35<span class="Apple-tab-span" style="white-space:pre"> </span>7522304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\NETwNs32.sys</div>
<div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>684032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNc32.dll</div>
<div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>2760704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNr32.dll</div>
<div>2012-01-31 12:44:05<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>
<div>.</div>
<div>============= FINISH: 23:54:59.96 ===============</div>
<div> </div>
<div>
<div> </div>
<div>VC80CRTRedist - 8.0.50727.6195</div>
<div>VLC media player 2.0.0</div>
<div>Windows Driver Package - Intel (NETwLv32) net  (10/07/2010 13.4.0.139)</div>
<div>Windows Driver Package - Intel (NETwNs32) net  (10/27/2011 14.3.0.6)</div>
<div>Windows Home Server Connector</div>
<div>Windows Live Communications Platform</div>
<div>Windows Live Essentials</div>
<div>Windows Live ID Sign-in Assistant</div>
<div>Windows Live Installer</div>
<div>Windows Live Mesh</div>
<div>Windows Live Mesh ActiveX Control for Remote Connections</div>
<div>Windows Live PIMT Platform</div>
<div>Windows Live Remote Client</div>
<div>Windows Live Remote Client Resources</div>
<div>Windows Live Remote Service</div>
<div>Windows Live Remote Service Resources</div>
<div>Windows Live SOXE</div>
<div>Windows Live SOXE Definitions</div>
<div>Windows Live UX Platform</div>
<div>Windows Live UX Platform Language Pack</div>
<div>.</div>
<div>==== Event Viewer Messages From Past Week ========</div>
<div>.</div>
<div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div>
<div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div>
<div>05/04/2012 23:51:52, Error: NetBT [4321]  - The name &quot;WORKGROUP      :1d&quot; could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.</div>
<div>05/04/2012 10:36:11, Error: BROWSER [8019]  - The browser was unable to promote itself to master browser.  The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.</div>
<div>05/04/2012 09:18:41, Error: BROWSER [8020]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is unknown.</div>
<div>05/04/2012 01:05:09, Error: BROWSER [8009]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is TOKOTASIK.</div>
<div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1068&quot; attempting to start the service fdPHost with arguments &quot;&quot; in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}</div>
<div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1068&quot; attempting to start the service fdPHost with arguments &quot;&quot; in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}</div>
<div>04/04/2012 00:45:00, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>
<div>04/04/2012 00:43:21, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>
<div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1084&quot; attempting to start the service WSearch with arguments &quot;&quot; in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div>
<div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1084&quot; attempting to start the service WSearch with arguments &quot;&quot; in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}</div>
<div>04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1084&quot; attempting to start the service EventSystem with arguments &quot;&quot; in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}</div>
<div>04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1084&quot; attempting to start the service ShellHWDetection with arguments &quot;&quot; in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}</div>
<div>04/04/2012 00:43:00, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6</div>
<div>04/04/2012 00:43:00, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.</div>
<div>04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error &quot;1084&quot; attempting to start the service TermService with arguments &quot;&quot; in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}</div>
<div>04/04/2012 00:42:56, Error: Service Control Manager [7001]  - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.</div>
<div>04/04/2012 00:42:56, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>
<div>.</div>
<div>==== End Of File ===========================</div>
<div> </div>
</div>
<div> </div>


#5 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 05 April 2012 - 06:06 PM

hmm.. gonna try again to see if i can get rid of the html stuff.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by User at 23:54:12 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1
TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-05 22:33:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan
2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}
2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}
2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}
2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}
2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}
2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}
2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}
2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}
2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}
2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan
2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager
2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}
2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}
2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}
2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}
2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}
2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}
2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}
2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}
2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}
2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll
2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}
2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll
2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}
2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}
2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}
2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}
2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}
2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}
2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}
2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}
2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}
2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}
2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}
2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}
2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}
2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}
2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}
2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}
2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}
2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}
2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}
2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}
2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43
2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}
2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}
2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}
2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}
2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake
2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}
2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}
2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}
2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}
2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}
2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks
2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild
2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake
2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}
2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}
2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}
2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}
2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}
2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}
2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}
2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}
2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}
2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}
2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN
2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}
2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}
2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}
2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}
2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}
2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}
2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}
2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}
2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}
.
==================== Find3M ====================
.
2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:54:59.96 ===============



VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.0
Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6)
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
05/04/2012 23:51:52, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.
05/04/2012 10:36:11, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
05/04/2012 09:18:41, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK.
04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 April 2012 - 06:56 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 06 April 2012 - 09:09 AM

Hey Maniac,

Here is my combofix file log:


ComboFix 12-04-06.02 - User 06/04/2012 14:52:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1210 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp
2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan
2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan
2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll
2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43
2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake
2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks
2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild
2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake
2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java
2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java
2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll
2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec
2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69743802
*NewlyCreated* - FIXTDSS
*Deregistered* - 69743802
*Deregistered* - FixTDSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
2012-04-06 c:\windows\Tasks\MQZBYM.job
- c:\windows\system32\C_20297U.dll [2012-03-25 13:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-2364577090.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-06 15:04:21
ComboFix-quarantined-files.txt 2012-04-06 14:04
.
Pre-Run: 415,705,190,400 bytes free
Post-Run: 415,864,659,968 bytes free
.
- - End Of File - - A89DC5B946FE08110A794195A68C6F99

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 April 2012 - 09:20 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=108216

KillAll::

Collect::[8]
c:\windows\Tasks\MQZBYM.job
c:\windows\system32\C_20297U.dll

Driver::
69743802

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 06 April 2012 - 10:50 AM

Maniac,

Ok I've done that. See below:


ComboFix 12-04-06.02 - User 06/04/2012 16:21:51.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1260 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
file zipped: c:\windows\system32\C_20297U.dll
file zipped: c:\windows\Tasks\MQZBYM.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_69743802
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp
2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan
2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan
2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll
2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43
2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss
2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake
2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks
2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild
2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake
2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java
2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java
2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll
2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec
2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]
.
2012-04-06 c:\windows\Tasks\MQZBYM.job
- c:\windows\system32\C_20297U.dll [2012-03-25 13:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4040)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-04-06 16:36:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 15:36
ComboFix2.txt 2012-04-06 14:04
.
Pre-Run: 415,926,677,504 bytes free
Post-Run: 415,690,604,544 bytes free
.
- - End Of File - - 8DF30253AE9173FEF3D7F33E2CC71704
Upload was successful

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 April 2012 - 03:09 PM

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 06 April 2012 - 09:00 PM

Maniac,

here is the log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 02:57:22
-----------------------------
02:57:22.903 OS Version: Windows 6.1.7601 Service Pack 1
02:57:22.903 Number of processors: 2 586 0x170A
02:57:22.903 ComputerName: USER-PC UserName: User
02:57:24.385 Initialize success
02:58:17.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
02:58:17.858 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11
02:58:17.870 Disk 0 MBR read successfully
02:58:17.875 Disk 0 MBR scan
02:58:17.879 Disk 0 Windows 7 default MBR code
02:58:17.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:58:17.907 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
02:58:17.915 Disk 0 scanning sectors +976771072
02:58:18.006 Disk 0 scanning C:\Windows\system32\drivers
02:58:25.033 Service scanning
02:58:40.378 Modules scanning
02:58:49.340 Disk 0 trace - called modules:
02:58:49.372 ntkrnlpa.exe CLASSPNP.SYS disk.sys dvd43llh.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
02:58:49.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8562f7d0]
02:58:49.902 3 CLASSPNP.SYS[8898159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x847ba030]
02:58:49.902 \Driver\atapi[0x85137f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0x945c7b20]
02:58:49.918 Scan finished successfully
02:59:05.973 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
02:59:05.989 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 April 2012 - 03:44 AM

Download the following GMER Rootkit Scanner from http://www2.gmer.net/download.php

Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
It may take a minute to load and become available.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
IAT/EAT
Drives/Partition other than Systemdrive (typically only C:\ should be checked)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Click OK and quit the GMER program.

Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.


Post the log file in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 April 2012 - 08:15 AM

Maniac,

I think I did this right. Here is the log file for GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 14:14:24
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0001SDM1
Running: m0ic33pn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A933D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\User\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA8CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 2D, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 13, 00] {SUB [EAX], AL; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 13, 00] {SUB [EBX], AL; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 13, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 13, 00] {TEST AL, 0x1; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA70A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 13, 00] {TEST AL, 0x2; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 13, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 13, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA7135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 13, 00] {TEST AL, 0x0; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA72F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 13, 00] {SUB [ECX], AL; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 13, 00] {SUB [EDX], AL; ADC EAX, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 13, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryInformationProcess 77CA6048 5 Bytes JMP 027B5A3A
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutW 77398192 5 Bytes JMP 0279F09E
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesW 7739B78F 5 Bytes JMP 0279F52B
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutW 7739FDE4 5 Bytes JMP 0279EB6A
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutA 773A03F9 5 Bytes JMP 0279EFBA
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutA 773A077D 5 Bytes JMP 0279EA9E
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesA 773BBB6A 5 Bytes JMP 0279F45E
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExW 775D5894 5 Bytes JMP 0279EED3
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextW 775D5B6A 5 Bytes JMP 0279ED11
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetClipboardData 775E2962 5 Bytes JMP 0279E987
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DialogBoxParamW 775E3B9B 5 Bytes JMP 0279DC86
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextA 775EAE29 5 Bytes JMP 0279EC36
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExA 775EAE60 5 Bytes JMP 0279EDEC
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!closesocket 77DB3918 5 Bytes JMP 0279E8E0
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!getaddrinfo 77DB4296 5 Bytes JMP 0279D7D7
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSASend 77DB4406 5 Bytes JMP 0279E5A8
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!GetAddrInfoW 77DB4889 5 Bytes JMP 0279D8B7
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!recv 77DB6B0E 5 Bytes JMP 0279E4FA
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!send 77DB6F01 5 Bytes JMP 0279E455
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSARecv 77DB7089 5 Bytes JMP 0279E67C
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAGetOverlappedResult 77DB7489 5 Bytes JMP 0279E7C0
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAAsyncGetHostByName 77DC726A 5 Bytes JMP 0279DBA7
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!gethostbyname 77DC7673 5 Bytes JMP 0279D716
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlA 77710326 5 Bytes JMP 0279F7F1
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlW 77723129 5 Bytes JMP 0279F93A
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 0A, 00] {SUB [EAX], AL; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 0A, 00] {SUB [EBX], AL; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 0A, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 0A, 00] {TEST AL, 0x1; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA67A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 0A, 00] {TEST AL, 0x2; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 0A, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 0A, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA6835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 0A, 00] {TEST AL, 0x0; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA69F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 0A, 00] {SUB [ECX], AL; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 0A, 00] {SUB [EDX], AL; OR AL, [EAX]}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 0A, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CAA5A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CAA635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CAA7F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 48, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 31, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 31, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 31, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA90F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 31, 00]
.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 April 2012 - 04:10 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 07 April 2012 - 07:16 PM

<p>Hmmm not sure if this log correct:</p>
<p> </p>
<p> </p>
<div>ESETSmartInstaller@High as CAB hook log:</div>
<div>OnlineScanner.ocx - registred OK</div>
<div> </div>
<div>I did a scan and it came out that there was a threat that was quarantined. Let me know if I need to re-run.</div>


#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 April 2012 - 02:15 AM

Do you remember something? What is the file name or anything else?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 08 April 2012 - 05:42 AM

Maniac,

I ran the scan again..this was the file that was in the threat quarantine:

C:\\Windows\System32\C_20297U.dll

thanks! Let me know what else I can do.

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 April 2012 - 08:04 AM

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 08 April 2012 - 05:39 PM

<p>Maniac,</p>
<p> </p>
<p>See below the log:</p>
<p> </p>
<p> </p>
<div>Status: Disinfected   (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>Status: Quarantined   (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div> </div>


#20 flipper202

flipper202

    New Member

  • Members
  • Pip
  • 19 posts

Posted 08 April 2012 - 05:40 PM

<p> </p>
<div>Status: Disinfected   (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>Status: Quarantined   (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>
<div> </div>






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users