Jump to content


Photo
- - - - -

Google redirection


  • This topic is locked This topic is locked
11 replies to this topic

#1 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 01 June 2012 - 01:12 AM

I keep getting redirected to different website when i click on google search result links.

#2 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 01 June 2012 - 01:13 AM

Can someone advise me in which files need to be deleted:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:13:31 PM, on 1/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\mRemoteNG\mRemoteNG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\AuthManager\AuthManSvr.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wam-isa.winaust.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Microsoft Web Recorder Helper - {06D7D698-1ECD-407F-A1C9-EFA54860490A} - C:\Program Files\System Center Operations Manager 2007\Microsoft.Mom.RecorderBarBHO.dll
O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [bsmeli] rundll32.exe "C:\DOCUME~1\DANIEL~1.RUS\LOCALS~1\Temp\bsmeli.dll",EnumShootingModeRelease
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Self-service] C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe -logonreconnectapps
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Citrix Receiver.lnk = C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mail.hyaline.com.au
O15 - Trusted Zone: http://access.nuvo.net.au
O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...inAxControl.CAB
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp...VCInstall35.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.6.0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mmn-sa.webex...bex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://meeting.jtac...SetupClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = winaust.com.au
O17 - HKLM\Software\..\Telephony: DomainName = winaust.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = winaust.com.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = asia.ad.nsk.com,wesley.org.au,winaust.com.au,corp.ewtipping.org.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = asia.ad.nsk.com,wesley.org.au,winaust.com.au,corp.ewtipping.org.au
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\822\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DANIEL~1.RUS/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
--
End of file - 13565 bytes

#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 June 2012 - 03:43 AM

Hello Tobez and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Please follow the instructions here:
http://forums.malwar...?showtopic=9573

Post both log files in your next reply.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • DDS log file with Attach.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 June 2012 - 07:09 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.03.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Toby.Srira :: DANIEL-DT-MELB1 [administrator]
4/06/2012 9:39:34 AM
mbam-log-2012-06-04 (09-39-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324946
Time elapsed: 20 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 16
HKCR\CrossriderApp0003491.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 750d6f4a9d8616d0dc8a593c495a1387 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|bsmeli (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\DANIEL~1.RUS\LOCALS~1\Temp\bsmeli.dll",EnumShootingModeRelease -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Daniel.Russell\Local Settings\temp\bsmeli.dll (Trojan.Agent.LTGen) -> Delete on reboot.
C:\Program Files\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
(end)

#5 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 June 2012 - 08:07 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Toby.Srira at 11:04:41 on 2012-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1286 [GMT 10:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {47418616-1C2D-4CB8-A2CB-580447D52A43}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\DOWNLO~1\MyWebEx\429\mwmPad.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\429\mwmstd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = wam-isa.winaust.com.au:8080
uInternet Settings,ProxyOverride = *.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Microsoft Web Recorder Helper: {06d7d698-1ecd-407f-a1c9-efa54860490a} - c:\program files\system center operations manager 2007\Microsoft.Mom.RecorderBarBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Web Recorder: {09f5d5a0-7d28-49e2-b238-a9353829cf64} - mscoree.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Self-service] c:\program files\citrix\selfserviceplugin\SelfService.exe -logonreconnectapps
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\redirector.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\selfserviceplugin\SelfServicePlugin.exe
StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE
StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cisco.com\www
Trusted Zone: dccs.com.au\citrix
Trusted Zone: hyaline.com.au\mail
Trusted Zone: mfb.com.au\access
Trusted Zone: midas.com.au\www.mail
Trusted Zone: nuvo.net.au\access
Trusted Zone: partnerelearning.com\cisco
Trusted Zone: trendmicro.com\www.olr
Trusted Zone: trintiymanor.com.au\apps
Trusted Zone: winaust.com.au.\access
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mmn-sa.webex.com/client/v_mywebex-mmninteg/mywebex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://meeting.jtac.juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.53.10 192.168.50.10
TCP: Interfaces\{2EAD2C19-31F8-4241-91F1-65AFE27BEFF8} : DhcpNameServer = 192.168.53.10 192.168.50.10
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\822\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\citrix\icacli~1\RSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\daniel.russell\application data\mozilla\firefox\profiles\knwz8z9u.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.ftp - wam-isa
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - wam-isa
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - wam-isa
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - wam-isa
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - wam-isa
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Mozilla Safe Browsing: {E1B28275-94B0-11E1-826D-B8AC6F996F26} - c:\documents and settings\daniel.russell\local settings\application data\{E1B28275-94B0-11E1-826D-B8AC6F996F26}
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 66776]
R2 DbgSvc;Debug Diagnostic Service;c:\program files\debugdiag\DbgSvc.exe [2007-1-16 316256]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-5-24 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-6-10 262416]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-6-10 36624]
S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\rapportbuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-11 257696]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-7-15 689416]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [2009-5-8 269696]
.
=============== Created Last 30 ================
.
2012-05-29 00:14:04 -------- d-----w- c:\documents and settings\daniel.russell\application data\Felix_Deimel
2012-05-29 00:11:17 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\mRemoteNG
2012-05-29 00:11:17 -------- d-----w- c:\documents and settings\daniel.russell\application data\mRemoteNG
2012-05-29 00:11:13 -------- d-----w- c:\documents and settings\daniel.russell\AppData
2012-05-29 00:11:03 -------- d-----w- c:\program files\mRemoteNG
2012-05-14 04:22:40 -------- d-----w- c:\program files\WebEx
2012-05-11 05:17:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 00:22:32 388096 ----a-r- c:\documents and settings\daniel.russell\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-10 04:32:08 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\Vid-Saver
2012-05-10 04:32:00 -------- d-----w- c:\program files\Vid-Saver
2012-05-10 04:31:53 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\CRE
2012-05-10 04:31:27 -------- d-----w- c:\program files\Conduit
2012-05-10 04:31:24 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\Conduit
2012-05-10 04:31:06 -------- d-----w- c:\program files\BitTorrent
2012-05-10 04:30:09 -------- d-----w- c:\documents and settings\daniel.russell\application data\BitTorrent
2012-05-08 23:49:39 102400 ----a-w- c:\windows\RegBootClean.exe
2012-05-08 23:47:09 -------- d-----w- C:\e468781bcccbc4ce20dac6b493
2012-05-08 03:40:37 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2012-05-08 03:40:37 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll
2012-05-08 03:40:07 -------- d-----w- c:\program files\Juniper Networks
.
==================== Find3M ====================
.
2012-05-24 06:25:49 103272 ----a-w- c:\documents and settings\daniel.russell\GoToAssistDownloadHelper.exe
2012-05-11 05:17:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 23:49:39 22032 ----a-w- c:\windows\DCEBoot.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 02:08:44 60304 ----a-w- c:\documents and settings\daniel.russell\g2mdlhlpx.exe
.
============= FINISH: 11:06:26.12 ===============

#6 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 June 2012 - 08:08 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/02/2010 2:55:33 PM
System Uptime: 4/06/2012 10:54:49 AM (1 hours ago)
.
Motherboard: Acer | | M945G
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2793/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 24.648 GiB free.
D: is CDROM ()
G: is CDROM ()
H: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.
I: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.
O: is NetworkDisk (NTFS) - 7317 GiB total, 175.442 GiB free.
S: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP229: 20/03/2012 3:35:04 PM - Removed Citrix Access Gateway Plugin
RP230: 20/03/2012 3:35:38 PM - Removed Citrix Access Gateway Plugin
RP231: 20/03/2012 3:37:23 PM - Removed Citrix Access Gateway Plugin
RP232: 20/03/2012 3:40:23 PM - Removed Citrix Access Gateway Plugin
RP233: 22/03/2012 1:16:50 PM - System Checkpoint
RP234: 23/03/2012 1:19:14 PM - System Checkpoint
RP235: 26/03/2012 12:49:15 PM - System Checkpoint
RP236: 28/03/2012 1:10:23 PM - System Checkpoint
RP237: 29/03/2012 5:04:54 PM - Software Distribution Service 3.0
RP238: 2/04/2012 9:53:44 AM - Installed Windows Internet Explorer 8.
RP239: 3/04/2012 2:59:24 PM - System Checkpoint
RP240: 10/04/2012 5:14:05 PM - System Checkpoint
RP241: 13/04/2012 1:36:09 PM - System Checkpoint
RP242: 13/04/2012 4:57:37 PM - Software Distribution Service 3.0
RP243: 17/04/2012 8:53:52 AM - System Checkpoint
RP244: 18/04/2012 12:42:31 PM - System Checkpoint
RP245: 19/04/2012 1:23:00 PM - System Checkpoint
RP246: 20/04/2012 5:31:58 PM - Software Distribution Service 3.0
RP247: 24/04/2012 1:14:03 PM - System Checkpoint
RP248: 26/04/2012 1:00:04 PM - System Checkpoint
RP249: 1/05/2012 8:50:41 AM - System Checkpoint
RP250: 4/05/2012 1:21:00 PM - System Checkpoint
RP251: 7/05/2012 12:42:15 PM - System Checkpoint
RP252: 9/05/2012 3:17:25 PM - System Checkpoint
RP253: 10/05/2012 5:08:38 PM - Software Distribution Service 3.0
RP254: 11/05/2012 10:22:28 AM - Installed HiJackThis
RP255: 11/05/2012 1:08:13 PM - Software Distribution Service 3.0
RP256: 11/05/2012 3:16:47 PM - Removed Ask Toolbar.
RP257: 11/05/2012 3:18:11 PM - Removed Skype Toolbars
RP258: 11/05/2012 4:55:41 PM - Software Distribution Service 3.0
RP259: 16/05/2012 1:32:29 PM - System Checkpoint
RP260: 17/05/2012 4:31:55 PM - System Checkpoint
RP261: 18/05/2012 4:54:12 PM - System Checkpoint
RP262: 25/05/2012 1:04:51 PM - System Checkpoint
RP263: 28/05/2012 12:19:51 PM - System Checkpoint
RP264: 30/05/2012 9:07:59 AM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Access Management Console
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
BitTorrent
Bonjour
Cisco Packet Tracer 5.2.1
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CutePDF Writer 2.8
Debug Diagnostics Tool 1.1 (x86)
DisplayFusion 3.2.0
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.1.0.874
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java™ 6 Update 26
Juniper Networks Network Connect 6.5.0
Juniper Networks Secure Meeting 7.0.0
Juniper Networks Setup Client
Junk Mail filter update
Karen's Directory Printer
Kyocera Address Editor
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft CRM
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Press Training Kit Exam Prep Suite 70-648 and 70-649
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.6.23)
mRemote
mRemoteNG
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
MuvEnum Address Bar - Windows Explorer Extension
Notepad++
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
OGA Notifier 2.0.0048.0
Online Plug-in
PowerISO
QuickTime
QuorumSoft Alike
Realtek High Definition Audio Driver
ScrewDrivers Client v4 (rdp only)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Self-service Plug-in
SIW version 2011.10.29
System Center Operations Manager 2007 R2
System Center Operations Manager 2007 R2 Authoring Console
System Center Operations Manager 2007 R2 Authoring Resource Kit
System Requirements Lab
SystemCenter Operations Manager 2007 R2 Admin Reskit
TeamViewer 7
TreeSize Free V2.5
Trend Micro OfficeScan Client
TrueCrypt
UltraISO Premium V9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2264107)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Vid-Saver
Videora iPhone Converter 6
VLC media player 1.1.4
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Presentation Foundation
Windows Resource Kit Tools
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
Windows Server 2003 Administration Tools Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 June 2012 - 04:17 AM

Step 1

Please uninstall BitTorrent, because of our policy:
http://forums.malwar...showtopic=97700


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 05 June 2012 - 12:18 AM

15:16:00.0741 4668 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:16:02.0335 4668 ============================================================
15:16:02.0335 4668 Current date / time: 2012/06/05 15:16:02.0335
15:16:02.0335 4668 SystemInfo:
15:16:02.0335 4668
15:16:02.0335 4668 OS Version: 5.1.2600 ServicePack: 3.0
15:16:02.0335 4668 Product type: Workstation
15:16:02.0335 4668 ComputerName: DANIEL-DT-MELB1
15:16:02.0335 4668 UserName: toby.srira
15:16:02.0335 4668 Windows directory: C:\WINDOWS
15:16:02.0335 4668 System windows directory: C:\WINDOWS
15:16:02.0335 4668 Processor architecture: Intel x86
15:16:02.0335 4668 Number of processors: 2
15:16:02.0335 4668 Page size: 0x1000
15:16:02.0335 4668 Boot type: Normal boot
15:16:02.0335 4668 ============================================================
15:16:05.0085 4668 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:16:05.0100 4668 ============================================================
15:16:05.0100 4668 \Device\Harddisk0\DR0:
15:16:05.0100 4668 MBR partitions:
15:16:05.0100 4668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
15:16:05.0100 4668 ============================================================
15:16:05.0147 4668 C: <-> \Device\Harddisk0\DR0\Partition0
15:16:05.0147 4668 ============================================================
15:16:05.0147 4668 Initialize success
15:16:05.0147 4668 ============================================================
15:16:30.0303 1876 ============================================================
15:16:30.0303 1876 Scan started
15:16:30.0303 1876 Mode: Manual; SigCheck; TDLFS;
15:16:30.0303 1876 ============================================================
15:16:30.0631 1876 Abiosdsk - ok
15:16:30.0631 1876 abp480n5 - ok
15:16:30.0694 1876 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:16:31.0131 1876 ACPI - ok
15:16:31.0163 1876 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:16:31.0350 1876 ACPIEC - ok
15:16:31.0444 1876 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:16:31.0506 1876 AdobeFlashPlayerUpdateSvc - ok
15:16:31.0522 1876 adpu160m - ok
15:16:31.0569 1876 AdtAgent (df14027c120e9c54c8e850d326f047a6) C:\WINDOWS\system32\AdtAgent.exe
15:16:31.0631 1876 AdtAgent - ok
15:16:31.0694 1876 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:16:31.0928 1876 aec - ok
15:16:31.0960 1876 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:16:32.0053 1876 AFD - ok
15:16:32.0069 1876 Aha154x - ok
15:16:32.0085 1876 aic78u2 - ok
15:16:32.0100 1876 aic78xx - ok
15:16:32.0147 1876 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:16:32.0319 1876 Alerter - ok
15:16:32.0335 1876 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:16:32.0522 1876 ALG - ok
15:16:32.0538 1876 AliIde - ok
15:16:32.0538 1876 amsint - ok
15:16:32.0678 1876 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:16:32.0725 1876 Apple Mobile Device - ok
15:16:32.0756 1876 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:16:32.0944 1876 AppMgmt - ok
15:16:32.0944 1876 asc - ok
15:16:32.0944 1876 asc3350p - ok
15:16:32.0960 1876 asc3550 - ok
15:16:33.0100 1876 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:16:33.0178 1876 aspnet_state - ok
15:16:33.0225 1876 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:16:33.0381 1876 AsyncMac - ok
15:16:33.0397 1876 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:16:33.0553 1876 atapi - ok
15:16:33.0569 1876 Atdisk - ok
15:16:33.0600 1876 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:16:33.0788 1876 Atmarpc - ok
15:16:33.0819 1876 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:16:33.0991 1876 AudioSrv - ok
15:16:34.0038 1876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:16:34.0194 1876 audstub - ok
15:16:34.0225 1876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:16:34.0413 1876 Beep - ok
15:16:34.0460 1876 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:16:34.0741 1876 BITS - ok
15:16:34.0835 1876 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
15:16:34.0897 1876 Bonjour Service - ok
15:16:34.0944 1876 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:16:35.0116 1876 Browser - ok
15:16:35.0116 1876 cag - ok
15:16:35.0303 1876 catchme - ok
15:16:35.0350 1876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:16:35.0522 1876 cbidf2k - ok
15:16:35.0553 1876 cd20xrnt - ok
15:16:35.0600 1876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:16:35.0788 1876 Cdaudio - ok
15:16:35.0835 1876 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:16:35.0991 1876 Cdfs - ok
15:16:36.0038 1876 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:16:36.0194 1876 Cdrom - ok
15:16:36.0210 1876 Changer - ok
15:16:36.0256 1876 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:16:36.0428 1876 CiSvc - ok
15:16:36.0475 1876 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:16:36.0663 1876 ClipSrv - ok
15:16:36.0741 1876 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:36.0819 1876 clr_optimization_v2.0.50727_32 - ok
15:16:36.0913 1876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:16:37.0038 1876 clr_optimization_v4.0.30319_32 - ok
15:16:37.0038 1876 CmdIde - ok
15:16:37.0053 1876 COMSysApp - ok
15:16:37.0053 1876 Cpqarray - ok
15:16:37.0100 1876 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:16:37.0272 1876 CryptSvc - ok
15:16:37.0319 1876 ctxusbm (4e08a98dba0b1249c2eb4b191978a9a4) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
15:16:37.0428 1876 ctxusbm - ok
15:16:37.0428 1876 dac2w2k - ok
15:16:37.0444 1876 dac960nt - ok
15:16:37.0538 1876 DbgSvc (115f8c318d00c1322b28b6922efaa7e4) C:\Program Files\DebugDiag\DbgSvc.exe
15:16:37.0600 1876 DbgSvc - ok
15:16:37.0663 1876 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:16:37.0772 1876 DcomLaunch - ok
15:16:37.0819 1876 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:16:37.0991 1876 Dhcp - ok
15:16:38.0006 1876 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:16:38.0194 1876 Disk - ok
15:16:38.0194 1876 dmadmin - ok
15:16:38.0256 1876 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:16:38.0538 1876 dmboot - ok
15:16:38.0569 1876 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:16:38.0772 1876 dmio - ok
15:16:38.0803 1876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:16:38.0991 1876 dmload - ok
15:16:39.0038 1876 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:16:39.0194 1876 dmserver - ok
15:16:39.0209 1876 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:16:39.0381 1876 DMusic - ok
15:16:39.0428 1876 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:16:39.0475 1876 DNE - ok
15:16:39.0522 1876 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:16:39.0600 1876 Dnscache - ok
15:16:39.0663 1876 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:16:39.0850 1876 Dot3svc - ok
15:16:39.0850 1876 dpti2o - ok
15:16:39.0881 1876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:16:40.0038 1876 drmkaud - ok
15:16:40.0084 1876 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
15:16:40.0147 1876 dsNcAdpt - ok
15:16:40.0256 1876 dsNcService (0e08704523eacace8b2790114cc828aa) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
15:16:40.0319 1876 dsNcService - ok
15:16:40.0350 1876 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:16:40.0522 1876 EapHost - ok
15:16:40.0553 1876 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:16:40.0725 1876 ERSvc - ok
15:16:40.0772 1876 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:16:40.0897 1876 Eventlog - ok
15:16:40.0944 1876 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:16:41.0022 1876 EventSystem - ok
15:16:41.0053 1876 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:16:41.0241 1876 Fastfat - ok
15:16:41.0303 1876 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:16:41.0381 1876 FastUserSwitchingCompatibility - ok
15:16:41.0413 1876 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:16:41.0584 1876 Fdc - ok
15:16:41.0631 1876 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:16:41.0803 1876 Fips - ok
15:16:41.0850 1876 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:16:42.0022 1876 Flpydisk - ok
15:16:42.0069 1876 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:16:42.0256 1876 FltMgr - ok
15:16:42.0413 1876 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:16:42.0444 1876 FontCache3.0.0.0 - ok
15:16:42.0491 1876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:16:42.0663 1876 Fs_Rec - ok
15:16:42.0694 1876 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:16:42.0897 1876 Ftdisk - ok
15:16:42.0959 1876 genmcmnUSB (86f732d2995ada73fd307539ec266d3a) C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
15:16:43.0038 1876 genmcmnUSB - ok
15:16:43.0194 1876 GoToAssist (80d6ea9c46904608cea146c4996a824a) C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
15:16:43.0225 1876 GoToAssist - ok
15:16:43.0272 1876 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:16:43.0444 1876 Gpc - ok
15:16:43.0522 1876 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:43.0553 1876 gupdate - ok
15:16:43.0553 1876 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:16:43.0584 1876 gupdatem - ok
15:16:43.0600 1876 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:16:43.0663 1876 gusvc - ok
15:16:43.0694 1876 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
15:16:43.0819 1876 HdAudAddService - ok
15:16:43.0897 1876 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:16:44.0100 1876 HDAudBus - ok
15:16:44.0178 1876 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:16:44.0334 1876 helpsvc - ok
15:16:44.0397 1876 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:16:44.0569 1876 HidServ - ok
15:16:44.0600 1876 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:16:44.0772 1876 hidusb - ok
15:16:44.0834 1876 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:16:45.0038 1876 hkmsvc - ok
15:16:45.0038 1876 hpn - ok
15:16:45.0053 1876 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:16:45.0147 1876 HTTP - ok
15:16:45.0178 1876 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:16:45.0366 1876 HTTPFilter - ok
15:16:45.0366 1876 i2omgmt - ok
15:16:45.0366 1876 i2omp - ok
15:16:45.0413 1876 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:16:45.0600 1876 i8042prt - ok
15:16:45.0756 1876 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:16:45.0850 1876 idsvc - ok
15:16:45.0897 1876 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:16:46.0100 1876 Imapi - ok
15:16:46.0116 1876 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:16:46.0319 1876 ImapiService - ok
15:16:46.0319 1876 ini910u - ok
15:16:46.0506 1876 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:16:46.0819 1876 IntcAzAudAddService - ok
15:16:46.0928 1876 IntelIde - ok
15:16:46.0928 1876 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:16:47.0131 1876 intelppm - ok
15:16:47.0163 1876 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:16:47.0334 1876 Ip6Fw - ok
15:16:47.0381 1876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:16:47.0553 1876 IpFilterDriver - ok
15:16:47.0584 1876 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:16:47.0756 1876 IpInIp - ok
15:16:47.0819 1876 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:16:48.0022 1876 IpNat - ok
15:16:48.0069 1876 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:16:48.0241 1876 IPSec - ok
15:16:48.0272 1876 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:16:48.0428 1876 IRENUM - ok
15:16:48.0459 1876 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:16:48.0647 1876 isapnp - ok
15:16:48.0741 1876 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys
15:16:48.0772 1876 ISODrive ( UnsignedFile.Multi.Generic ) - warning
15:16:48.0772 1876 ISODrive - detected UnsignedFile.Multi.Generic (1)
15:16:48.0866 1876 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
15:16:48.0928 1876 JavaQuickStarterService - ok
15:16:48.0944 1876 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:16:49.0131 1876 Kbdclass - ok
15:16:49.0147 1876 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:16:49.0303 1876 kbdhid - ok
15:16:49.0366 1876 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:16:49.0522 1876 kmixer - ok
15:16:49.0569 1876 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:16:49.0663 1876 KSecDD - ok
15:16:49.0725 1876 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:16:49.0803 1876 lanmanserver - ok
15:16:49.0850 1876 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:16:49.0897 1876 lanmanworkstation - ok
15:16:49.0913 1876 lbrtfdc - ok
15:16:49.0944 1876 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:16:50.0116 1876 LmHosts - ok
15:16:50.0131 1876 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:16:50.0319 1876 Messenger - ok
15:16:50.0397 1876 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:16:50.0444 1876 Microsoft Office Groove Audit Service - ok
15:16:50.0475 1876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:16:50.0663 1876 mnmdd - ok
15:16:50.0709 1876 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:16:50.0913 1876 mnmsrvc - ok
15:16:50.0928 1876 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:16:51.0116 1876 Modem - ok
15:16:51.0116 1876 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:16:51.0288 1876 Mouclass - ok
15:16:51.0334 1876 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:16:51.0522 1876 mouhid - ok
15:16:51.0569 1876 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:16:51.0725 1876 MountMgr - ok
15:16:51.0725 1876 mraid35x - ok
15:16:51.0756 1876 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:16:51.0834 1876 MRxDAV - ok
15:16:51.0913 1876 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:16:52.0069 1876 MRxSmb - ok
15:16:52.0100 1876 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:16:52.0272 1876 MSDTC - ok
15:16:52.0303 1876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:16:52.0491 1876 Msfs - ok
15:16:52.0491 1876 MSIServer - ok
15:16:52.0522 1876 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:16:52.0709 1876 MSKSSRV - ok
15:16:52.0725 1876 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:52.0913 1876 MSPCLOCK - ok
15:16:52.0944 1876 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:53.0116 1876 MSPQM - ok
15:16:53.0178 1876 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:53.0366 1876 mssmbios - ok
15:16:53.0397 1876 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:16:53.0491 1876 Mup - ok
15:16:53.0538 1876 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:16:53.0725 1876 napagent - ok
15:16:53.0772 1876 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:16:53.0991 1876 NDIS - ok
15:16:54.0022 1876 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:54.0084 1876 NdisTapi - ok
15:16:54.0116 1876 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:54.0288 1876 Ndisuio - ok
15:16:54.0303 1876 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:54.0475 1876 NdisWan - ok
15:16:54.0522 1876 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:54.0584 1876 NDProxy - ok
15:16:54.0600 1876 Net6IM - ok
15:16:54.0631 1876 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:54.0803 1876 NetBIOS - ok
15:16:54.0850 1876 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:55.0053 1876 NetBT - ok
15:16:55.0069 1876 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:16:55.0256 1876 NetDDE - ok
15:16:55.0256 1876 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:16:55.0397 1876 NetDDEdsdm - ok
15:16:55.0444 1876 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:16:55.0616 1876 Netlogon - ok
15:16:55.0631 1876 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:16:55.0788 1876 Netman - ok
15:16:55.0897 1876 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:16:55.0975 1876 NetTcpPortSharing - ok
15:16:56.0022 1876 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:16:56.0069 1876 Nla - ok
15:16:56.0100 1876 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:16:56.0272 1876 Npfs - ok
15:16:56.0334 1876 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:56.0584 1876 Ntfs - ok
15:16:56.0631 1876 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:16:56.0772 1876 NtLmSsp - ok
15:16:56.0803 1876 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:16:57.0037 1876 NtmsSvc - ok
15:16:57.0209 1876 ntrtscan (32e9e017efeaef961bde32d140fc8071) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
15:16:57.0287 1876 ntrtscan - ok
15:16:57.0412 1876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:16:57.0600 1876 Null - ok
15:16:57.0975 1876 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:16:58.0631 1876 nv - ok
15:16:58.0756 1876 nvsvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
15:16:58.0803 1876 nvsvc - ok
15:16:58.0850 1876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:59.0053 1876 NwlnkFlt - ok
15:16:59.0069 1876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:59.0241 1876 NwlnkFwd - ok
15:16:59.0381 1876 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:16:59.0459 1876 odserv - ok
15:16:59.0491 1876 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:16:59.0537 1876 ose - ok
15:16:59.0584 1876 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:59.0741 1876 Parport - ok
15:16:59.0787 1876 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:59.0959 1876 PartMgr - ok
15:16:59.0975 1876 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:17:00.0162 1876 ParVdm - ok
15:17:00.0194 1876 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:17:00.0381 1876 PCI - ok
15:17:00.0381 1876 PCIDump - ok
15:17:00.0412 1876 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:17:00.0584 1876 PCIIde - ok
15:17:00.0600 1876 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:17:00.0803 1876 Pcmcia - ok
15:17:00.0803 1876 PDCOMP - ok
15:17:00.0803 1876 PDFRAME - ok
15:17:00.0819 1876 PDRELI - ok
15:17:00.0819 1876 PDRFRAME - ok
15:17:00.0834 1876 perc2 - ok
15:17:00.0834 1876 perc2hib - ok
15:17:00.0881 1876 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:17:00.0928 1876 PlugPlay - ok
15:17:00.0975 1876 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:01.0116 1876 PolicyAgent - ok
15:17:01.0131 1876 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:17:01.0303 1876 PptpMiniport - ok
15:17:01.0303 1876 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:01.0444 1876 ProtectedStorage - ok
15:17:01.0491 1876 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:17:01.0662 1876 PSched - ok
15:17:01.0709 1876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:17:01.0881 1876 Ptilink - ok
15:17:01.0881 1876 ql1080 - ok
15:17:01.0897 1876 Ql10wnt - ok
15:17:01.0897 1876 ql12160 - ok
15:17:01.0912 1876 ql1240 - ok
15:17:01.0912 1876 ql1280 - ok
15:17:01.0912 1876 RapportBuka - ok
15:17:01.0928 1876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:17:02.0100 1876 RasAcd - ok
15:17:02.0131 1876 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:17:02.0303 1876 RasAuto - ok
15:17:02.0350 1876 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:17:02.0522 1876 Rasl2tp - ok
15:17:02.0569 1876 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:17:02.0756 1876 RasMan - ok
15:17:02.0772 1876 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:17:02.0944 1876 RasPppoe - ok
15:17:02.0959 1876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:17:03.0147 1876 Raspti - ok
15:17:03.0194 1876 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:17:03.0381 1876 Rdbss - ok
15:17:03.0397 1876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:17:03.0569 1876 RDPCDD - ok
15:17:03.0616 1876 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:17:03.0803 1876 rdpdr - ok
15:17:03.0850 1876 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:17:03.0944 1876 RDPWD - ok
15:17:03.0975 1876 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:17:04.0194 1876 RDSessMgr - ok
15:17:04.0225 1876 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:17:04.0412 1876 redbook - ok
15:17:04.0444 1876 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:17:04.0616 1876 RemoteAccess - ok
15:17:04.0662 1876 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:17:04.0819 1876 RemoteRegistry - ok
15:17:04.0866 1876 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:17:05.0022 1876 RpcLocator - ok
15:17:05.0069 1876 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:17:05.0116 1876 RpcSs - ok
15:17:05.0147 1876 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:17:05.0350 1876 RSVP - ok
15:17:05.0366 1876 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:05.0522 1876 SamSs - ok
15:17:05.0537 1876 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:17:05.0741 1876 SCardSvr - ok
15:17:05.0787 1876 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
15:17:05.0850 1876 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
15:17:05.0850 1876 SCDEmu - detected UnsignedFile.Multi.Generic (1)
15:17:05.0881 1876 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:17:06.0084 1876 Schedule - ok
15:17:06.0100 1876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:17:06.0287 1876 Secdrv - ok
15:17:06.0319 1876 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:17:06.0491 1876 seclogon - ok
15:17:06.0537 1876 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:17:06.0694 1876 SENS - ok
15:17:06.0741 1876 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:17:06.0897 1876 serenum - ok
15:17:06.0928 1876 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:17:07.0100 1876 Serial - ok
15:17:07.0131 1876 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:17:07.0287 1876 Sfloppy - ok
15:17:07.0334 1876 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:17:07.0553 1876 SharedAccess - ok
15:17:07.0600 1876 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:17:07.0631 1876 ShellHWDetection - ok
15:17:07.0631 1876 Simbad - ok
15:17:07.0647 1876 Sparrow - ok
15:17:07.0678 1876 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:17:07.0850 1876 splitter - ok
15:17:07.0881 1876 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:17:07.0975 1876 Spooler - ok
15:17:08.0006 1876 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:17:08.0194 1876 sr - ok
15:17:08.0241 1876 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:17:08.0412 1876 srservice - ok
15:17:08.0459 1876 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:17:08.0600 1876 Srv - ok
15:17:08.0616 1876 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:17:08.0787 1876 SSDPSRV - ok
15:17:08.0850 1876 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:17:09.0069 1876 stisvc - ok
15:17:09.0084 1876 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:09.0256 1876 swenum - ok
15:17:09.0272 1876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:17:09.0444 1876 swmidi - ok
15:17:09.0444 1876 SwPrv - ok
15:17:09.0444 1876 symc810 - ok
15:17:09.0459 1876 symc8xx - ok
15:17:09.0459 1876 sym_hi - ok
15:17:09.0475 1876 sym_u3 - ok
15:17:09.0522 1876 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:09.0694 1876 sysaudio - ok
15:17:09.0725 1876 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:17:09.0912 1876 SysmonLog - ok
15:17:09.0928 1876 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:17:10.0131 1876 TapiSrv - ok
15:17:10.0178 1876 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:10.0256 1876 Tcpip - ok
15:17:10.0303 1876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:10.0491 1876 TDPIPE - ok
15:17:10.0522 1876 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:10.0694 1876 TDTCP - ok
15:17:10.0725 1876 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:10.0897 1876 TermDD - ok
15:17:10.0928 1876 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:17:11.0116 1876 TermService - ok
15:17:11.0162 1876 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:17:11.0194 1876 Themes - ok
15:17:11.0241 1876 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:17:11.0444 1876 TlntSvr - ok
15:17:11.0475 1876 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
15:17:11.0522 1876 tmactmon - ok
15:17:11.0631 1876 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
15:17:11.0694 1876 TMBMServer - ok
15:17:11.0741 1876 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
15:17:11.0772 1876 tmcomm - ok
15:17:11.0787 1876 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
15:17:11.0834 1876 tmevtmgr - ok
15:17:11.0928 1876 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
15:17:12.0022 1876 TmFilter - ok
15:17:12.0116 1876 tmlisten (1125044215cba381cfa3af68b864c0c1) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
15:17:12.0194 1876 tmlisten - ok
15:17:12.0209 1876 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
15:17:12.0256 1876 TmPreFilter - ok
15:17:12.0303 1876 TmProxy (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
15:17:12.0366 1876 TmProxy - ok
15:17:12.0475 1876 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
15:17:12.0522 1876 tmtdi - ok
15:17:12.0522 1876 TosIde - ok
15:17:12.0584 1876 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:17:12.0756 1876 TrkWks - ok
15:17:12.0803 1876 truecrypt (746b8cf9cededdd865472544edf626da) C:\WINDOWS\system32\drivers\truecrypt.sys
15:17:12.0881 1876 truecrypt - ok
15:17:12.0912 1876 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:17:13.0084 1876 Udfs - ok
15:17:13.0100 1876 ultra - ok
15:17:13.0147 1876 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:17:13.0319 1876 Update - ok
15:17:13.0350 1876 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:17:13.0553 1876 upnphost - ok
15:17:13.0600 1876 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:17:13.0787 1876 UPS - ok
15:17:13.0834 1876 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:17:13.0897 1876 USBAAPL - ok
15:17:13.0928 1876 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:17:14.0100 1876 usbccgp - ok
15:17:14.0147 1876 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:14.0319 1876 usbehci - ok
15:17:14.0366 1876 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:14.0522 1876 usbhub - ok
15:17:14.0569 1876 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:17:14.0741 1876 usbscan - ok
15:17:14.0772 1876 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:14.0959 1876 USBSTOR - ok
15:17:14.0991 1876 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:17:15.0147 1876 usbuhci - ok
15:17:15.0178 1876 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:17:15.0334 1876 VgaSave - ok
15:17:15.0350 1876 ViaIde - ok
15:17:15.0366 1876 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:15.0537 1876 VolSnap - ok
15:17:15.0662 1876 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
15:17:15.0740 1876 VSApiNt - ok
15:17:15.0865 1876 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:17:16.0084 1876 VSS - ok
15:17:16.0115 1876 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:17:16.0287 1876 W32Time - ok
15:17:16.0350 1876 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:16.0522 1876 Wanarp - ok
15:17:16.0553 1876 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:17:16.0600 1876 WDC_SAM - ok
15:17:16.0615 1876 WDICA - ok
15:17:16.0647 1876 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:16.0819 1876 wdmaud - ok
15:17:16.0865 1876 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:17:17.0053 1876 WebClient - ok
15:17:17.0147 1876 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:17:17.0319 1876 winmgmt - ok
15:17:17.0381 1876 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:17:17.0709 1876 WinRM - ok
15:17:17.0740 1876 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:17:17.0803 1876 WmdmPmSN - ok
15:17:17.0865 1876 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:17:17.0959 1876 Wmi - ok
15:17:18.0053 1876 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:17:18.0256 1876 WmiApSrv - ok
15:17:18.0397 1876 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:17:18.0584 1876 WMPNetworkSvc - ok
15:17:18.0756 1876 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:17:18.0865 1876 WPFFontCache_v0400 - ok
15:17:18.0944 1876 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:17:19.0147 1876 wscsvc - ok
15:17:19.0147 1876 WSearch - ok
15:17:19.0194 1876 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:17:19.0350 1876 wuauserv - ok
15:17:19.0397 1876 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:19.0490 1876 WudfPf - ok
15:17:19.0522 1876 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:19.0584 1876 WudfRd - ok
15:17:19.0631 1876 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:17:19.0694 1876 WudfSvc - ok
15:17:19.0756 1876 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:17:19.0912 1876 WZCSVC - ok
15:17:19.0944 1876 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:17:20.0115 1876 xmlprov - ok
15:17:20.0194 1876 yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
15:17:20.0334 1876 yukonwxp - ok
15:17:20.0365 1876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:17:20.0819 1876 \Device\Harddisk0\DR0 - ok
15:17:20.0819 1876 Boot (0x1200) (b95f0315da4908d5660add189cf69e85) \Device\Harddisk0\DR0\Partition0
15:17:20.0819 1876 \Device\Harddisk0\DR0\Partition0 - ok
15:17:20.0819 1876 ============================================================
15:17:20.0819 1876 Scan finished
15:17:20.0819 1876 ============================================================
15:17:20.0944 5016 Detected object count: 2
15:17:20.0944 5016 Actual detected object count: 2
15:17:33.0412 5016 ISODrive ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:33.0412 5016 ISODrive ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:17:33.0412 5016 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:33.0412 5016 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 June 2012 - 05:31 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 Tobez

Tobez

    New Member

  • Members
  • Pip
  • 7 posts

Posted 06 June 2012 - 10:24 PM

Sorry i can't unload my office scan(turn off anti-virus) because i won't be able to install it gain from the server console due to the fact i have no access.

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 June 2012 - 02:23 AM

Okay, proceed on this way.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 11 June 2012 - 10:35 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users