jimrex

Members
  • Content count

    30
  • Joined

  • Last visited

About jimrex

  • Rank
    New Member

Profile Information

  • Location
    Australia
  1. MsMpEng.exe This may be legit, however I dont recall having Windows Defender on my comp. All I have is MSE
  2. I also have a problem with my taskbar. The quick links keep on disappearing, and retaining the same three items. I cannot add to or change them. Everything else on the taskbar is ok.
  3. Hi Thanks for all this. I am glad that the viruses are out of the system, however my comp is still running very slow at times I noticed these two programs using lots of RAM MsMpEng.exe and jqs.exe at times
  4. I replied on friday, looks like it didn't go through. I did what you asked and no threats came up. However there still seems to be something slowing the comp down, especially while using explorer. It will pause for a little while, then work fine for a couple of min, then again...
  5. Still running very slow. Pausing with explorer, even reg files are stalling
  6. ComboFix 12-12-04.01 - User 06/12/2012 23:32:49.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.477 [GMT 11:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 ))))))))))))))))))))))))))))))) . . 2012-12-06 02:08 . 2012-12-06 02:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-12-05 22:29 . 2012-12-05 22:30 -------- d-----w- c:\program files\CCleaner 2012-12-05 21:51 . 2012-12-05 21:51 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\VS Revo Group 2012-12-05 21:51 . 2012-12-05 21:51 -------- d-----w- c:\windows\LastGood 2012-12-05 21:50 . 2009-12-30 00:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-12-05 21:50 . 2012-12-05 21:50 -------- d-----w- c:\program files\VS Revo Group 2012-12-05 13:52 . 2012-11-07 23:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F2292E-8794-457B-B2E1-BC0C06A0A935}\mpengine.dll 2012-12-05 08:31 . 2012-11-07 23:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-04 09:20 . 2012-12-04 09:20 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-21 02:06 . 2012-11-21 02:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-11 03:36 . 2012-04-01 04:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-11 03:36 . 2011-05-30 04:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-09 01:45 . 2007-07-10 11:10 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-09 01:45 . 2007-07-10 11:10 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-11-09 01:45 . 2007-07-10 11:10 31144 ----a-w- c:\windows\system32\LMIport.dll 2012-11-09 01:45 . 2007-07-10 11:09 92072 ----a-w- c:\windows\system32\LMIinit.dll 2012-10-22 08:37 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-21 03:38 . 2012-10-21 03:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-21 03:37 . 2012-05-29 02:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-21 03:37 . 2007-07-11 12:51 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-21 03:37 . 2010-05-07 04:29 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-09 11:03 . 2012-10-09 11:03 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04 . 2003-03-31 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 08:54 . 2011-05-23 13:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2003-03-31 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2003-03-31 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll . [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2003-03-31 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2003-03-31 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\1226636\comctl32.dll [7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [7] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\86604\comctl32.dll [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2003-03-31 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2003-03-31 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2003-03-31 12:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll . [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2003-03-31 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll . [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2003-03-31 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll . [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2003-03-31 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2003-03-31 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll . [-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll [-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll [-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll [7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll [7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll [-] 2003-03-31 . 983940F6627F77C250BE0AE398FC53FB . 668672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntdll.dll . [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime [7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime [7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime [-] 2003-03-31 . 3897091314386D0EABF934870E36809C . 162304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\msctfime.ime . [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2003-03-31 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] . c:\documents and settings\User\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-11-09 01:45 92072 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/10/2010 8:59 PM 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/04/2007 3:00 PM 12856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/12/2012 1:08 PM 40776] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [17/04/2007 3:00 PM 13408] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18/10/2012 9:04 AM 18432] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/12/2012 8:50 AM 27064] S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [30/05/2011 4:27 PM 14592] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs S7oppilx . Contents of the 'Scheduled Tasks' folder . 2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:36] . 2012-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-12-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 06:25] . 2012-12-02 c:\windows\Tasks\UPDATER.job - c:\documents and settings\User\My Documents\UPDATER.exe [2011-05-30 04:31] . 2012-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9D82F2A1-14C8-45C5-BD16-8ECA24E56CA0}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-06 23:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(2136) c:\windows\system32\WININET.dll c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-12-06 23:52:00 ComboFix-quarantined-files.txt 2012-12-06 12:51 ComboFix2.txt 2012-12-03 06:13 ComboFix3.txt 2012-12-03 04:33 ComboFix4.txt 2012-12-03 00:22 ComboFix5.txt 2012-12-06 12:31 . Pre-Run: 14,322,737,152 bytes free Post-Run: 14,467,031,040 bytes free . - - End Of File - - A2937C19FDB83BC7ACBFCAF152BBC8D6 I cant really tell you about the speed of the comp yet as I have to try it a bit first
  7. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-A7C827E03A [administrator] 6/12/2012 1:09:22 PM mbam-log-2012-12-06 (13-09-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 244366 Time elapsed: 21 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:37:07 PM, on 6/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\FOTU9I0H\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tradingroom.com.au/apps/mkt/forex.ac R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173184360781 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343632656734 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.freecricket.tv/plugins/freecricket.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tour/tours/cabs/svideo3.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=972 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 7190 bytes Things are still running slow especially explorer, plus opening files seems slow Thanks agaim
  8. there was still one java left on my system after you told me to uninstall all java, therefore I couldn't download a new one. Java 7 update 9. Should I get rid of that one too?
  9. Wierd, but when I installed the new MSE all the viruses were still there, however this morning when I looked in MSE there was nothing I did a full scan and nothing came up. However, my comp is still runing very slow (especially when using explorer) Thanks
  10. no change at all. Still have tons of sirefef's + others
  11. Tried this but to no avail. All the viruses are still here. I had a similar issue in May http://forums.malwarebytes.org/index.php?showtopic=109684&pid=550234&st=0entry550234 However this time I still have internet access. What should I do?
  12. C:\Documents and Settings\User\Local Settings\Temp\~!#17D.tmp :C:\Program Files\Common Files\Win\WinLiveContact.exe runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WinLiveContact regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WinLiveContact C:\WINDOWS\system32\SrvcEPECioctl.dll service:hsvcmod C:\Documents and Settings\User\Local Settings\Temp\~!#179.tmp C:\Documents and Settings\User\Local Settings\Temp\jar_cache8136708506874784647.tmp C:\WINDOWS\system32\isdrv122.dll service:anio C:\WINDOWS\system32\isdrv122.dll service:anio C:\Documents and Settings\User\Local Settings\Temp\~!#17B.tmp just to name a few, there are plenty more
  13. Sorry, but there is still no change and all the viruses are still here!
  14. Sorry but my daughter closed the log, so I had to do it all again Hope it's good ComboFix 12-12-02.01 - User 03/12/2012 16:57:47.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.407 [GMT 11:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 ))))))))))))))))))))))))))))))) . . 2012-12-03 00:26 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{661A74CD-E81F-451C-8BAC-F184D59E6122}\mpengine.dll 2012-12-02 14:39 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-21 02:06 . 2012-11-21 02:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-11 03:36 . 2012-04-01 04:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-11 03:36 . 2011-05-30 04:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-09 01:45 . 2007-07-10 11:10 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-09 01:45 . 2007-07-10 11:10 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-11-09 01:45 . 2007-07-10 11:10 31144 ----a-w- c:\windows\system32\LMIport.dll 2012-11-09 01:45 . 2007-07-10 11:09 92072 ----a-w- c:\windows\system32\LMIinit.dll 2012-10-22 08:37 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-21 03:38 . 2012-10-21 03:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-21 03:37 . 2012-05-29 02:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-21 03:37 . 2007-07-11 12:51 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-21 03:37 . 2010-05-07 04:29 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-09 11:03 . 2012-10-09 11:03 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-10-02 18:04 . 2003-03-31 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-29 08:54 . 2011-05-23 13:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2003-03-31 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys . [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2006-02-28 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2003-03-31 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\rpcss.dll . [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2003-03-31 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2006-02-28 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2003-03-31 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\1226636\comctl32.dll [7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2006-02-28 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [7] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\86604\comctl32.dll [-] 2006-02-28 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2003-03-31 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2003-03-31 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll . [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2003-03-31 12:00 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtServicePackUninstall$\es.dll . [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2006-02-28 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2003-03-31 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kernel32.dll . [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2006-02-28 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2003-03-31 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll . [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2003-03-31 . 73C90911DD86A10D4004C7D6E655A41B . 339456 . . [1.0409.2600.1106] . . c:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll [7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2006-02-28 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2003-03-31 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll . [-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll [-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll [-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll [-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll [7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll [7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll [-] 2003-03-31 . 983940F6627F77C250BE0AE398FC53FB . 668672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntdll.dll . [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime [-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime [-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime [7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime [7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime [-] 2003-03-31 . 3897091314386D0EABF934870E36809C . 162304 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\msctfime.ime . [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll [7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2003-03-31 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ---ha-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] . c:\documents and settings\User\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-11-09 01:45 92072 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/10/2010 8:59 PM 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/04/2007 3:00 PM 12856] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [17/04/2007 3:00 PM 13408] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [18/10/2012 9:04 AM 18432] S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\SR9USB.sys [30/05/2011 4:27 PM 14592] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 61419992 *NewlyCreated* - ASWMBR *NewlyCreated* - MPKSL21C4B6B4 *NewlyCreated* - TRUESIGHT *Deregistered* - 61419992 *Deregistered* - aswMBR *Deregistered* - MpKsl21c4b6b4 *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs S7oppilx . Contents of the 'Scheduled Tasks' folder . 2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:36] . 2012-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:11] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1604221776-725345543-1004UA.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-30 06:15] . 2012-12-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 07:25] . 2012-12-02 c:\windows\Tasks\UPDATER.job - c:\documents and settings\User\My Documents\UPDATER.exe [2011-05-30 04:31] . 2012-12-02 c:\windows\Tasks\User_Feed_Synchronization-{9D82F2A1-14C8-45C5-BD16-8ECA24E56CA0}.job - c:\windows\system32\msfeedssync.exe [2009-03-07 17:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.tradingroom.com.au/apps/mkt/forex.ac uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-03 17:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(888) c:\windows\system32\WININET.dll c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-12-03 17:13:11 ComboFix-quarantined-files.txt 2012-12-03 06:13 ComboFix2.txt 2012-12-03 04:33 ComboFix3.txt 2012-12-03 00:22 ComboFix4.txt 2012-05-10 16:15 . Pre-Run: 12,332,593,152 bytes free Post-Run: 12,327,833,600 bytes free . - - End Of File - - E2F6139DC01D14AD3C45E0C5A5AB1145
  15. 13:34:43.0375 1032 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 13:34:44.0546 1032 ============================================================ 13:34:44.0546 1032 Current date / time: 2012/12/03 13:34:44.0546 13:34:44.0546 1032 SystemInfo: 13:34:44.0546 1032 13:34:44.0546 1032 OS Version: 5.1.2600 ServicePack: 3.0 13:34:44.0546 1032 Product type: Workstation 13:34:44.0546 1032 ComputerName: USER-A7C827E03A 13:34:44.0546 1032 UserName: User 13:34:44.0546 1032 Windows directory: C:\WINDOWS 13:34:44.0546 1032 System windows directory: C:\WINDOWS 13:34:44.0546 1032 Processor architecture: Intel x86 13:34:44.0546 1032 Number of processors: 2 13:34:44.0546 1032 Page size: 0x1000 13:34:44.0546 1032 Boot type: Normal boot 13:34:44.0546 1032 ============================================================ 13:34:45.0515 1032 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:34:45.0546 1032 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 13:34:45.0578 1032 ============================================================ 13:34:45.0578 1032 \Device\Harddisk0\DR0: 13:34:45.0578 1032 MBR partitions: 13:34:45.0578 1032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 13:34:45.0578 1032 \Device\Harddisk1\DR1: 13:34:45.0578 1032 MBR partitions: 13:34:45.0578 1032 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 13:34:45.0578 1032 ============================================================ 13:34:45.0625 1032 C: <-> \Device\Harddisk1\DR1\Partition1 13:34:45.0640 1032 E: <-> \Device\Harddisk0\DR0\Partition1 13:34:45.0640 1032 ============================================================ 13:34:45.0640 1032 Initialize success 13:34:45.0640 1032 ============================================================ 13:35:01.0187 2556 ============================================================ 13:35:01.0187 2556 Scan started 13:35:01.0187 2556 Mode: Manual; 13:35:01.0187 2556 ============================================================ 13:35:01.0671 2556 ================ Scan system memory ======================== 13:35:01.0671 2556 System memory - ok 13:35:01.0671 2556 ================ Scan services ============================= 13:35:01.0859 2556 Abiosdsk - ok 13:35:01.0875 2556 abp480n5 - ok 13:35:01.0968 2556 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:35:01.0968 2556 ACPI - ok 13:35:02.0015 2556 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 13:35:02.0015 2556 ACPIEC - ok 13:35:02.0031 2556 ADIHdAudAddService - ok 13:35:02.0203 2556 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 13:35:02.0203 2556 Adobe LM Service - ok 13:35:02.0328 2556 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 13:35:02.0328 2556 AdobeFlashPlayerUpdateSvc - ok 13:35:02.0343 2556 adpu160m - ok 13:35:02.0375 2556 AEAudioService - ok 13:35:02.0406 2556 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 13:35:02.0421 2556 aec - ok 13:35:02.0484 2556 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 13:35:02.0484 2556 AFD - ok 13:35:02.0500 2556 Aha154x - ok 13:35:02.0531 2556 aic78u2 - ok 13:35:02.0562 2556 aic78xx - ok 13:35:02.0625 2556 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 13:35:02.0640 2556 Alerter - ok 13:35:02.0703 2556 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 13:35:02.0703 2556 ALG - ok 13:35:02.0718 2556 AliIde - ok 13:35:02.0750 2556 amsint - ok 13:35:02.0921 2556 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:35:02.0921 2556 Apple Mobile Device - ok 13:35:02.0937 2556 AppMgmt - ok 13:35:02.0968 2556 asc - ok 13:35:02.0984 2556 asc3350p - ok 13:35:03.0000 2556 asc3550 - ok 13:35:03.0156 2556 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 13:35:03.0156 2556 aspnet_state - ok 13:35:03.0218 2556 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:35:03.0218 2556 AsyncMac - ok 13:35:03.0296 2556 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 13:35:03.0296 2556 atapi - ok 13:35:03.0312 2556 Atdisk - ok 13:35:03.0343 2556 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:35:03.0343 2556 Atmarpc - ok 13:35:03.0421 2556 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 13:35:03.0421 2556 AudioSrv - ok 13:35:03.0500 2556 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 13:35:03.0500 2556 audstub - ok 13:35:03.0515 2556 AVGIDSShim - ok 13:35:03.0609 2556 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 13:35:03.0609 2556 Beep - ok 13:35:03.0687 2556 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 13:35:03.0703 2556 BITS - ok 13:35:03.0843 2556 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 13:35:03.0890 2556 Bonjour Service - ok 13:35:03.0968 2556 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 13:35:03.0968 2556 Browser - ok 13:35:04.0156 2556 catchme - ok 13:35:04.0203 2556 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 13:35:04.0203 2556 cbidf2k - ok 13:35:04.0218 2556 cd20xrnt - ok 13:35:04.0296 2556 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 13:35:04.0296 2556 Cdaudio - ok 13:35:04.0359 2556 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 13:35:04.0359 2556 Cdfs - ok 13:35:04.0375 2556 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:35:04.0375 2556 Cdrom - ok 13:35:04.0390 2556 Changer - ok 13:35:04.0468 2556 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 13:35:04.0468 2556 CiSvc - ok 13:35:04.0531 2556 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 13:35:04.0531 2556 ClipSrv - ok 13:35:04.0578 2556 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:35:04.0593 2556 clr_optimization_v2.0.50727_32 - ok 13:35:04.0718 2556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:35:04.0718 2556 clr_optimization_v4.0.30319_32 - ok 13:35:04.0734 2556 CmdIde - ok 13:35:04.0765 2556 COMSysApp - ok 13:35:04.0828 2556 Cpqarray - ok 13:35:04.0906 2556 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 13:35:04.0906 2556 CryptSvc - ok 13:35:04.0921 2556 dac2w2k - ok 13:35:04.0953 2556 dac960nt - ok 13:35:05.0046 2556 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 13:35:05.0062 2556 DcomLaunch - ok 13:35:05.0125 2556 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 13:35:05.0125 2556 Dhcp - ok 13:35:05.0187 2556 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 13:35:05.0203 2556 Disk - ok 13:35:05.0203 2556 dmadmin - ok 13:35:05.0296 2556 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 13:35:05.0328 2556 dmboot - ok 13:35:05.0359 2556 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 13:35:05.0375 2556 dmio - ok 13:35:05.0406 2556 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 13:35:05.0406 2556 dmload - ok 13:35:05.0468 2556 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 13:35:05.0468 2556 dmserver - ok 13:35:05.0500 2556 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 13:35:05.0500 2556 DMusic - ok 13:35:05.0562 2556 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 13:35:05.0562 2556 Dnscache - ok 13:35:05.0609 2556 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 13:35:05.0609 2556 Dot3svc - ok 13:35:05.0625 2556 dpti2o - ok 13:35:05.0671 2556 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 13:35:05.0687 2556 drmkaud - ok 13:35:05.0734 2556 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 13:35:05.0734 2556 EapHost - ok 13:35:05.0781 2556 [ 8930F2199BCB0D8EE92103510F895ABF ] ENETHUSB C:\WINDOWS\system32\DRIVERS\enethusb.sys 13:35:05.0781 2556 ENETHUSB - ok 13:35:05.0859 2556 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 13:35:05.0859 2556 ERSvc - ok 13:35:05.0921 2556 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 13:35:05.0937 2556 Eventlog - ok 13:35:06.0015 2556 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll 13:35:06.0015 2556 EventSystem - ok 13:35:06.0093 2556 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 13:35:06.0093 2556 Fastfat - ok 13:35:06.0156 2556 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 13:35:06.0171 2556 FastUserSwitchingCompatibility - ok 13:35:06.0250 2556 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 13:35:06.0250 2556 Fdc - ok 13:35:06.0312 2556 [ 52FA46AE36CAAFC6E1FF4FD617DFD25D ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 13:35:06.0328 2556 FET5X86V - ok 13:35:06.0390 2556 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys 13:35:06.0390 2556 FETNDIS - ok 13:35:06.0437 2556 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 13:35:06.0437 2556 Fips - ok 13:35:06.0515 2556 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:35:06.0515 2556 Flpydisk - ok 13:35:06.0578 2556 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 13:35:06.0578 2556 FltMgr - ok 13:35:06.0671 2556 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 13:35:06.0671 2556 FontCache3.0.0.0 - ok 13:35:06.0703 2556 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:35:06.0703 2556 Fs_Rec - ok 13:35:06.0765 2556 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:35:06.0765 2556 Ftdisk - ok 13:35:06.0843 2556 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 13:35:06.0843 2556 GEARAspiWDM - ok 13:35:06.0937 2556 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:35:06.0937 2556 Gpc - ok 13:35:07.0046 2556 gupdate - ok 13:35:07.0062 2556 gupdatem - ok 13:35:07.0156 2556 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 13:35:07.0156 2556 gusvc - ok 13:35:07.0218 2556 [ F58D2900C66A1E773E3375098E0E9337 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 13:35:07.0218 2556 HdAudAddService - ok 13:35:07.0250 2556 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:35:07.0265 2556 HDAudBus - ok 13:35:07.0375 2556 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 13:35:07.0390 2556 helpsvc - ok 13:35:07.0390 2556 HidServ - ok 13:35:07.0468 2556 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:35:07.0468 2556 HidUsb - ok 13:35:07.0531 2556 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 13:35:07.0531 2556 hkmsvc - ok 13:35:07.0546 2556 hpn - ok 13:35:07.0609 2556 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 13:35:07.0609 2556 HTTP - ok 13:35:07.0687 2556 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 13:35:07.0687 2556 HTTPFilter - ok 13:35:07.0703 2556 i2omgmt - ok 13:35:07.0718 2556 i2omp - ok 13:35:07.0750 2556 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:35:07.0750 2556 i8042prt - ok 13:35:07.0875 2556 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:35:07.0937 2556 idsvc - ok 13:35:07.0968 2556 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 13:35:07.0968 2556 Imapi - ok 13:35:08.0031 2556 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 13:35:08.0046 2556 ImapiService - ok 13:35:08.0078 2556 ini910u - ok 13:35:08.0109 2556 IntelIde - ok 13:35:08.0171 2556 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:35:08.0171 2556 intelppm - ok 13:35:08.0234 2556 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 13:35:08.0234 2556 Ip6Fw - ok 13:35:08.0281 2556 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:35:08.0281 2556 IpFilterDriver - ok 13:35:08.0343 2556 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:35:08.0343 2556 IpInIp - ok 13:35:08.0375 2556 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:35:08.0390 2556 IpNat - ok 13:35:08.0468 2556 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:35:08.0500 2556 iPod Service - ok 13:35:08.0578 2556 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:35:08.0578 2556 IPSec - ok 13:35:08.0656 2556 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 13:35:08.0656 2556 IRENUM - ok 13:35:08.0718 2556 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:35:08.0718 2556 isapnp - ok 13:35:08.0765 2556 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys 13:35:08.0765 2556 JGOGO - ok 13:35:08.0781 2556 [ DAC317A5EFD8FE13FE7EC8E2B2E1D549 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys 13:35:08.0781 2556 JRAID - ok 13:35:08.0859 2556 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:35:08.0859 2556 Kbdclass - ok 13:35:08.0921 2556 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 13:35:08.0921 2556 kmixer - ok 13:35:08.0984 2556 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 13:35:08.0984 2556 KSecDD - ok 13:35:09.0062 2556 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 13:35:09.0062 2556 lanmanserver - ok 13:35:09.0140 2556 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 13:35:09.0140 2556 lanmanworkstation - ok 13:35:09.0156 2556 lbrtfdc - ok 13:35:09.0250 2556 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 13:35:09.0265 2556 LmHosts - ok 13:35:09.0390 2556 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 13:35:09.0421 2556 LMIGuardianSvc - ok 13:35:09.0484 2556 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys 13:35:09.0500 2556 LMIInfo - ok 13:35:09.0562 2556 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe 13:35:09.0578 2556 LMIMaint - ok 13:35:09.0640 2556 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys 13:35:09.0640 2556 lmimirr - ok 13:35:09.0656 2556 LMIRfsClientNP - ok 13:35:09.0734 2556 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 13:35:09.0734 2556 LMIRfsDriver - ok 13:35:09.0812 2556 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe 13:35:09.0828 2556 LogMeIn - ok 13:35:09.0906 2556 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 13:35:09.0906 2556 Messenger - ok 13:35:10.0046 2556 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 13:35:10.0062 2556 Microsoft Office Groove Audit Service - ok 13:35:10.0109 2556 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 13:35:10.0109 2556 mnmdd - ok 13:35:10.0156 2556 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 13:35:10.0156 2556 mnmsrvc - ok 13:35:10.0218 2556 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 13:35:10.0218 2556 Modem - ok 13:35:10.0296 2556 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:35:10.0312 2556 Mouclass - ok 13:35:10.0390 2556 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:35:10.0390 2556 mouhid - ok 13:35:10.0437 2556 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 13:35:10.0453 2556 MountMgr - ok 13:35:10.0531 2556 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys 13:35:10.0546 2556 MpFilter - ok 13:35:10.0562 2556 mraid35x - ok 13:35:10.0609 2556 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:35:10.0625 2556 MRxDAV - ok 13:35:10.0687 2556 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:35:10.0687 2556 MRxSmb - ok 13:35:10.0750 2556 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 13:35:10.0765 2556 MSDTC - ok 13:35:10.0828 2556 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 13:35:10.0828 2556 Msfs - ok 13:35:10.0843 2556 MSIServer - ok 13:35:10.0906 2556 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:35:10.0906 2556 MSKSSRV - ok 13:35:11.0015 2556 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 13:35:11.0015 2556 MsMpSvc - ok 13:35:11.0062 2556 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:35:11.0062 2556 MSPCLOCK - ok 13:35:11.0125 2556 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 13:35:11.0125 2556 MSPQM - ok 13:35:11.0187 2556 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:35:11.0187 2556 mssmbios - ok 13:35:11.0250 2556 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys 13:35:11.0250 2556 MTsensor - ok 13:35:11.0312 2556 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 13:35:11.0312 2556 Mup - ok 13:35:11.0375 2556 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 13:35:11.0375 2556 napagent - ok 13:35:11.0437 2556 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 13:35:11.0437 2556 NDIS - ok 13:35:11.0500 2556 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:35:11.0500 2556 NdisTapi - ok 13:35:11.0578 2556 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:35:11.0578 2556 Ndisuio - ok 13:35:11.0593 2556 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:35:11.0593 2556 NdisWan - ok 13:35:11.0671 2556 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 13:35:11.0671 2556 NDProxy - ok 13:35:11.0734 2556 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys 13:35:11.0734 2556 Netaapl - ok 13:35:11.0796 2556 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 13:35:11.0812 2556 NetBIOS - ok 13:35:11.0859 2556 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 13:35:11.0859 2556 NetBT - ok 13:35:11.0921 2556 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 13:35:11.0921 2556 NetDDE - ok 13:35:11.0937 2556 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 13:35:11.0953 2556 NetDDEdsdm - ok 13:35:12.0000 2556 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 13:35:12.0000 2556 Netlogon - ok 13:35:12.0062 2556 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 13:35:12.0078 2556 Netman - ok 13:35:12.0140 2556 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:35:12.0140 2556 NetTcpPortSharing - ok 13:35:12.0187 2556 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 13:35:12.0187 2556 Nla - ok 13:35:12.0203 2556 nmwcd - ok 13:35:12.0234 2556 nmwcdc - ok 13:35:12.0296 2556 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 13:35:12.0312 2556 Npfs - ok 13:35:12.0343 2556 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 13:35:12.0375 2556 Ntfs - ok 13:35:12.0406 2556 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 13:35:12.0406 2556 NtLmSsp - ok 13:35:12.0468 2556 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 13:35:12.0484 2556 NtmsSvc - ok 13:35:12.0531 2556 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 13:35:12.0531 2556 Null - ok 13:35:12.0593 2556 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:35:12.0593 2556 NwlnkFlt - ok 13:35:12.0640 2556 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:35:12.0640 2556 NwlnkFwd - ok 13:35:12.0765 2556 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:35:12.0828 2556 odserv - ok 13:35:12.0921 2556 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:35:12.0921 2556 ose - ok 13:35:12.0937 2556 PalmUSBD - ok 13:35:13.0015 2556 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 13:35:13.0015 2556 Parport - ok 13:35:13.0078 2556 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 13:35:13.0078 2556 PartMgr - ok 13:35:13.0156 2556 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 13:35:13.0156 2556 ParVdm - ok 13:35:13.0203 2556 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 13:35:13.0203 2556 pccsmcfd - ok 13:35:13.0250 2556 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 13:35:13.0265 2556 PCI - ok 13:35:13.0281 2556 PCIDump - ok 13:35:13.0359 2556 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys 13:35:13.0359 2556 PCIIde - ok 13:35:13.0421 2556 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 13:35:13.0421 2556 Pcmcia - ok 13:35:13.0437 2556 PDCOMP - ok 13:35:13.0468 2556 PDFRAME - ok 13:35:13.0484 2556 PDRELI - ok 13:35:13.0515 2556 PDRFRAME - ok 13:35:13.0546 2556 perc2 - ok 13:35:13.0578 2556 perc2hib - ok 13:35:13.0687 2556 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 13:35:13.0687 2556 PlugPlay - ok 13:35:13.0703 2556 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 13:35:13.0703 2556 PolicyAgent - ok 13:35:13.0781 2556 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:35:13.0781 2556 PptpMiniport - ok 13:35:13.0796 2556 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 13:35:13.0796 2556 Processor - ok 13:35:13.0843 2556 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 13:35:13.0843 2556 ProtectedStorage - ok 13:35:13.0859 2556 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 13:35:13.0859 2556 PSched - ok 13:35:13.0937 2556 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:35:13.0937 2556 Ptilink - ok 13:35:14.0000 2556 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:35:14.0000 2556 PxHelp20 - ok 13:35:14.0015 2556 ql1080 - ok 13:35:14.0031 2556 Ql10wnt - ok 13:35:14.0078 2556 ql12160 - ok 13:35:14.0109 2556 ql1240 - ok 13:35:14.0125 2556 ql1280 - ok 13:35:14.0218 2556 [ B953369C5EF43615F1BFA9CEA69FC9AA ] radpms C:\WINDOWS\system32\DRIVERS\radpms.sys 13:35:14.0218 2556 radpms - ok 13:35:14.0281 2556 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:35:14.0281 2556 RasAcd - ok 13:35:14.0359 2556 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 13:35:14.0359 2556 RasAuto - ok 13:35:14.0406 2556 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:35:14.0406 2556 Rasl2tp - ok 13:35:14.0468 2556 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 13:35:14.0484 2556 RasMan - ok 13:35:14.0500 2556 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:35:14.0500 2556 RasPppoe - ok 13:35:14.0578 2556 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 13:35:14.0578 2556 Raspti - ok 13:35:14.0640 2556 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:35:14.0656 2556 Rdbss - ok 13:35:14.0671 2556 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:35:14.0671 2556 RDPCDD - ok 13:35:14.0765 2556 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 13:35:14.0781 2556 RDPWD - ok 13:35:14.0843 2556 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 13:35:14.0843 2556 RDSessMgr - ok 13:35:14.0937 2556 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 13:35:14.0937 2556 redbook - ok 13:35:14.0984 2556 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 13:35:15.0000 2556 RemoteAccess - ok 13:35:15.0046 2556 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 13:35:15.0062 2556 RimUsb - ok 13:35:15.0125 2556 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys 13:35:15.0125 2556 RimVSerPort - ok 13:35:15.0187 2556 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 13:35:15.0187 2556 ROOTMODEM - ok 13:35:15.0250 2556 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe 13:35:15.0250 2556 RpcLocator - ok 13:35:15.0296 2556 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 13:35:15.0312 2556 RpcSs - ok 13:35:15.0359 2556 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe 13:35:15.0359 2556 RSVP - ok 13:35:15.0406 2556 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 13:35:15.0406 2556 SamSs - ok 13:35:15.0468 2556 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 13:35:15.0468 2556 SCardSvr - ok 13:35:15.0531 2556 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 13:35:15.0531 2556 Schedule - ok 13:35:15.0609 2556 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:35:15.0609 2556 Secdrv - ok 13:35:15.0671 2556 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 13:35:15.0671 2556 seclogon - ok 13:35:15.0687 2556 SenFiltService - ok 13:35:15.0765 2556 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 13:35:15.0765 2556 SENS - ok 13:35:15.0796 2556 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 13:35:15.0796 2556 serenum - ok 13:35:15.0843 2556 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 13:35:15.0843 2556 Serial - ok 13:35:15.0953 2556 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 13:35:16.0000 2556 ServiceLayer - ok 13:35:16.0125 2556 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 13:35:16.0125 2556 Sfloppy - ok 13:35:16.0203 2556 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 13:35:16.0203 2556 SharedAccess - ok 13:35:16.0234 2556 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 13:35:16.0234 2556 ShellHWDetection - ok 13:35:16.0265 2556 Simbad - ok 13:35:16.0296 2556 Sparrow - ok 13:35:16.0390 2556 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 13:35:16.0390 2556 splitter - ok 13:35:16.0468 2556 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 13:35:16.0468 2556 Spooler - ok 13:35:16.0515 2556 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 13:35:16.0515 2556 sr - ok 13:35:16.0562 2556 [ AED8743D96A35F587A3099CA2B84564A ] SR9USB C:\WINDOWS\system32\DRIVERS\SR9USB.sys 13:35:16.0562 2556 SR9USB - ok 13:35:16.0625 2556 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 13:35:16.0640 2556 srservice - ok 13:35:16.0734 2556 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 13:35:16.0734 2556 Srv - ok 13:35:16.0796 2556 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 13:35:16.0796 2556 SSDPSRV - ok 13:35:16.0875 2556 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 13:35:16.0875 2556 StarOpen - ok 13:35:16.0953 2556 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 13:35:16.0984 2556 stisvc - ok 13:35:17.0062 2556 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 13:35:17.0062 2556 swenum - ok 13:35:17.0078 2556 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 13:35:17.0078 2556 swmidi - ok 13:35:17.0109 2556 SwPrv - ok 13:35:17.0140 2556 symc810 - ok 13:35:17.0171 2556 symc8xx - ok 13:35:17.0203 2556 sym_hi - ok 13:35:17.0234 2556 sym_u3 - ok 13:35:17.0312 2556 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 13:35:17.0328 2556 sysaudio - ok 13:35:17.0390 2556 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 13:35:17.0390 2556 SysmonLog - ok 13:35:17.0437 2556 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 13:35:17.0437 2556 TapiSrv - ok 13:35:17.0531 2556 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:35:17.0546 2556 Tcpip - ok 13:35:17.0593 2556 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 13:35:17.0593 2556 TDPIPE - ok 13:35:17.0625 2556 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 13:35:17.0625 2556 TDTCP - ok 13:35:17.0703 2556 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 13:35:17.0703 2556 TermDD - ok 13:35:17.0781 2556 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 13:35:17.0781 2556 TermService - ok 13:35:17.0812 2556 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 13:35:17.0812 2556 Themes - ok 13:35:17.0843 2556 TosIde - ok 13:35:17.0890 2556 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 13:35:17.0906 2556 TrkWks - ok 13:35:17.0968 2556 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys 13:35:17.0984 2556 uagp35 - ok 13:35:18.0015 2556 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 13:35:18.0015 2556 Udfs - ok 13:35:18.0046 2556 ultra - ok 13:35:18.0125 2556 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 13:35:18.0140 2556 Update - ok 13:35:18.0203 2556 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 13:35:18.0218 2556 upnphost - ok 13:35:18.0234 2556 upperdev - ok 13:35:18.0296 2556 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 13:35:18.0296 2556 UPS - ok 13:35:18.0328 2556 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 13:35:18.0328 2556 USBAAPL - ok 13:35:18.0375 2556 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:35:18.0375 2556 usbccgp - ok 13:35:18.0406 2556 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:35:18.0406 2556 usbehci - ok 13:35:18.0484 2556 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:35:18.0484 2556 usbhub - ok 13:35:18.0562 2556 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:35:18.0562 2556 usbprint - ok 13:35:18.0625 2556 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:35:18.0625 2556 usbscan - ok 13:35:18.0656 2556 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys 13:35:18.0656 2556 usbser - ok 13:35:18.0671 2556 UsbserFilt - ok 13:35:18.0734 2556 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:35:18.0734 2556 USBSTOR - ok 13:35:18.0812 2556 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:35:18.0812 2556 usbuhci - ok 13:35:18.0843 2556 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 13:35:18.0843 2556 VgaSave - ok 13:35:18.0937 2556 [ 6933017F45C8D4A6CF7CB159A333DF68 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys 13:35:18.0953 2556 viagfx - ok 13:35:19.0015 2556 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\drivers\ViaIde.sys 13:35:19.0031 2556 ViaIde - ok 13:35:19.0093 2556 [ 4CC623591204ACD5FC89BD0DAD70E838 ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys 13:35:19.0093 2556 videX32 - ok 13:35:19.0171 2556 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 13:35:19.0171 2556 VolSnap - ok 13:35:19.0234 2556 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 13:35:19.0234 2556 VSS - ok 13:35:19.0312 2556 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 13:35:19.0312 2556 W32Time - ok 13:35:19.0390 2556 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:35:19.0390 2556 Wanarp - ok 13:35:19.0484 2556 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 13:35:19.0500 2556 Wdf01000 - ok 13:35:19.0515 2556 WDICA - ok 13:35:19.0593 2556 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 13:35:19.0593 2556 wdmaud - ok 13:35:19.0640 2556 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 13:35:19.0656 2556 WebClient - ok 13:35:19.0765 2556 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 13:35:19.0781 2556 winmgmt - ok 13:35:19.0875 2556 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 13:35:19.0875 2556 WmdmPmSN - ok 13:35:19.0953 2556 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 13:35:19.0953 2556 WmiApSrv - ok 13:35:20.0093 2556 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 13:35:20.0140 2556 WMPNetworkSvc - ok 13:35:20.0234 2556 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:35:20.0312 2556 WPFFontCache_v0400 - ok 13:35:20.0359 2556 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 13:35:20.0359 2556 WS2IFSL - ok 13:35:20.0437 2556 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 13:35:20.0437 2556 wscsvc - ok 13:35:20.0500 2556 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 13:35:20.0500 2556 wuauserv - ok 13:35:20.0578 2556 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:35:20.0578 2556 WudfPf - ok 13:35:20.0640 2556 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:35:20.0640 2556 WudfRd - ok 13:35:20.0671 2556 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 13:35:20.0687 2556 WudfSvc - ok 13:35:20.0765 2556 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 13:35:20.0781 2556 WZCSVC - ok 13:35:20.0828 2556 [ A1B2B0211441F9C822F8CBC0C2D1B41E ] xfilt C:\WINDOWS\system32\DRIVERS\xfilt.sys 13:35:20.0828 2556 xfilt - ok 13:35:20.0890 2556 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 13:35:20.0890 2556 xmlprov - ok 13:35:20.0953 2556 ================ Scan global =============================== 13:35:21.0000 2556 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 13:35:21.0062 2556 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 13:35:21.0109 2556 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 13:35:21.0171 2556 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 13:35:21.0171 2556 [Global] - ok 13:35:21.0171 2556 ================ Scan MBR ================================== 13:35:21.0187 2556 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 13:35:21.0187 2556 \Device\Harddisk0\DR0 - ok 13:35:21.0234 2556 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 13:35:21.0406 2556 \Device\Harddisk1\DR1 - ok 13:35:21.0406 2556 ================ Scan VBR ================================== 13:35:21.0421 2556 [ 336087AB8805DB8D8C8561C95AD161B8 ] \Device\Harddisk0\DR0\Partition1 13:35:21.0421 2556 \Device\Harddisk0\DR0\Partition1 - ok 13:35:21.0437 2556 [ B8CDD6740677BBD8698305621882EB47 ] \Device\Harddisk1\DR1\Partition1 13:35:21.0437 2556 \Device\Harddisk1\DR1\Partition1 - ok 13:35:21.0453 2556 ============================================================ 13:35:21.0453 2556 Scan finished 13:35:21.0453 2556 ============================================================ 13:35:21.0515 1676 Detected object count: 0 13:35:21.0515 1676 Actual detected object count: 0 aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-03 13:36:53 ----------------------------- 13:36:53.984 OS Version: Windows 5.1.2600 Service Pack 3 13:36:53.984 Number of processors: 2 586 0xF06 13:36:53.984 ComputerName: USER-A7C827E03A UserName: User 13:36:54.375 Initialize success 13:42:04.437 AVAST engine defs: 12120200 13:42:27.093 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 13:42:27.109 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3 13:42:27.125 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-13 13:42:27.125 Disk 1 Vendor: ST3802110A 3.AAJ Size: 76319MB BusType: 3 13:42:27.156 Disk 1 MBR read successfully 13:42:27.171 Disk 1 MBR scan 13:42:27.296 Disk 1 Windows XP default MBR code 13:42:27.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63 13:42:27.328 Disk 1 scanning sectors +156280320 13:42:27.500 Disk 1 scanning C:\WINDOWS\system32\drivers 13:42:44.578 Service scanning 13:43:22.015 Modules scanning 13:43:44.218 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS** 13:43:44.265 Disk 1 trace - called modules: 13:43:44.312 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS 13:43:44.328 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86512ab8] 13:43:44.343 3 CLASSPNP.SYS[f7680fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8655e9e8] 13:43:44.359 5 ACPI.sys[f7507620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-13[0x8655b940] 13:43:45.062 AVAST engine scan C:\WINDOWS 13:44:09.296 AVAST engine scan C:\WINDOWS\system32 13:47:44.687 AVAST engine scan C:\WINDOWS\system32\drivers 13:48:08.921 AVAST engine scan C:\Documents and Settings\User 14:38:16.515 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts\New virus\MBR.dat" 14:38:16.625 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\Unused Desktop Shortcuts\New virus\aswMBR.txt" Thanks, Can I turn on MSE?