grey hair

Browser Hijack and probable trojan

21 posts in this topic

Hi guys,

I appear to have a nasty little problem. Have run malwayebytes quick scan plus AVG 2012. Nothing seems to remove it. AVG keeps going off like a frog in a sock every 10 minutes when it finds another threat. Then, everytime I go on internet with Firefox sometimes it will go to right page, most times it wont and random extra tag pages start to open up for shopping sites. Any help would be greatly appreciated. Thanks. Logs attached.

dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31

Run by Owner at 10:26:22 on 2012-03-21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.599 [GMT 10:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\CAP3RSK.EXE

C:\WINDOWS\system32\CNAB3RPK.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: CashKeywords Toolbar: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - c:\program files\cashkeywords\prxtbCas1.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

uRun: [Greenshot] c:\program files\greenshot\Greenshot.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Nuance PDF Reader-reminder] "c:\program files\nuance\pdf reader\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf reader\ereg\Ereg.ini"

mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

LSP: mswsock.dll

Trusted Zone: iinet.net.au\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://aussieshort.webex.com/client/T26L/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{771ED046-B0D8-4D60-924C-023E337AB576} : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{E1477D81-BC16-4761-A523-3A4FE3C6131C} : DhcpNameServer = 10.1.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4a4uylfi.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-11-24 222976]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S2 mferkdk;FlexBios;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-21 40776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-20 22:25:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-20 21:54:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-20 14:25:16 -------- d-----w- c:\program files\Microsoft Research

2012-03-17 03:44:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-17 03:44:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-06 11:03:21 -------- d-----w- c:\documents and settings\owner\application data\YCanPDF

2012-03-06 11:03:16 -------- d-----w- C:\tmp

2012-03-06 11:03:16 -------- d-----w- C:\output

2012-03-06 03:02:39 -------- d-----w- c:\documents and settings\owner\application data\Iona Photo-Book Publisher

2012-03-04 05:42:22 -------- d-----w- c:\documents and settings\owner\application data\calibre

2012-03-04 05:41:12 -------- d-----w- c:\program files\Calibre2

2012-02-29 04:44:57 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-29 04:44:57 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-28 14:03:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 05:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 05:34:08 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-18 04:58:39 737280 ----a-w- c:\windows\iun6002.exe

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 10:27:28.78 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/09/2006 10:51:27 AM

System Uptime: 21/03/2012 10:09:26 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM

Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2218/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 47.65 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 714.774 GiB free.

G: is FIXED (NTFS) - 75 GiB total, 13.274 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2C575ACB&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP145: 22/12/2011 10:50:40 AM - System Checkpoint

RP146: 23/12/2011 11:39:35 AM - System Checkpoint

RP147: 24/12/2011 12:25:47 PM - System Checkpoint

RP148: 26/12/2011 1:22:48 PM - System Checkpoint

RP149: 27/12/2011 2:12:31 PM - System Checkpoint

RP150: 28/12/2011 3:26:20 PM - System Checkpoint

RP151: 29/12/2011 4:34:26 PM - System Checkpoint

RP152: 30/12/2011 4:50:52 PM - System Checkpoint

RP153: 31/12/2011 5:37:05 PM - System Checkpoint

RP154: 1/01/2012 6:19:20 PM - System Checkpoint

RP155: 2/01/2012 6:30:44 PM - System Checkpoint

RP156: 3/01/2012 6:31:12 PM - System Checkpoint

RP157: 3/01/2012 9:02:35 AM - System Checkpoint

RP158: 4/01/2012 10:00:09 AM - System Checkpoint

RP159: 4/01/2012 2:14:34 PM - Software Distribution Service 3.0

RP160: 5/01/2012 3:28:17 PM - System Checkpoint

RP161: 7/01/2012 9:57:18 AM - System Checkpoint

RP162: 8/01/2012 3:40:41 PM - System Checkpoint

RP163: 9/01/2012 9:08:55 PM - System Checkpoint

RP164: 10/01/2012 9:21:05 PM - System Checkpoint

RP165: 11/01/2012 3:45:50 PM - Software Distribution Service 3.0

RP166: 12/01/2012 4:43:26 PM - System Checkpoint

RP167: 13/01/2012 5:26:13 PM - System Checkpoint

RP168: 14/01/2012 6:17:28 PM - System Checkpoint

RP169: 15/01/2012 6:25:49 PM - System Checkpoint

RP170: 16/01/2012 6:33:22 PM - System Checkpoint

RP171: 17/01/2012 6:34:38 PM - System Checkpoint

RP172: 18/01/2012 6:58:07 PM - System Checkpoint

RP173: 19/01/2012 12:09:12 PM - Software Distribution Service 3.0

RP174: 19/01/2012 12:38:01 PM - Installed Windows Internet Explorer 8.

RP175: 20/01/2012 1:07:34 PM - System Checkpoint

RP176: 21/01/2012 2:03:58 PM - System Checkpoint

RP177: 22/01/2012 4:13:46 PM - System Checkpoint

RP178: 23/01/2012 5:57:30 PM - System Checkpoint

RP179: 24/01/2012 6:30:54 PM - System Checkpoint

RP180: 25/01/2012 4:42:59 PM - Software Distribution Service 3.0

RP181: 26/01/2012 9:26:37 PM - System Checkpoint

RP182: 27/01/2012 10:15:51 PM - System Checkpoint

RP183: 28/01/2012 10:49:48 PM - System Checkpoint

RP184: 30/01/2012 10:10:08 AM - System Checkpoint

RP185: 31/01/2012 10:49:33 AM - System Checkpoint

RP186: 1/02/2012 11:13:55 AM - System Checkpoint

RP187: 2/02/2012 7:15:30 PM - System Checkpoint

RP188: 3/02/2012 9:06:34 PM - System Checkpoint

RP189: 4/02/2012 9:26:49 PM - System Checkpoint

RP190: 5/02/2012 10:13:10 PM - System Checkpoint

RP191: 6/02/2012 10:34:46 PM - System Checkpoint

RP192: 8/02/2012 7:54:25 AM - System Checkpoint

RP193: 9/02/2012 9:15:39 AM - System Checkpoint

RP194: 27/02/2012 3:32:45 PM - Removed Java™ 6 Update 27

RP195: 27/02/2012 3:33:40 PM - Installed Java™ 6 Update 31

RP196: 28/02/2012 3:44:01 PM - System Checkpoint

RP197: 29/02/2012 2:47:54 PM - Software Distribution Service 3.0

RP198: 1/03/2012 3:15:20 PM - System Checkpoint

RP199: 2/03/2012 3:28:45 PM - System Checkpoint

RP200: 3/03/2012 4:15:15 PM - System Checkpoint

RP201: 4/03/2012 3:41:07 PM - Installed calibre

RP202: 5/03/2012 5:42:05 PM - System Checkpoint

RP203: 6/03/2012 6:03:50 PM - System Checkpoint

RP204: 7/03/2012 6:55:16 PM - System Checkpoint

RP205: 8/03/2012 7:04:46 PM - System Checkpoint

RP206: 9/03/2012 7:55:24 PM - System Checkpoint

RP207: 10/03/2012 8:08:55 PM - System Checkpoint

RP208: 11/03/2012 8:31:07 PM - System Checkpoint

RP209: 12/03/2012 9:14:46 PM - System Checkpoint

RP210: 13/03/2012 4:00:49 PM - Software Distribution Service 3.0

RP211: 14/03/2012 5:52:45 PM - System Checkpoint

RP212: 15/03/2012 8:35:30 AM - Software Distribution Service 3.0

RP213: 16/03/2012 9:39:11 AM - System Checkpoint

RP214: 17/03/2012 9:58:16 AM - System Checkpoint

RP215: 18/03/2012 10:27:43 AM - System Checkpoint

RP216: 19/03/2012 10:32:24 AM - System Checkpoint

RP217: 20/03/2012 11:27:54 AM - System Checkpoint

RP218: 20/03/2012 11:12:42 PM - Software Distribution Service 3.0

RP219: 21/03/2012 12:25:15 AM - Installed Microsoft Image Composite Editor

.

==== Installed Programs ======================

.

7-Zip 4.65

Adobe Acrobat 6.0.1 Professional

Adobe Acrobat and Reader 6.0.3 Update

Adobe Acrobat and Reader 6.0.4 Update

Adobe Acrobat and Reader 6.0.5 Update

Adobe Acrobat and Reader 6.0.6 Update

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.3.4

Adobe Shockwave Player

Alvin Phang's Atomic Blogging Keyword Research Tool v2.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Article Assistant

Ashampoo Burning Studio Elements 10.0.9

ASUSUpdate

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

Athlon 64 Processor Driver

Audacity 1.2.6

Auto Click Profit

AVG 2012

BlueVoda Website Builder 12.2

Bonjour

BookSmart® 2.8.0 2.8.0

calibre

CamStudio Lossless Codec

CamStudioIM

Camtasia Studio 6

Canon CanoScan Toolbox 4.5

Canon LASER SHOT LBP-1120

Canon LBP3000

CashKeywords Toolbar

CCleaner

Compatibility Pack for the 2007 Office system

ConvertHelper 2.2

ConvertXtoDVD 4.0.10.324

Creative Specifix® Memory Publisher

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 2.7

Directory Submitter 1.0.29

DP Animation Maker

DupeFree Pro

DupeFree Pro v2(remove only)

DVD Shrink 3.2

e-Record 6

e-tax 2008

e-tax 2009

e-tax 2010

e-tax 2011

eBridge Trader

Fast Content Producer

FileNet Desktop eForms

FileZilla Client 3.5.3

Forex Strategy Builder v2.60.0.0 Beta

FormatFactory 2.60

Free Video Joiner 1.1

Free WMA to MP3 Converter 1.16

GnuWin32: Wget-1.11.4-1

Good Keywords v3 121708

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToMeeting 4.8.0.723

Greenshot

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HTML Slideshow Powertoy for Windows XP

Hubb Investor

HyperVRE 1.9.1

Ideal DVD Copy V3.2.5

Image Optimizer 3.0

Image Resizer Powertoy for Windows XP

ImgBurn

InstantArticleWizard

Intel® Graphics Media Accelerator Driver

iPhone Configuration Utility

iResizer 1.1

iTunes

Jalbum

Jalbum 8.1

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java™ 6 Update 3

Java™ 6 Update 31

Java™ 6 Update 5

Java™ 6 Update 6

Java™ 6 Update 7

Jing

jv16 PowerTools

Karen's Directory Printer

Karen's Replicator

Keyword Pad v1.0.112706

KeywordCorral

Lame ACM MP3 Codec

LAME v3.98.3 for Audacity

Legacy 5.0

Legacy 6.0

Lizardtech DjVu Control

Malwarebytes Anti-Malware version 1.60.1.1000

MassArticleCreator

Memory Publisher

MetaTrader- AxisTrader 4.00

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Image Composite Editor

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel Viewer 2003

Microsoft Office XP Professional with FrontPage

Microsoft Publisher 2002

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 11.0 (x86 en-US)

Mozilla Thunderbird 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Free Web Site Builder

Myson Century USB Driver for Windows 98&ME

Nero 7 Ultra Edition

neroxml

Nuance PDF Reader

NVIDIA Drivers

Nvu 1.0PR

OTrader Software Option Pricing

OutFront Web Template

Passenger Arrivals 1839 - 1890

Passenger Arrivals 1839 - 1890 (C:\Program Files\Passenger Arrivals 1839 - 1890\)

PDF Password Remover v2.5

PE Builder 3.1.10a

Photo Story 3 for Windows

Photoupz 1.6

PIXresizer 1.0.8

Platform

Power Article Rewriter

PowerDVD

QFHSdatasearch

QuickTime

RAR Repair Tool v.4.0.1

Retouch Pilot Free 3.4.1

S3 Ripper 1.3

SAG Rookwood Cemetery v1.10

SAG Waverley and South Head Cemeteries v1.14

Samsung Master

Samsung Media Studio

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 1.0 PIM & File Manager

Samsung PC Studio 3

Samsung_MonSetup

ScanSoft OmniPage SE 4

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Serif PhotoPlus 7.0

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 8

Swiff Player 1.5

TeamViewer 7

Traffic Travis 3.3.19

Traffic Travis 4.0.0

Traffic Travis 4.1.0

TrafficSeeker 7.0 Lite

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIA Platform Device Manager

Vidmex 1.39

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.0

vReveal

VSeven MP4 Converter 1.0

Watermark Image software version 1.6.8.1

WebEx

WebFldrs XP

Winamp

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinHTTrack Website Copier 3.43-2

Wondershare PDF Converter (Build 2.6.2)

Wondershare PDF Converter (Build 3.0.0)

Wondershare Video Converter Ultimate(Build 5.4.3.0)

Wondershare Vivideo(Build 2.0.0.10)

WordFlood 1.2 (remove only)

WYSIWYG Web Builder 5.0

XHeader

XHeader Bonus Download

XML Paper Specification Shared Components Pack 1.0

XSitePro2

XviD MPEG-4 Video Codec

.

==== Event Viewer Messages From Past Week ========

.

21/03/2012 9:55:35 AM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: Access is denied.

21/03/2012 9:50:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147943555

21/03/2012 9:50:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402

21/03/2012 9:39:55 AM, error: Service Control Manager [7023] - The BsHelpCS service terminated with the following error: Access is denied.

21/03/2012 9:24:54 AM, error: Service Control Manager [7023] - The REVOSENS service terminated with the following error: Access is denied.

21/03/2012 9:23:54 AM, error: Service Control Manager [7023] - The Vcsw service terminated with the following error: Access is denied.

21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: The specified module could not be found.

21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: The specified module could not be found.

21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: The specified module could not be found.

21/03/2012 9:15:42 AM, error: Service Control Manager [7023] - The Ctaud2k service terminated with the following error: The specified module could not be found.

21/03/2012 9:10:27 AM, error: Service Control Manager [7023] - The Ssmdrv service terminated with the following error: Access is denied.

21/03/2012 8:55:27 AM, error: Service Control Manager [7023] - The Ctaud2k service terminated with the following error: Access is denied.

21/03/2012 8:50:07 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147943555

21/03/2012 8:50:01 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402

21/03/2012 8:40:31 AM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: Access is denied.

21/03/2012 8:25:17 AM, error: Service Control Manager [7023] - The MRENDIS5 service terminated with the following error: Access is denied.

21/03/2012 8:10:16 AM, error: Service Control Manager [7023] - The DVDVRRdr_xp service terminated with the following error: Access is denied.

21/03/2012 8:09:17 AM, error: Service Control Manager [7023] - The Z800mdm service terminated with the following error: Access is denied.

21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.

21/03/2012 8:02:44 AM, error: Service Control Manager [7023] - The Hap17v2k service terminated with the following error: The specified module could not be found.

21/03/2012 7:54:43 AM, error: Service Control Manager [7023] - The Hap17v2k service terminated with the following error: Access is denied.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Vcsw service terminated with the following error: The specified module could not be found.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Ssmdrv service terminated with the following error: The specified module could not be found.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: The specified module could not be found.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The REVOSENS service terminated with the following error: The specified module could not be found.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The Mmc_2K service terminated with the following error: Access is denied.

21/03/2012 10:13:40 AM, error: Service Control Manager [7023] - The BsHelpCS service terminated with the following error: The specified module could not be found.

20/03/2012 8:50:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

20/03/2012 5:18:29 PM, error: Dhcp [1002] - The IP address lease 10.1.1.4 for the Network Card with network address 001FC6C77F99 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

18/03/2012 10:11:20 AM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 001FC6C77F99 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Just an update. AVG Resident Shield Alert keeps going off every 10 minutes or so. The threat name is - Trojan Horse Crypt.AQLW. It appears to be creating random .dll files which try to open and get detected by AVG. This has been driving me nuts for 3 days now, any help would greatly appreciated.

Share this post


Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Share this post


Link to post
Share on other sites

Thanks LTD, luckily I do not do internet banking. I do use ebay and paypal but I do not leave any passwords logged into any system, except for 1 sharemarket site. I keep all passwords in a book and use them as and when needed and always clean browser cache after using them. Have been operating from laptop for past 3 days as did not want to use infected desktop for anything. Will change the 1 password logged into desktop, after that should be good to go.

What do I need to do now?

Thanks.

Share this post


Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Here is requested log file from TDSSKiller.

I am downloading these files on laptop and using usb key to swap between machines. Hopefully this will work ok. Touch wood.

00:01:24.0359 1404 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

00:01:25.0500 1404 ============================================================

00:01:25.0500 1404 Current date / time: 2012/03/24 00:01:25.0500

00:01:25.0500 1404 SystemInfo:

00:01:25.0500 1404

00:01:25.0500 1404 OS Version: 5.1.2600 ServicePack: 3.0

00:01:25.0500 1404 Product type: Workstation

00:01:25.0500 1404 ComputerName: USER

00:01:25.0500 1404 UserName: Owner

00:01:25.0500 1404 Windows directory: C:\WINDOWS

00:01:25.0500 1404 System windows directory: C:\WINDOWS

00:01:25.0500 1404 Processor architecture: Intel x86

00:01:25.0500 1404 Number of processors: 2

00:01:25.0500 1404 Page size: 0x1000

00:01:25.0500 1404 Boot type: Normal boot

00:01:25.0500 1404 ============================================================

00:01:27.0531 1404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

00:01:27.0562 1404 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

00:01:27.0984 1404 Drive \Device\Harddisk2\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

00:01:27.0984 1404 \Device\Harddisk0\DR0:

00:01:27.0984 1404 MBR used

00:01:27.0984 1404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

00:01:27.0984 1404 \Device\Harddisk1\DR1:

00:01:27.0984 1404 MBR used

00:01:27.0984 1404 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

00:01:27.0984 1404 \Device\Harddisk2\DR4:

00:01:27.0984 1404 MBR used

00:01:27.0984 1404 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080

00:01:28.0109 1404 Initialize success

00:01:28.0109 1404 ============================================================

00:01:43.0890 0372 ============================================================

00:01:43.0890 0372 Scan started

00:01:43.0890 0372 Mode: Manual; SigCheck; TDLFS;

00:01:43.0890 0372 ============================================================

00:01:44.0359 0372 Abiosdsk - ok

00:01:44.0546 0372 abp480n5 - ok

00:01:44.0921 0372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

00:01:50.0031 0372 ACPI - ok

00:01:50.0343 0372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

00:01:50.0484 0372 ACPIEC - ok

00:01:50.0765 0372 ADIHdAudAddService - ok

00:01:50.0937 0372 adpu160m - ok

00:01:51.0109 0372 aeaudio - ok

00:01:51.0296 0372 AEAudioService - ok

00:01:51.0546 0372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

00:01:51.0812 0372 aec - ok

00:01:52.0062 0372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

00:01:52.0218 0372 AFD - ok

00:01:52.0406 0372 Aha154x - ok

00:01:52.0687 0372 aic78u2 - ok

00:01:52.0859 0372 aic78xx - ok

00:01:53.0078 0372 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

00:01:53.0171 0372 Alerter - ok

00:01:53.0375 0372 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

00:01:53.0484 0372 ALG - ok

00:01:53.0765 0372 AliIde - ok

00:01:54.0000 0372 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

00:01:54.0078 0372 AmdK8 - ok

00:01:54.0250 0372 amsint - ok

00:01:54.0406 0372 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:01:54.0421 0372 Apple Mobile Device - ok

00:01:54.0703 0372 AppMgmt - ok

00:01:54.0875 0372 AppnApi - ok

00:01:55.0109 0372 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

00:01:55.0218 0372 Arp1394 - ok

00:01:55.0406 0372 asc - ok

00:01:55.0687 0372 asc3350p - ok

00:01:55.0875 0372 asc3550 - ok

00:01:56.0093 0372 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

00:01:56.0703 0372 AsIO - ok

00:01:56.0921 0372 aslm75 - ok

00:01:57.0171 0372 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

00:01:57.0234 0372 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

00:01:57.0234 0372 Aspi32 - detected UnsignedFile.Multi.Generic (1)

00:01:57.0453 0372 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

00:01:57.0500 0372 aspnet_state - ok

00:01:57.0828 0372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

00:01:57.0937 0372 AsyncMac - ok

00:01:58.0171 0372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

00:01:58.0312 0372 atapi - ok

00:01:58.0484 0372 Atdisk - ok

00:01:58.0828 0372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

00:01:58.0937 0372 Atmarpc - ok

00:01:59.0093 0372 ATNT40K - ok

00:01:59.0312 0372 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

00:01:59.0406 0372 AudioSrv - ok

00:01:59.0734 0372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

00:01:59.0843 0372 audstub - ok

00:02:00.0000 0372 avgfwsrv - ok

00:02:01.0531 0372 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

00:02:04.0218 0372 AVGIDSAgent - ok

00:02:04.0687 0372 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

00:02:04.0687 0372 AVGIDSDriver - ok

00:02:04.0921 0372 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

00:02:04.0968 0372 AVGIDSEH - ok

00:02:05.0218 0372 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

00:02:05.0218 0372 AVGIDSFilter - ok

00:02:05.0437 0372 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

00:02:05.0453 0372 AVGIDSShim - ok

00:02:05.0812 0372 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

00:02:05.0906 0372 Avgldx86 - ok

00:02:06.0109 0372 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

00:02:06.0140 0372 Avgmfx86 - ok

00:02:06.0375 0372 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

00:02:06.0406 0372 Avgrkx86 - ok

00:02:06.0812 0372 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

00:02:06.0921 0372 Avgtdix - ok

00:02:07.0156 0372 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

00:02:07.0187 0372 avgwd - ok

00:02:07.0406 0372 b57w2k - ok

00:02:07.0687 0372 backupexecjobengine - ok

00:02:07.0859 0372 backupexecnamingservice - ok

00:02:08.0015 0372 Bcim - ok

00:02:08.0187 0372 bdselfpr - ok

00:02:08.0406 0372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

00:02:08.0531 0372 Beep - ok

00:02:08.0937 0372 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

00:02:09.0437 0372 BITS - ok

00:02:09.0765 0372 bocdrive - ok

00:02:09.0984 0372 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe

00:02:10.0140 0372 Bonjour Service - ok

00:02:10.0312 0372 bridge - ok

00:02:10.0531 0372 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

00:02:10.0765 0372 Browser - ok

00:02:10.0921 0372 BrSerIf - ok

00:02:11.0093 0372 bvrp_pci - ok

00:02:11.0234 0372 catchme - ok

00:02:11.0468 0372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

00:02:11.0640 0372 cbidf2k - ok

00:02:11.0843 0372 cd20xrnt - ok

00:02:12.0046 0372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

00:02:12.0156 0372 Cdaudio - ok

00:02:12.0421 0372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

00:02:12.0531 0372 Cdfs - ok

00:02:12.0812 0372 cdfsvc - ok

00:02:13.0046 0372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

00:02:13.0187 0372 Cdrom - ok

00:02:13.0359 0372 Changer - ok

00:02:13.0531 0372 cics.region1 - ok

00:02:13.0828 0372 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

00:02:13.0937 0372 CiSvc - ok

00:02:14.0156 0372 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

00:02:14.0265 0372 ClipSrv - ok

00:02:14.0453 0372 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:02:14.0484 0372 clr_optimization_v2.0.50727_32 - ok

00:02:14.0781 0372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:02:14.0875 0372 clr_optimization_v4.0.30319_32 - ok

00:02:15.0078 0372 CmdIde - ok

00:02:15.0265 0372 COMSysApp - ok

00:02:15.0468 0372 Cpqarray - ok

00:02:15.0781 0372 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

00:02:15.0890 0372 CryptSvc - ok

00:02:16.0062 0372 CTEDSPFX.DLL - ok

00:02:16.0234 0372 ctxhttp - ok

00:02:16.0390 0372 cxpt_service - ok

00:02:16.0687 0372 dac2w2k - ok

00:02:16.0859 0372 dac960nt - ok

00:02:17.0187 0372 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

00:02:17.0343 0372 DcomLaunch - ok

00:02:17.0593 0372 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

00:02:17.0812 0372 Dhcp - ok

00:02:18.0046 0372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

00:02:18.0140 0372 Disk - ok

00:02:18.0312 0372 dlbx_device - ok

00:02:18.0484 0372 DM9102 - ok

00:02:18.0750 0372 dmadmin - ok

00:02:19.0171 0372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

00:02:19.0750 0372 dmboot - ok

00:02:19.0984 0372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

00:02:20.0156 0372 dmio - ok

00:02:20.0359 0372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

00:02:20.0468 0372 dmload - ok

00:02:20.0781 0372 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

00:02:20.0875 0372 dmserver - ok

00:02:21.0093 0372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

00:02:21.0218 0372 DMusic - ok

00:02:21.0421 0372 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

00:02:21.0703 0372 Dnscache - ok

00:02:21.0921 0372 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

00:02:22.0062 0372 Dot3svc - ok

00:02:22.0234 0372 downloadmanagerlite - ok

00:02:22.0437 0372 dpti2o - ok

00:02:22.0765 0372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

00:02:22.0859 0372 drmkaud - ok

00:02:23.0078 0372 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

00:02:23.0187 0372 EapHost - ok

00:02:23.0359 0372 emu10k - ok

00:02:23.0562 0372 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

00:02:23.0765 0372 ERSvc - ok

00:02:24.0000 0372 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

00:02:24.0062 0372 Eventlog - ok

00:02:24.0343 0372 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

00:02:24.0453 0372 EventSystem - ok

00:02:24.0859 0372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

00:02:25.0000 0372 Fastfat - ok

00:02:25.0250 0372 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

00:02:25.0343 0372 FastUserSwitchingCompatibility - ok

00:02:25.0578 0372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

00:02:25.0781 0372 Fdc - ok

00:02:25.0937 0372 filemon701 - ok

00:02:26.0187 0372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

00:02:26.0281 0372 Fips - ok

00:02:26.0468 0372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

00:02:26.0593 0372 Flpydisk - ok

00:02:26.0906 0372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

00:02:27.0031 0372 FltMgr - ok

00:02:27.0250 0372 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

00:02:27.0265 0372 FontCache3.0.0.0 - ok

00:02:27.0453 0372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

00:02:27.0578 0372 Fs_Rec - ok

00:02:27.0875 0372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

00:02:28.0015 0372 Ftdisk - ok

00:02:28.0187 0372 GBFSHook - ok

00:02:28.0421 0372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

00:02:28.0437 0372 GEARAspiWDM - ok

00:02:28.0703 0372 ggsemc - ok

00:02:28.0875 0372 gmer - ok

00:02:29.0078 0372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

00:02:29.0203 0372 Gpc - ok

00:02:29.0437 0372 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

00:02:29.0453 0372 gupdate - ok

00:02:29.0484 0372 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

00:02:29.0531 0372 gupdatem - ok

00:02:29.0734 0372 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

00:02:29.0781 0372 gusvc - ok

00:02:30.0031 0372 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

00:02:30.0171 0372 HdAudAddService - ok

00:02:30.0437 0372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

00:02:30.0609 0372 HDAudBus - ok

00:02:30.0734 0372 helpsvc - ok

00:02:30.0906 0372 HidBth - ok

00:02:31.0125 0372 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

00:02:31.0296 0372 HidServ - ok

00:02:31.0500 0372 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

00:02:31.0671 0372 HidUsb - ok

00:02:31.0875 0372 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

00:02:31.0984 0372 hkmsvc - ok

00:02:32.0171 0372 hpn - ok

00:02:32.0484 0372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

00:02:32.0734 0372 HTTP - ok

00:02:32.0953 0372 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

00:02:33.0078 0372 HTTPFilter - ok

00:02:33.0265 0372 i2omgmt - ok

00:02:33.0437 0372 i2omp - ok

00:02:33.0781 0372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

00:02:33.0890 0372 i8042prt - ok

00:02:34.0046 0372 iAimTV5 - ok

00:02:36.0203 0372 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

00:02:40.0093 0372 ialm - ok

00:02:40.0328 0372 ibmsmbus - ok

00:02:40.0578 0372 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

00:02:40.0718 0372 IDriverT ( UnsignedFile.Multi.Generic ) - warning

00:02:40.0718 0372 IDriverT - detected UnsignedFile.Multi.Generic (1)

00:02:41.0125 0372 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

00:02:41.0718 0372 idsvc - ok

00:02:42.0000 0372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

00:02:42.0109 0372 Imapi - ok

00:02:42.0359 0372 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

00:02:42.0468 0372 ImapiService - ok

00:02:42.0781 0372 ini910u - ok

00:02:42.0968 0372 IntelIde - ok

00:02:43.0203 0372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

00:02:43.0296 0372 intelppm - ok

00:02:43.0515 0372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

00:02:43.0671 0372 Ip6Fw - ok

00:02:43.0890 0372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

00:02:44.0000 0372 IpFilterDriver - ok

00:02:44.0218 0372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

00:02:44.0296 0372 IpInIp - ok

00:02:44.0546 0372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

00:02:44.0812 0372 IpNat - ok

00:02:45.0140 0372 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe

00:02:45.0609 0372 iPod Service - ok

00:02:45.0890 0372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

00:02:46.0015 0372 IPSec - ok

00:02:46.0203 0372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

00:02:46.0312 0372 IRENUM - ok

00:02:46.0546 0372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

00:02:46.0765 0372 isapnp - ok

00:02:46.0921 0372 isdrv122 - ok

00:02:47.0093 0372 iviVD - ok

00:02:47.0390 0372 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

00:02:47.0437 0372 JavaQuickStarterService - ok

00:02:47.0781 0372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

00:02:47.0921 0372 Kbdclass - ok

00:02:48.0125 0372 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

00:02:48.0234 0372 kbdhid - ok

00:02:48.0406 0372 klif - ok

00:02:48.0765 0372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

00:02:48.0906 0372 kmixer - ok

00:02:49.0156 0372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

00:02:49.0359 0372 KSecDD - ok

00:02:49.0703 0372 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

00:02:49.0812 0372 L1e - ok

00:02:50.0031 0372 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

00:02:50.0140 0372 lanmanserver - ok

00:02:50.0390 0372 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

00:02:50.0453 0372 lanmanworkstation - ok

00:02:50.0781 0372 Lbd - ok

00:02:50.0953 0372 lbrtfdc - ok

00:02:51.0140 0372 lexbces - ok

00:02:51.0328 0372 lirsgt - ok

00:02:51.0531 0372 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

00:02:51.0687 0372 LmHosts - ok

00:02:51.0859 0372 lvckap - ok

00:02:52.0015 0372 lyncusbserv - ok

00:02:52.0234 0372 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

00:02:52.0265 0372 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

00:02:52.0265 0372 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

00:02:52.0437 0372 mbr - ok

00:02:52.0703 0372 mcupdmgr.exe - ok

00:02:52.0921 0372 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

00:02:53.0000 0372 Messenger - ok

00:02:53.0171 0372 mfeavfk - ok

00:02:53.0343 0372 mferkdk - ok

00:02:53.0562 0372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

00:02:53.0781 0372 mnmdd - ok

00:02:53.0968 0372 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

00:02:54.0078 0372 mnmsrvc - ok

00:02:54.0312 0372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

00:02:54.0406 0372 Modem - ok

00:02:55.0093 0372 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

00:02:56.0031 0372 monfilt - ok

00:02:56.0250 0372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

00:02:56.0359 0372 Mouclass - ok

00:02:56.0578 0372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

00:02:56.0796 0372 mouhid - ok

00:02:57.0015 0372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

00:02:57.0125 0372 MountMgr - ok

00:02:57.0296 0372 mpservice - ok

00:02:57.0468 0372 mraid35x - ok

00:02:57.0750 0372 MREMP50a64 - ok

00:02:57.0968 0372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

00:02:58.0140 0372 MRxDAV - ok

00:02:58.0484 0372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

00:02:58.0859 0372 MRxSmb - ok

00:02:59.0093 0372 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

00:02:59.0171 0372 MSDTC - ok

00:02:59.0375 0372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

00:02:59.0484 0372 Msfs - ok

00:02:59.0750 0372 MSIServer - ok

00:03:00.0000 0372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

00:03:00.0078 0372 MSKSSRV - ok

00:03:00.0281 0372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

00:03:00.0390 0372 MSPCLOCK - ok

00:03:00.0718 0372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

00:03:00.0828 0372 MSPQM - ok

00:03:01.0031 0372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

00:03:01.0140 0372 mssmbios - ok

00:03:01.0375 0372 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

00:03:01.0421 0372 MTsensor - ok

00:03:01.0781 0372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

00:03:01.0859 0372 Mup - ok

00:03:02.0031 0372 mwstick - ok

00:03:02.0203 0372 NAL - ok

00:03:02.0468 0372 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

00:03:02.0750 0372 napagent - ok

00:03:02.0921 0372 navapel - ok

00:03:03.0343 0372 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

00:03:03.0718 0372 NBService - ok

00:03:04.0031 0372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

00:03:04.0218 0372 NDIS - ok

00:03:04.0437 0372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

00:03:04.0546 0372 NdisTapi - ok

00:03:04.0812 0372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

00:03:04.0906 0372 Ndisuio - ok

00:03:05.0125 0372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

00:03:05.0250 0372 NdisWan - ok

00:03:05.0468 0372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

00:03:05.0531 0372 NDProxy - ok

00:03:05.0765 0372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

00:03:05.0859 0372 NetBIOS - ok

00:03:06.0140 0372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

00:03:06.0281 0372 NetBT - ok

00:03:06.0515 0372 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

00:03:06.0640 0372 NetDDE - ok

00:03:06.0671 0372 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

00:03:06.0765 0372 NetDDEdsdm - ok

00:03:06.0968 0372 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

00:03:07.0062 0372 Netlogon - ok

00:03:07.0312 0372 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

00:03:07.0437 0372 Netman - ok

00:03:07.0671 0372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

00:03:07.0750 0372 NetTcpPortSharing - ok

00:03:07.0906 0372 nfmservice - ok

00:03:08.0078 0372 ngdbserv - ok

00:03:08.0359 0372 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

00:03:08.0468 0372 NIC1394 - ok

00:03:08.0640 0372 NICSer_WPC300N - ok

00:03:08.0906 0372 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

00:03:08.0953 0372 Nla - ok

00:03:09.0203 0372 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

00:03:09.0296 0372 NMIndexingService - ok

00:03:09.0468 0372 nmwcdcm - ok

00:03:09.0734 0372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

00:03:09.0875 0372 Npfs - ok

00:03:10.0046 0372 NTACCESS - ok

00:03:10.0437 0372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

00:03:10.0781 0372 Ntfs - ok

00:03:10.0984 0372 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

00:03:11.0062 0372 NtLmSsp - ok

00:03:11.0421 0372 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

00:03:11.0718 0372 NtmsSvc - ok

00:03:11.0921 0372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

00:03:12.0031 0372 Null - ok

00:03:13.0265 0372 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

00:03:15.0187 0372 nv - ok

00:03:15.0515 0372 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

00:03:15.0562 0372 NVENETFD - ok

00:03:15.0734 0372 NVNET - ok

00:03:15.0953 0372 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

00:03:16.0000 0372 nvnetbus - ok

00:03:16.0250 0372 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe

00:03:16.0343 0372 NVSvc - ok

00:03:16.0562 0372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

00:03:16.0671 0372 NwlnkFlt - ok

00:03:16.0875 0372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

00:03:17.0015 0372 NwlnkFwd - ok

00:03:17.0234 0372 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

00:03:17.0390 0372 ohci1394 - ok

00:03:17.0546 0372 oracleorahomedatagatherer - ok

00:03:17.0718 0372 oracleorahomepagingserver - ok

00:03:17.0890 0372 oraclexeclragent - ok

00:03:18.0062 0372 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:03:18.0093 0372 ose - ok

00:03:18.0265 0372 p2pimsvc - ok

00:03:18.0421 0372 Packet - ok

00:03:18.0593 0372 pae_1394 - ok

00:03:18.0828 0372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

00:03:18.0953 0372 Parport - ok

00:03:19.0156 0372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

00:03:19.0250 0372 PartMgr - ok

00:03:19.0468 0372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

00:03:19.0578 0372 ParVdm - ok

00:03:19.0734 0372 pav_service - ok

00:03:19.0968 0372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

00:03:20.0078 0372 PCI - ok

00:03:20.0250 0372 PciBus - ok

00:03:20.0437 0372 PCIDump - ok

00:03:20.0625 0372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

00:03:20.0718 0372 PCIIde - ok

00:03:20.0968 0372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

00:03:21.0078 0372 Pcmcia - ok

00:03:21.0328 0372 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

00:03:21.0359 0372 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

00:03:21.0359 0372 Pcouffin - detected UnsignedFile.Multi.Generic (1)

00:03:21.0531 0372 PDCOMP - ok

00:03:21.0718 0372 PDFRAME - ok

00:03:21.0890 0372 pdiddcci - ok

00:03:22.0062 0372 PDRELI - ok

00:03:22.0250 0372 PDRFRAME - ok

00:03:22.0437 0372 perc2 - ok

00:03:22.0609 0372 perc2hib - ok

00:03:22.0859 0372 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

00:03:22.0921 0372 PlugPlay - ok

00:03:23.0125 0372 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

00:03:23.0218 0372 PolicyAgent - ok

00:03:23.0484 0372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

00:03:23.0593 0372 PptpMiniport - ok

00:03:23.0796 0372 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

00:03:23.0906 0372 Processor - ok

00:03:24.0078 0372 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

00:03:24.0156 0372 ProtectedStorage - ok

00:03:24.0359 0372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

00:03:24.0484 0372 PSched - ok

00:03:24.0671 0372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

00:03:24.0765 0372 Ptilink - ok

00:03:24.0937 0372 purgeieservice - ok

00:03:25.0187 0372 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

00:03:25.0203 0372 PxHelp20 - ok

00:03:25.0390 0372 ql1080 - ok

00:03:25.0562 0372 Ql10wnt - ok

00:03:25.0750 0372 ql12160 - ok

00:03:25.0937 0372 ql1240 - ok

00:03:26.0125 0372 ql1280 - ok

00:03:26.0296 0372 ramaint - ok

00:03:26.0500 0372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

00:03:26.0578 0372 RasAcd - ok

00:03:26.0796 0372 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

00:03:26.0906 0372 RasAuto - ok

00:03:27.0109 0372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

00:03:27.0218 0372 Rasl2tp - ok

00:03:27.0468 0372 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

00:03:27.0609 0372 RasMan - ok

00:03:27.0812 0372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

00:03:27.0890 0372 RasPppoe - ok

00:03:28.0109 0372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

00:03:28.0234 0372 Raspti - ok

00:03:28.0484 0372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

00:03:28.0625 0372 Rdbss - ok

00:03:28.0828 0372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

00:03:28.0937 0372 RDPCDD - ok

00:03:29.0109 0372 rdpdr - ok

00:03:29.0390 0372 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

00:03:29.0515 0372 RDPWD - ok

00:03:29.0765 0372 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

00:03:29.0890 0372 RDSessMgr - ok

00:03:30.0140 0372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

00:03:30.0265 0372 redbook - ok

00:03:30.0468 0372 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

00:03:30.0562 0372 RemoteAccess - ok

00:03:30.0718 0372 rimsptsk - ok

00:03:30.0906 0372 RIOXDRV - ok

00:03:31.0109 0372 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

00:03:31.0203 0372 RpcLocator - ok

00:03:31.0515 0372 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

00:03:31.0640 0372 RpcSs - ok

00:03:31.0812 0372 rp_fws - ok

00:03:32.0031 0372 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

00:03:32.0187 0372 RSVP - ok

00:03:32.0359 0372 s125mgmt - ok

00:03:32.0531 0372 s616unic - ok

00:03:32.0703 0372 sagefserver - ok

00:03:32.0859 0372 SaiNtBus - ok

00:03:33.0078 0372 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

00:03:33.0171 0372 SamSs - ok

00:03:33.0187 0372 SANDRA - ok

00:03:33.0343 0372 savrtpel - ok

00:03:33.0578 0372 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

00:03:33.0703 0372 SCardSvr - ok

00:03:33.0937 0372 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

00:03:34.0031 0372 Schedule - ok

00:03:34.0218 0372 sdbus - ok

00:03:34.0390 0372 SE26mdfl - ok

00:03:34.0640 0372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

00:03:34.0734 0372 Secdrv - ok

00:03:34.0921 0372 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

00:03:35.0000 0372 seclogon - ok

00:03:35.0187 0372 SenFiltService - ok

00:03:35.0390 0372 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll

00:03:35.0484 0372 SENS - ok

00:03:35.0718 0372 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

00:03:35.0812 0372 serenum - ok

00:03:36.0062 0372 Serial (a9698a2e0a26d26f551c0db8d535a9fe) C:\WINDOWS\system32\DRIVERS\serial.sys

00:03:36.0109 0372 Serial ( Virus.Win32.ZAccess.k ) - infected

00:03:36.0109 0372 Serial - detected Virus.Win32.ZAccess.k (0)

00:03:36.0281 0372 service - ok

00:03:36.0562 0372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

00:03:36.0656 0372 Sfloppy - ok

00:03:36.0828 0372 SGHIDI - ok

00:03:37.0000 0372 sglogplayer - ok

00:03:37.0281 0372 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

00:03:37.0484 0372 SharedAccess - ok

00:03:37.0703 0372 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

00:03:37.0750 0372 ShellHWDetection - ok

00:03:37.0906 0372 si3114r - ok

00:03:38.0093 0372 Simbad - ok

00:03:38.0265 0372 smserial - ok

00:03:38.0437 0372 SNP2UVC - ok

00:03:38.0609 0372 snpstd - ok

00:03:38.0796 0372 Sparrow - ok

00:03:39.0000 0372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

00:03:39.0140 0372 splitter - ok

00:03:39.0359 0372 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

00:03:39.0390 0372 Spooler - ok

00:03:39.0593 0372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

00:03:39.0718 0372 sr - ok

00:03:39.0968 0372 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

00:03:40.0046 0372 srservice - ok

00:03:40.0343 0372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

00:03:40.0531 0372 Srv - ok

00:03:40.0796 0372 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

00:03:40.0828 0372 sscdbus - ok

00:03:41.0062 0372 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

00:03:41.0078 0372 sscdmdfl - ok

00:03:41.0296 0372 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

00:03:41.0343 0372 sscdmdm - ok

00:03:41.0562 0372 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

00:03:41.0656 0372 SSDPSRV - ok

00:03:41.0828 0372 ssfs0509 - ok

00:03:41.0984 0372 sskbfd - ok

00:03:42.0218 0372 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

00:03:42.0234 0372 StarOpen ( UnsignedFile.Multi.Generic ) - warning

00:03:42.0234 0372 StarOpen - detected UnsignedFile.Multi.Generic (1)

00:03:42.0546 0372 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

00:03:42.0750 0372 stisvc - ok

00:03:42.0984 0372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

00:03:43.0062 0372 swenum - ok

00:03:43.0281 0372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

00:03:43.0390 0372 swmidi - ok

00:03:43.0562 0372 SwPrv - ok

00:03:43.0750 0372 symc810 - ok

00:03:43.0921 0372 symc8xx - ok

00:03:44.0109 0372 sym_hi - ok

00:03:44.0312 0372 sym_u3 - ok

00:03:44.0578 0372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

00:03:44.0671 0372 sysaudio - ok

00:03:44.0906 0372 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

00:03:45.0015 0372 SysmonLog - ok

00:03:45.0312 0372 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

00:03:45.0484 0372 TapiSrv - ok

00:03:45.0828 0372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

00:03:46.0046 0372 Tcpip - ok

00:03:46.0265 0372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

00:03:46.0359 0372 TDPIPE - ok

00:03:46.0562 0372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

00:03:46.0671 0372 TDTCP - ok

00:03:46.0875 0372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

00:03:46.0984 0372 TermDD - ok

00:03:47.0250 0372 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

00:03:47.0343 0372 TermService - ok

00:03:47.0500 0372 tfsndrct - ok

00:03:47.0734 0372 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

00:03:47.0750 0372 Themes - ok

00:03:47.0906 0372 tifm21 - ok

00:03:48.0093 0372 TosIde - ok

00:03:48.0265 0372 TPECioCtl - ok

00:03:48.0437 0372 TPPWRIF - ok

00:03:48.0609 0372 traprcvr - ok

00:03:48.0812 0372 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

00:03:48.0921 0372 TrkWks - ok

00:03:49.0078 0372 TuneUp.Defrag - ok

00:03:49.0359 0372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

00:03:49.0468 0372 Udfs - ok

00:03:49.0625 0372 uhcd - ok

00:03:49.0812 0372 ultra - ok

00:03:50.0125 0372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

00:03:50.0421 0372 Update - ok

00:03:50.0578 0372 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

00:03:50.0671 0372 uploadmgr - ok

00:03:50.0906 0372 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

00:03:51.0062 0372 upnphost - ok

00:03:51.0250 0372 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

00:03:51.0328 0372 UPS - ok

00:03:51.0500 0372 USA49W2KP - ok

00:03:51.0718 0372 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

00:03:51.0750 0372 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

00:03:51.0750 0372 USBAAPL - detected UnsignedFile.Multi.Generic (1)

00:03:51.0968 0372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

00:03:52.0062 0372 usbccgp - ok

00:03:52.0312 0372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

00:03:52.0421 0372 usbehci - ok

00:03:52.0640 0372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

00:03:52.0750 0372 usbhub - ok

00:03:52.0984 0372 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

00:03:53.0078 0372 usbohci - ok

00:03:53.0296 0372 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

00:03:53.0375 0372 usbprint - ok

00:03:53.0578 0372 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

00:03:53.0687 0372 usbscan - ok

00:03:53.0890 0372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

00:03:54.0000 0372 USBSTOR - ok

00:03:54.0234 0372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

00:03:54.0328 0372 usbuhci - ok

00:03:54.0515 0372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

00:03:54.0625 0372 VgaSave - ok

00:03:54.0906 0372 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys

00:03:55.0015 0372 VIAHdAudAddService - ok

00:03:55.0187 0372 ViaIde - ok

00:03:55.0359 0372 videoacceleratorengine - ok

00:03:55.0531 0372 VNUSB - ok

00:03:55.0750 0372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

00:03:55.0859 0372 VolSnap - ok

00:03:56.0031 0372 vsbus - ok

00:03:56.0218 0372 vsmon - ok

00:03:56.0484 0372 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

00:03:56.0656 0372 VSS - ok

00:03:56.0828 0372 vzcdbsvc - ok

00:03:57.0046 0372 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

00:03:57.0171 0372 W32Time - ok

00:03:57.0390 0372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

00:03:57.0500 0372 Wanarp - ok

00:03:57.0671 0372 wap3gx - ok

00:03:57.0843 0372 Wdf01000 - ok

00:03:58.0015 0372 WDICA - ok

00:03:58.0250 0372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

00:03:58.0359 0372 wdmaud - ok

00:03:58.0593 0372 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

00:03:58.0687 0372 WebClient - ok

00:03:58.0843 0372 win32sl - ok

00:03:59.0140 0372 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

00:03:59.0218 0372 winmgmt - ok

00:03:59.0390 0372 winvnc - ok

00:03:59.0609 0372 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

00:03:59.0687 0372 WmdmPmSN - ok

00:03:59.0921 0372 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

00:04:00.0046 0372 WmiApSrv - ok

00:04:00.0421 0372 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

00:04:00.0921 0372 WMPNetworkSvc - ok

00:04:01.0171 0372 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

00:04:01.0203 0372 WpdUsb - ok

00:04:01.0625 0372 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

00:04:02.0000 0372 WPFFontCache_v0400 - ok

00:04:02.0250 0372 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

00:04:02.0375 0372 wuauserv - ok

00:04:02.0640 0372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

00:04:02.0734 0372 WudfPf - ok

00:04:02.0953 0372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

00:04:03.0015 0372 WudfRd - ok

00:04:03.0234 0372 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

00:04:03.0281 0372 WudfSvc - ok

00:04:03.0625 0372 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

00:04:03.0812 0372 WZCSVC - ok

00:04:04.0046 0372 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

00:04:04.0203 0372 xmlprov - ok

00:04:04.0375 0372 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok

00:04:04.0406 0372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

00:04:04.0718 0372 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

00:04:04.0718 0372 \Device\Harddisk0\DR0 - detected TDSS File System (1)

00:04:04.0750 0372 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

00:04:04.0921 0372 \Device\Harddisk1\DR1 - ok

00:04:04.0937 0372 MBR (0x1B8) (4ee85860a9fb58e2f5e265a4d29dd339) \Device\Harddisk2\DR4

00:04:05.0031 0372 \Device\Harddisk2\DR4 - ok

00:04:05.0031 0372 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0

00:04:05.0031 0372 \Device\Harddisk0\DR0\Partition0 - ok

00:04:05.0031 0372 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0

00:04:05.0046 0372 \Device\Harddisk1\DR1\Partition0 - ok

00:04:05.0046 0372 Boot (0x1200) (6ec5e9d43d6bf868ef056faeea7e3d46) \Device\Harddisk2\DR4\Partition0

00:04:05.0046 0372 \Device\Harddisk2\DR4\Partition0 - ok

00:04:05.0046 0372 ============================================================

00:04:05.0046 0372 Scan finished

00:04:05.0046 0372 ============================================================

00:04:05.0156 0368 Detected object count: 8

00:04:05.0156 0368 Actual detected object count: 8

00:05:07.0750 0368 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:07.0750 0368 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:07.0750 0368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:07.0750 0368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:07.0750 0368 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:07.0750 0368 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:07.0750 0368 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:07.0750 0368 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:08.0187 0368 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine

00:05:08.0937 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\@ - copied to quarantine

00:05:08.0937 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\cfg.ini - copied to quarantine

00:05:08.0953 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\Desktop.ini - copied to quarantine

00:05:09.0000 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\L\memrclzg - copied to quarantine

00:05:09.0031 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\oemid - copied to quarantine

00:05:09.0046 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000001.@ - copied to quarantine

00:05:09.0187 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000002.@ - copied to quarantine

00:05:09.0203 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000004.@ - copied to quarantine

00:05:09.0265 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000000.@ - copied to quarantine

00:05:09.0312 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000004.@ - copied to quarantine

00:05:09.0359 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000032.@ - copied to quarantine

00:05:09.0375 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\version - copied to quarantine

00:05:10.0562 0368 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813

00:05:23.0140 0368 Backup copy found, using it..

00:05:23.0343 0368 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\3039687044 - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\cfg.ini - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\Desktop.ini - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\oemid - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000001.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000002.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\00000004.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000000.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000004.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\U\80000032.@ - will be deleted on reboot

00:05:41.0218 0368 C:\WINDOWS\$NtUninstallKB60759$\4099414287\version - will be deleted on reboot

00:05:41.0218 0368 Serial ( Virus.Win32.ZAccess.k ) - User select action: Cure

00:05:41.0218 0368 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:41.0218 0368 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:41.0218 0368 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

00:05:41.0218 0368 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:05:41.0218 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

00:05:41.0218 0368 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

00:05:56.0687 1400 Deinitialize success

Share this post


Link to post
Share on other sites

If there was no rebooot after running TDSKiller, please reboot it before moving on.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

ComboFix all done. Log is below. Desktop seems ok at the moment, no AVG threats showing yet.

ComboFix 12-03-22.01 - Owner 24/03/2012 1:11.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.592 [GMT 10:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Owner\Application Data\vso_ts_preview.xml

c:\documents and settings\Owner\g2mdlhlpx.exe

c:\documents and settings\Owner\WINDOWS

c:\program files\Internet Explorer\SET4C.tmp

c:\program files\Internet Explorer\SET50.tmp

c:\program files\Internet Explorer\SET51.tmp

c:\program files\Program Files

c:\program files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst

c:\program files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst

c:\program files\Program Files\Common Files\Adobe\Web\AdobeWeb.dll

c:\program files\Program Files\Common Files\Adobe\Workflow\Options.txt

c:\windows\iun6002.exe

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET67.tmp

c:\windows\system32\SET68.tmp

c:\windows\system32\SET69.tmp

c:\windows\system32\SET6A.tmp

c:\windows\system32\SET6B.tmp

c:\windows\system32\SET6C.tmp

c:\windows\system32\SET6D.tmp

c:\windows\system32\SET6E.tmp

c:\windows\system32\SET6F.tmp

c:\windows\system32\SET72.tmp

c:\windows\system32\SET73.tmp

c:\windows\system32\SET74.tmp

c:\windows\system32\SET75.tmp

c:\windows\system32\SET76.tmp

c:\windows\system32\SET77.tmp

c:\windows\system32\SET79.tmp

c:\windows\system32\SET7A.tmp

c:\windows\system32\SET7B.tmp

c:\windows\system32\SET7C.tmp

c:\windows\system32\SET7D.tmp

c:\windows\system32\SET7E.tmp

c:\windows\system32\SET7F.tmp

c:\windows\system32\SET81.tmp

c:\windows\system32\SET82.tmp

c:\windows\system32\SET83.tmp

c:\windows\system32\SET84.tmp

c:\windows\system32\SET85.tmp

c:\windows\system32\SET86.tmp

c:\windows\system32\SET87.tmp

c:\windows\system32\SET88.tmp

c:\windows\system32\SET89.tmp

c:\windows\system32\SET8A.tmp

c:\windows\system32\SET8B.tmp

c:\windows\system32\SET8C.tmp

c:\windows\system32\SET8E.tmp

c:\windows\system32\SET8F.tmp

c:\windows\system32\SET90.tmp

c:\windows\system32\SET91.tmp

c:\windows\system32\SET92.tmp

c:\windows\system32\SET93.tmp

c:\windows\system32\SET94.tmp

c:\windows\system32\SET96.tmp

c:\windows\system32\SET97.tmp

c:\windows\system32\SET98.tmp

c:\windows\system32\SET99.tmp

c:\windows\system32\SET9A.tmp

c:\windows\system32\SET9B.tmp

c:\windows\system32\SET9C.tmp

c:\windows\system32\SET9D.tmp

c:\windows\system32\SET9E.tmp

c:\windows\system32\SET9F.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SERVICE

-------\Service_service

.

.

((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))

.

.

2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research

2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll

2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll

2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll

2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll

2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe

2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

2011-05-09 09:49 176936 ----a-w- c:\program files\CashKeywords\prxtbCas1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9EB64FA9-57C4-4A41-9940-E12E0418B693}"= "c:\program files\CashKeywords\prxtbCas1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]

"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]

2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]

R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

bridge

ibmsmbus

mferkdk

si3114r

p2pimsvc

cics.region1

nfmservice

b57w2k

gmer

vzcdbsvc

Bcim

GBFSHook

ssfs0509

lyncusbserv

CTEDSPFX.DLL

tifm21

winvnc

pae_1394

s616unic

SE26mdfl

vsbus

ATNT40K

NTACCESS

MREMP50a64

ntsvcmgr

sskbfd

aeaudio

sglogplayer

cdfsvc

smserial

SGHIDI

mwstick

TuneUp.Defrag

traprcvr

snpstd

NVNET

navapel

iviVD

avgfwsrv

oracleorahomedatagatherer

rdpdr

purgeieservice

pav_service

backupexecnamingservice

pdiddcci

aslm75

DM9102

NAL

ngdbserv

{a7447300-8075-4b0d-83f1-3d75c8ebc623}

tfsndrct

s116nd5

mcdetect.exe

Packet

videoacceleratorengine

BrSerIf

Wdf01000

bdselfpr

emu10k

backupexecjobengine

s125mgmt

mpservice

mcupdmgr.exe

filemon701

SaiNtBus

ramaint

sagefserver

oraclexeclragent

iAimTV5

savrtpel

win32sl

PciBus

klif

mbr

uhcd

AppnApi

downloadmanagerlite

cxpt_service

VNUSB

lexbces

SNP2UVC

USA49W2KP

bvrp_pci

NICSer_WPC300N

mfeavfk

oracleorahomepagingserver

vsmon

dlbx_device

lirsgt

rimsptsk

rp_fws

nmwcdcm

lvckap

bocdrive

TPPWRIF

isdrv122

sdbus

RIOXDRV

ctxhttp

HidBth

wap3gx

ggsemc

TPECioCtl

uploadmgr

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

.

2012-03-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: iinet.net.au\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

SafeBoot-58671161.sys

AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe

AddRemove-WYSIWYG_Web_Builder_5 - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-24 01:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff

"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1536)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\CAP3RSK.EXE

c:\windows\system32\CNAB3RPK.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

.

**************************************************************************

.

Completion time: 2012-03-24 01:53:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-23 15:53

ComboFix2.txt 2011-04-06 07:44

.

Pre-Run: 50,409,730,048 bytes free

Post-Run: 51,518,496,768 bytes free

.

- - End Of File - - 4CBDB6EBDD893C530726F80478995E3D

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\program files\CashKeywords\prxtbCas1.dll

Folder::
c:\program files\CashKeywords


ClearJavaCache::


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"=-
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9eb64fa9-57c4-4a41-9940-e12e0418b693}"=-
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9EB64FA9-57C4-4A41-9940-E12E0418B693}"=-
[-HKEY_CLASSES_ROOT\clsid\{9eb64fa9-57c4-4a41-9940-e12e0418b693}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

ComboFix done, see log below. It did report both times it ran (now and last night) that infection was called rootkit.zeroaccess! which was inserted in tcp/ip stack. Desktop seems to be running ok at the moment, little bit sluggish but far better than it was for past 4 days.

Thanks for help to date.

.............................

ComboFix 12-03-22.01 - Owner 24/03/2012 8:00.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.601 [GMT 10:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\program files\CashKeywords\prxtbCas1.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\CashKeywords

c:\program files\CashKeywords\CashKeywordsToolbarHelper.exe

c:\program files\CashKeywords\CashKeywordsToolbarHelper1.exe

c:\program files\CashKeywords\INSTALL.LOG

c:\program files\CashKeywords\ldrtbCas0.dll

c:\program files\CashKeywords\prxtbCas0.dll

c:\program files\CashKeywords\prxtbCas1.dll

c:\program files\CashKeywords\tbCas1.dll

c:\program files\CashKeywords\tbCash.dll

c:\program files\CashKeywords\toolbar.cfg

c:\program files\CashKeywords\uninstall.exe

c:\program files\CashKeywords\UNWISE.EXE

.

.

((((((((((((((((((((((((( Files Created from 2012-02-23 to 2012-03-23 )))))))))))))))))))))))))))))))

.

.

2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research

2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll

2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll

2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll

2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll

2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe

2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-23_15.44.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-23 22:29 . 2012-03-23 22:29 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]

"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]

2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]

R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

bridge

ibmsmbus

mferkdk

si3114r

p2pimsvc

cics.region1

nfmservice

b57w2k

gmer

vzcdbsvc

Bcim

GBFSHook

ssfs0509

lyncusbserv

CTEDSPFX.DLL

tifm21

winvnc

pae_1394

s616unic

SE26mdfl

vsbus

ATNT40K

NTACCESS

MREMP50a64

ntsvcmgr

sskbfd

aeaudio

sglogplayer

cdfsvc

smserial

SGHIDI

mwstick

TuneUp.Defrag

traprcvr

snpstd

NVNET

navapel

iviVD

avgfwsrv

oracleorahomedatagatherer

rdpdr

purgeieservice

pav_service

backupexecnamingservice

pdiddcci

aslm75

DM9102

NAL

ngdbserv

{a7447300-8075-4b0d-83f1-3d75c8ebc623}

tfsndrct

s116nd5

mcdetect.exe

Packet

videoacceleratorengine

BrSerIf

Wdf01000

bdselfpr

emu10k

backupexecjobengine

s125mgmt

mpservice

mcupdmgr.exe

filemon701

SaiNtBus

ramaint

sagefserver

oraclexeclragent

iAimTV5

savrtpel

win32sl

PciBus

klif

mbr

uhcd

AppnApi

downloadmanagerlite

cxpt_service

VNUSB

lexbces

SNP2UVC

USA49W2KP

bvrp_pci

NICSer_WPC300N

mfeavfk

oracleorahomepagingserver

vsmon

dlbx_device

lirsgt

rimsptsk

rp_fws

nmwcdcm

lvckap

bocdrive

TPPWRIF

isdrv122

sdbus

RIOXDRV

ctxhttp

HidBth

wap3gx

ggsemc

TPECioCtl

uploadmgr

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

.

2012-03-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: iinet.net.au\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-CashKeywords Toolbar - c:\program files\CashKeywords\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-24 08:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff

"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3976)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\CAP3RSK.EXE

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\CNAB3RPK.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

.

**************************************************************************

.

Completion time: 2012-03-24 08:39:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-23 22:39

ComboFix2.txt 2012-03-23 15:54

ComboFix3.txt 2011-04-06 07:44

.

Pre-Run: 51,512,516,608 bytes free

Post-Run: 51,486,220,288 bytes free

.

- - End Of File - - 6C51AA834303179122E60F3F969E79CD

Share this post


Link to post
Share on other sites

Run a new TDSSKiller scan as before.

Share this post


Link to post
Share on other sites

TDSSKiller ran again. Here is latest result.

..............................

09:11:45.0687 3156 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

09:11:46.0531 3156 ============================================================

09:11:46.0531 3156 Current date / time: 2012/03/24 09:11:46.0531

09:11:46.0531 3156 SystemInfo:

09:11:46.0531 3156

09:11:46.0531 3156 OS Version: 5.1.2600 ServicePack: 3.0

09:11:46.0531 3156 Product type: Workstation

09:11:46.0531 3156 ComputerName: USER

09:11:46.0531 3156 UserName: Owner

09:11:46.0531 3156 Windows directory: C:\WINDOWS

09:11:46.0531 3156 System windows directory: C:\WINDOWS

09:11:46.0531 3156 Processor architecture: Intel x86

09:11:46.0531 3156 Number of processors: 2

09:11:46.0531 3156 Page size: 0x1000

09:11:46.0531 3156 Boot type: Normal boot

09:11:46.0531 3156 ============================================================

09:11:56.0390 3156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:11:56.0406 3156 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:11:56.0406 3156 \Device\Harddisk0\DR0:

09:11:56.0406 3156 MBR used

09:11:56.0406 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

09:11:56.0406 3156 \Device\Harddisk1\DR1:

09:11:56.0406 3156 MBR used

09:11:56.0406 3156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

09:11:56.0500 3156 Initialize success

09:11:56.0500 3156 ============================================================

09:12:10.0062 2192 ============================================================

09:12:10.0062 2192 Scan started

09:12:10.0062 2192 Mode: Manual; SigCheck; TDLFS;

09:12:10.0062 2192 ============================================================

09:12:10.0671 2192 Abiosdsk - ok

09:12:10.0875 2192 abp480n5 - ok

09:12:11.0156 2192 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:12:16.0015 2192 ACPI - ok

09:12:16.0453 2192 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:12:16.0593 2192 ACPIEC - ok

09:12:16.0828 2192 ADIHdAudAddService - ok

09:12:17.0031 2192 adpu160m - ok

09:12:17.0203 2192 aeaudio - ok

09:12:17.0453 2192 AEAudioService - ok

09:12:17.0734 2192 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:12:17.0890 2192 aec - ok

09:12:18.0234 2192 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:12:18.0421 2192 AFD - ok

09:12:18.0625 2192 Aha154x - ok

09:12:18.0812 2192 aic78u2 - ok

09:12:19.0000 2192 aic78xx - ok

09:12:19.0328 2192 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:12:19.0421 2192 Alerter - ok

09:12:19.0687 2192 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:12:19.0890 2192 ALG - ok

09:12:20.0140 2192 AliIde - ok

09:12:20.0515 2192 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:12:20.0593 2192 AmdK8 - ok

09:12:20.0875 2192 amsint - ok

09:12:21.0093 2192 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:12:21.0109 2192 Apple Mobile Device - ok

09:12:21.0296 2192 AppMgmt - ok

09:12:21.0515 2192 AppnApi - ok

09:12:21.0781 2192 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:12:21.0890 2192 Arp1394 - ok

09:12:22.0093 2192 asc - ok

09:12:22.0328 2192 asc3350p - ok

09:12:22.0578 2192 asc3550 - ok

09:12:22.0859 2192 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

09:12:23.0703 2192 AsIO - ok

09:12:24.0031 2192 aslm75 - ok

09:12:24.0406 2192 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

09:12:24.0515 2192 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

09:12:24.0515 2192 Aspi32 - detected UnsignedFile.Multi.Generic (1)

09:12:24.0828 2192 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:12:24.0906 2192 aspnet_state - ok

09:12:25.0359 2192 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:12:25.0562 2192 AsyncMac - ok

09:12:25.0921 2192 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:12:26.0078 2192 atapi - ok

09:12:26.0343 2192 Atdisk - ok

09:12:26.0609 2192 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:12:26.0734 2192 Atmarpc - ok

09:12:26.0953 2192 ATNT40K - ok

09:12:27.0234 2192 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:12:27.0359 2192 AudioSrv - ok

09:12:27.0640 2192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:12:27.0750 2192 audstub - ok

09:12:27.0953 2192 avgfwsrv - ok

09:12:29.0578 2192 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

09:12:33.0312 2192 AVGIDSAgent - ok

09:12:33.0781 2192 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:12:33.0859 2192 AVGIDSDriver - ok

09:12:34.0203 2192 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:12:34.0234 2192 AVGIDSEH - ok

09:12:34.0531 2192 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:12:34.0562 2192 AVGIDSFilter - ok

09:12:34.0906 2192 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:12:34.0921 2192 AVGIDSShim - ok

09:12:35.0187 2192 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:12:35.0328 2192 Avgldx86 - ok

09:12:35.0640 2192 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:12:35.0671 2192 Avgmfx86 - ok

09:12:35.0984 2192 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:12:36.0015 2192 Avgrkx86 - ok

09:12:36.0437 2192 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:12:36.0562 2192 Avgtdix - ok

09:12:36.0812 2192 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

09:12:36.0953 2192 avgwd - ok

09:12:37.0265 2192 b57w2k - ok

09:12:37.0437 2192 backupexecjobengine - ok

09:12:37.0671 2192 backupexecnamingservice - ok

09:12:37.0906 2192 Bcim - ok

09:12:38.0156 2192 bdselfpr - ok

09:12:38.0484 2192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:12:38.0671 2192 Beep - ok

09:12:39.0062 2192 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:12:39.0390 2192 BITS - ok

09:12:39.0578 2192 bocdrive - ok

09:12:39.0812 2192 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe

09:12:40.0000 2192 Bonjour Service - ok

09:12:40.0234 2192 bridge - ok

09:12:40.0484 2192 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:12:40.0703 2192 Browser - ok

09:12:40.0953 2192 BrSerIf - ok

09:12:41.0187 2192 bvrp_pci - ok

09:12:41.0203 2192 catchme - ok

09:12:41.0578 2192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:12:41.0781 2192 cbidf2k - ok

09:12:42.0046 2192 cd20xrnt - ok

09:12:42.0390 2192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:12:42.0562 2192 Cdaudio - ok

09:12:42.0890 2192 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:12:43.0093 2192 Cdfs - ok

09:12:43.0359 2192 cdfsvc - ok

09:12:43.0703 2192 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:12:43.0843 2192 Cdrom - ok

09:12:44.0015 2192 Changer - ok

09:12:44.0265 2192 cics.region1 - ok

09:12:44.0515 2192 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:12:44.0625 2192 CiSvc - ok

09:12:44.0843 2192 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:12:44.0968 2192 ClipSrv - ok

09:12:45.0171 2192 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:12:45.0265 2192 clr_optimization_v2.0.50727_32 - ok

09:12:45.0515 2192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:12:45.0640 2192 clr_optimization_v4.0.30319_32 - ok

09:12:45.0921 2192 CmdIde - ok

09:12:46.0093 2192 COMSysApp - ok

09:12:46.0343 2192 Cpqarray - ok

09:12:46.0562 2192 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:12:46.0750 2192 CryptSvc - ok

09:12:46.0937 2192 CTEDSPFX.DLL - ok

09:12:47.0109 2192 ctxhttp - ok

09:12:47.0390 2192 cxpt_service - ok

09:12:47.0671 2192 dac2w2k - ok

09:12:47.0937 2192 dac960nt - ok

09:12:48.0375 2192 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:12:48.0640 2192 DcomLaunch - ok

09:12:48.0953 2192 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:12:49.0171 2192 Dhcp - ok

09:12:49.0453 2192 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:12:49.0546 2192 Disk - ok

09:12:49.0734 2192 dlbx_device - ok

09:12:49.0953 2192 DM9102 - ok

09:12:50.0187 2192 dmadmin - ok

09:12:50.0796 2192 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:12:51.0437 2192 dmboot - ok

09:12:51.0718 2192 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:12:51.0906 2192 dmio - ok

09:12:52.0125 2192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:12:52.0281 2192 dmload - ok

09:12:52.0546 2192 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:12:52.0640 2192 dmserver - ok

09:12:52.0921 2192 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:12:53.0031 2192 DMusic - ok

09:12:53.0265 2192 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:12:53.0468 2192 Dnscache - ok

09:12:53.0750 2192 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:12:53.0875 2192 Dot3svc - ok

09:12:54.0062 2192 downloadmanagerlite - ok

09:12:54.0281 2192 dpti2o - ok

09:12:54.0562 2192 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:12:54.0656 2192 drmkaud - ok

09:12:54.0906 2192 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:12:55.0000 2192 EapHost - ok

09:12:55.0187 2192 emu10k - ok

09:12:55.0406 2192 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:12:55.0531 2192 ERSvc - ok

09:12:55.0781 2192 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:12:55.0859 2192 Eventlog - ok

09:12:56.0156 2192 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:12:56.0250 2192 EventSystem - ok

09:12:56.0609 2192 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:12:56.0750 2192 Fastfat - ok

09:12:57.0031 2192 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:12:57.0156 2192 FastUserSwitchingCompatibility - ok

09:12:57.0500 2192 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:12:57.0703 2192 Fdc - ok

09:12:57.0937 2192 filemon701 - ok

09:12:58.0171 2192 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:12:58.0281 2192 Fips - ok

09:12:58.0531 2192 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:12:58.0687 2192 Flpydisk - ok

09:12:58.0937 2192 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:12:59.0171 2192 FltMgr - ok

09:12:59.0515 2192 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:12:59.0562 2192 FontCache3.0.0.0 - ok

09:12:59.0921 2192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:13:00.0125 2192 Fs_Rec - ok

09:13:00.0484 2192 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:13:00.0703 2192 Ftdisk - ok

09:13:00.0953 2192 GBFSHook - ok

09:13:01.0296 2192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:13:01.0390 2192 GEARAspiWDM - ok

09:13:01.0656 2192 ggsemc - ok

09:13:01.0953 2192 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:13:02.0140 2192 Gpc - ok

09:13:02.0546 2192 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:13:02.0703 2192 gupdate - ok

09:13:02.0765 2192 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:13:02.0796 2192 gupdatem - ok

09:13:02.0968 2192 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:13:03.0062 2192 gusvc - ok

09:13:03.0546 2192 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

09:13:03.0703 2192 HdAudAddService - ok

09:13:04.0078 2192 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:13:04.0312 2192 HDAudBus - ok

09:13:04.0453 2192 helpsvc - ok

09:13:04.0734 2192 HidBth - ok

09:13:05.0046 2192 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:13:05.0203 2192 HidServ - ok

09:13:05.0578 2192 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:13:05.0781 2192 HidUsb - ok

09:13:06.0078 2192 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:13:06.0265 2192 hkmsvc - ok

09:13:06.0578 2192 hpn - ok

09:13:07.0015 2192 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:13:07.0281 2192 HTTP - ok

09:13:07.0546 2192 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:13:07.0671 2192 HTTPFilter - ok

09:13:07.0890 2192 i2omgmt - ok

09:13:08.0140 2192 i2omp - ok

09:13:08.0406 2192 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:13:08.0500 2192 i8042prt - ok

09:13:08.0750 2192 iAimTV5 - ok

09:13:11.0000 2192 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:13:15.0156 2192 ialm - ok

09:13:15.0453 2192 ibmsmbus - ok

09:13:15.0781 2192 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:13:15.0828 2192 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:13:15.0828 2192 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:13:16.0265 2192 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:13:16.0781 2192 idsvc - ok

09:13:17.0093 2192 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:13:17.0203 2192 Imapi - ok

09:13:17.0453 2192 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:13:17.0562 2192 ImapiService - ok

09:13:17.0765 2192 ini910u - ok

09:13:17.0937 2192 IntelIde - ok

09:13:18.0187 2192 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:13:18.0296 2192 intelppm - ok

09:13:18.0500 2192 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:13:18.0609 2192 Ip6Fw - ok

09:13:18.0843 2192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:13:18.0953 2192 IpFilterDriver - ok

09:13:19.0171 2192 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:13:19.0265 2192 IpInIp - ok

09:13:19.0562 2192 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:13:19.0734 2192 IpNat - ok

09:13:20.0109 2192 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe

09:13:20.0593 2192 iPod Service - ok

09:13:20.0937 2192 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:13:21.0062 2192 IPSec - ok

09:13:21.0296 2192 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:13:21.0390 2192 IRENUM - ok

09:13:21.0640 2192 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:13:21.0750 2192 isapnp - ok

09:13:21.0937 2192 iviVD - ok

09:13:22.0218 2192 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

09:13:22.0265 2192 JavaQuickStarterService - ok

09:13:22.0500 2192 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:13:22.0609 2192 Kbdclass - ok

09:13:22.0812 2192 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:13:22.0906 2192 kbdhid - ok

09:13:23.0078 2192 klif - ok

09:13:23.0359 2192 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:13:23.0546 2192 kmixer - ok

09:13:23.0781 2192 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:13:23.0906 2192 KSecDD - ok

09:13:24.0140 2192 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

09:13:24.0234 2192 L1e - ok

09:13:24.0500 2192 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:13:24.0671 2192 lanmanserver - ok

09:13:24.0968 2192 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:13:25.0062 2192 lanmanworkstation - ok

09:13:25.0265 2192 Lbd - ok

09:13:25.0453 2192 lbrtfdc - ok

09:13:25.0625 2192 lexbces - ok

09:13:25.0796 2192 lirsgt - ok

09:13:26.0000 2192 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:13:26.0109 2192 LmHosts - ok

09:13:26.0265 2192 lvckap - ok

09:13:26.0437 2192 lyncusbserv - ok

09:13:26.0671 2192 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

09:13:26.0703 2192 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

09:13:26.0703 2192 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

09:13:26.0875 2192 mcdetect.exe - ok

09:13:27.0031 2192 mcupdmgr.exe - ok

09:13:27.0234 2192 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:13:27.0328 2192 Messenger - ok

09:13:27.0484 2192 mfeavfk - ok

09:13:27.0671 2192 mferkdk - ok

09:13:27.0890 2192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:13:28.0000 2192 mnmdd - ok

09:13:28.0218 2192 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:13:28.0312 2192 mnmsrvc - ok

09:13:28.0546 2192 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:13:28.0640 2192 Modem - ok

09:13:29.0234 2192 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

09:13:30.0171 2192 monfilt - ok

09:13:30.0406 2192 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:13:30.0515 2192 Mouclass - ok

09:13:30.0765 2192 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:13:30.0875 2192 mouhid - ok

09:13:31.0093 2192 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:13:31.0203 2192 MountMgr - ok

09:13:31.0375 2192 mpservice - ok

09:13:31.0562 2192 mraid35x - ok

09:13:31.0750 2192 MREMP50a64 - ok

09:13:31.0984 2192 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:13:32.0140 2192 MRxDAV - ok

09:13:32.0500 2192 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:13:32.0781 2192 MRxSmb - ok

09:13:33.0015 2192 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:13:33.0093 2192 MSDTC - ok

09:13:33.0343 2192 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:13:33.0453 2192 Msfs - ok

09:13:33.0625 2192 MSIServer - ok

09:13:33.0843 2192 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:13:33.0937 2192 MSKSSRV - ok

09:13:34.0140 2192 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:13:34.0234 2192 MSPCLOCK - ok

09:13:34.0500 2192 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:13:34.0609 2192 MSPQM - ok

09:13:34.0859 2192 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:13:34.0937 2192 mssmbios - ok

09:13:35.0156 2192 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

09:13:35.0203 2192 MTsensor - ok

09:13:35.0468 2192 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:13:35.0593 2192 Mup - ok

09:13:35.0781 2192 mwstick - ok

09:13:35.0953 2192 NAL - ok

09:13:36.0250 2192 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:13:36.0437 2192 napagent - ok

09:13:36.0609 2192 navapel - ok

09:13:36.0984 2192 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

09:13:37.0390 2192 NBService - ok

09:13:37.0703 2192 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:13:37.0875 2192 NDIS - ok

09:13:38.0109 2192 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:13:38.0234 2192 NdisTapi - ok

09:13:38.0484 2192 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:13:38.0593 2192 Ndisuio - ok

09:13:38.0812 2192 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:13:38.0937 2192 NdisWan - ok

09:13:39.0187 2192 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:13:39.0296 2192 NDProxy - ok

09:13:39.0515 2192 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:13:39.0687 2192 NetBIOS - ok

09:13:39.0984 2192 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:13:40.0125 2192 NetBT - ok

09:13:40.0390 2192 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:13:40.0484 2192 NetDDE - ok

09:13:40.0531 2192 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:13:40.0609 2192 NetDDEdsdm - ok

09:13:40.0796 2192 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:13:40.0906 2192 Netlogon - ok

09:13:41.0140 2192 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:13:41.0234 2192 Netman - ok

09:13:41.0484 2192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:13:41.0531 2192 NetTcpPortSharing - ok

09:13:41.0687 2192 nfmservice - ok

09:13:41.0859 2192 ngdbserv - ok

09:13:42.0125 2192 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:13:42.0234 2192 NIC1394 - ok

09:13:42.0421 2192 NICSer_WPC300N - ok

09:13:42.0687 2192 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:13:42.0718 2192 Nla - ok

09:13:43.0000 2192 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

09:13:43.0093 2192 NMIndexingService - ok

09:13:43.0265 2192 nmwcdcm - ok

09:13:43.0593 2192 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:13:43.0703 2192 Npfs - ok

09:13:43.0875 2192 NTACCESS - ok

09:13:44.0250 2192 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:13:44.0593 2192 Ntfs - ok

09:13:44.0843 2192 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:13:44.0984 2192 NtLmSsp - ok

09:13:45.0421 2192 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:13:45.0625 2192 NtmsSvc - ok

09:13:45.0828 2192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:13:45.0937 2192 Null - ok

09:13:47.0171 2192 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:13:49.0921 2192 nv - ok

09:13:50.0265 2192 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:13:50.0343 2192 NVENETFD - ok

09:13:50.0500 2192 NVNET - ok

09:13:50.0734 2192 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:13:50.0781 2192 nvnetbus - ok

09:13:51.0015 2192 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe

09:13:51.0031 2192 NVSvc - ok

09:13:51.0265 2192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:13:51.0390 2192 NwlnkFlt - ok

09:13:51.0609 2192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:13:51.0718 2192 NwlnkFwd - ok

09:13:51.0968 2192 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:13:52.0078 2192 ohci1394 - ok

09:13:52.0250 2192 oracleorahomedatagatherer - ok

09:13:52.0421 2192 oracleorahomepagingserver - ok

09:13:52.0578 2192 oraclexeclragent - ok

09:13:52.0750 2192 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:13:52.0781 2192 ose - ok

09:13:53.0000 2192 p2pimsvc - ok

09:13:53.0171 2192 Packet - ok

09:13:53.0343 2192 pae_1394 - ok

09:13:53.0640 2192 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:13:53.0750 2192 Parport - ok

09:13:53.0953 2192 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:13:54.0062 2192 PartMgr - ok

09:13:54.0265 2192 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:13:54.0375 2192 ParVdm - ok

09:13:54.0546 2192 pav_service - ok

09:13:54.0765 2192 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:13:54.0890 2192 PCI - ok

09:13:55.0062 2192 PciBus - ok

09:13:55.0250 2192 PCIDump - ok

09:13:55.0453 2192 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:13:55.0546 2192 PCIIde - ok

09:13:55.0890 2192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:13:56.0062 2192 Pcmcia - ok

09:13:56.0312 2192 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

09:13:56.0359 2192 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

09:13:56.0359 2192 Pcouffin - detected UnsignedFile.Multi.Generic (1)

09:13:56.0593 2192 PDCOMP - ok

09:13:56.0781 2192 PDFRAME - ok

09:13:56.0968 2192 pdiddcci - ok

09:13:57.0171 2192 PDRELI - ok

09:13:57.0359 2192 PDRFRAME - ok

09:13:57.0562 2192 perc2 - ok

09:13:57.0750 2192 perc2hib - ok

09:13:58.0015 2192 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:13:58.0046 2192 PlugPlay - ok

09:13:58.0250 2192 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:13:58.0343 2192 PolicyAgent - ok

09:13:58.0562 2192 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:13:58.0703 2192 PptpMiniport - ok

09:13:58.0937 2192 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:13:59.0046 2192 Processor - ok

09:13:59.0218 2192 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:13:59.0296 2192 ProtectedStorage - ok

09:13:59.0500 2192 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:13:59.0625 2192 PSched - ok

09:13:59.0812 2192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:13:59.0921 2192 Ptilink - ok

09:14:00.0078 2192 purgeieservice - ok

09:14:00.0343 2192 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:14:00.0421 2192 PxHelp20 - ok

09:14:00.0656 2192 ql1080 - ok

09:14:00.0828 2192 Ql10wnt - ok

09:14:01.0015 2192 ql12160 - ok

09:14:01.0203 2192 ql1240 - ok

09:14:01.0406 2192 ql1280 - ok

09:14:01.0578 2192 ramaint - ok

09:14:01.0796 2192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:14:01.0890 2192 RasAcd - ok

09:14:02.0125 2192 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:14:02.0234 2192 RasAuto - ok

09:14:02.0484 2192 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:14:02.0609 2192 Rasl2tp - ok

09:14:02.0828 2192 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:14:02.0968 2192 RasMan - ok

09:14:03.0187 2192 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:14:03.0296 2192 RasPppoe - ok

09:14:03.0484 2192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:14:03.0593 2192 Raspti - ok

09:14:03.0843 2192 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:14:04.0000 2192 Rdbss - ok

09:14:04.0250 2192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:14:04.0359 2192 RDPCDD - ok

09:14:04.0531 2192 rdpdr - ok

09:14:04.0781 2192 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:14:04.0859 2192 RDPWD - ok

09:14:05.0109 2192 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:14:05.0265 2192 RDSessMgr - ok

09:14:05.0500 2192 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:14:05.0640 2192 redbook - ok

09:14:05.0859 2192 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:14:05.0937 2192 RemoteAccess - ok

09:14:06.0109 2192 rimsptsk - ok

09:14:06.0281 2192 RIOXDRV - ok

09:14:06.0500 2192 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:14:06.0578 2192 RpcLocator - ok

09:14:06.0921 2192 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:14:07.0000 2192 RpcSs - ok

09:14:07.0171 2192 rp_fws - ok

09:14:07.0390 2192 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:14:07.0562 2192 RSVP - ok

09:14:07.0734 2192 s116nd5 - ok

09:14:07.0906 2192 s125mgmt - ok

09:14:08.0109 2192 s616unic - ok

09:14:08.0281 2192 sagefserver - ok

09:14:08.0453 2192 SaiNtBus - ok

09:14:08.0656 2192 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:14:08.0734 2192 SamSs - ok

09:14:08.0750 2192 SANDRA - ok

09:14:08.0906 2192 savrtpel - ok

09:14:09.0156 2192 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:14:09.0265 2192 SCardSvr - ok

09:14:09.0546 2192 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:14:09.0718 2192 Schedule - ok

09:14:09.0906 2192 sdbus - ok

09:14:10.0078 2192 SE26mdfl - ok

09:14:10.0390 2192 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:14:10.0593 2192 Secdrv - ok

09:14:10.0796 2192 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:14:10.0937 2192 seclogon - ok

09:14:11.0156 2192 SenFiltService - ok

09:14:11.0375 2192 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:14:11.0531 2192 SENS - ok

09:14:11.0812 2192 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:14:11.0921 2192 serenum - ok

09:14:12.0171 2192 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:14:12.0500 2192 Serial - ok

09:14:12.0890 2192 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:14:13.0000 2192 Sfloppy - ok

09:14:13.0265 2192 SGHIDI - ok

09:14:13.0500 2192 sglogplayer - ok

09:14:13.0828 2192 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:14:14.0000 2192 SharedAccess - ok

09:14:14.0328 2192 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:14:14.0375 2192 ShellHWDetection - ok

09:14:14.0546 2192 si3114r - ok

09:14:14.0750 2192 Simbad - ok

09:14:14.0953 2192 smserial - ok

09:14:15.0187 2192 SNP2UVC - ok

09:14:15.0359 2192 snpstd - ok

09:14:15.0546 2192 Sparrow - ok

09:14:15.0875 2192 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:14:15.0968 2192 splitter - ok

09:14:16.0250 2192 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:14:16.0406 2192 Spooler - ok

09:14:16.0718 2192 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:14:16.0828 2192 sr - ok

09:14:17.0093 2192 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:14:17.0265 2192 srservice - ok

09:14:17.0562 2192 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:14:17.0812 2192 Srv - ok

09:14:18.0109 2192 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:14:18.0171 2192 sscdbus - ok

09:14:18.0484 2192 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:14:18.0500 2192 sscdmdfl - ok

09:14:18.0750 2192 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:14:18.0796 2192 sscdmdm - ok

09:14:19.0031 2192 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:14:19.0140 2192 SSDPSRV - ok

09:14:19.0312 2192 ssfs0509 - ok

09:14:19.0484 2192 sskbfd - ok

09:14:19.0734 2192 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

09:14:19.0750 2192 StarOpen ( UnsignedFile.Multi.Generic ) - warning

09:14:19.0750 2192 StarOpen - detected UnsignedFile.Multi.Generic (1)

09:14:20.0078 2192 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:14:20.0453 2192 stisvc - ok

09:14:20.0703 2192 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:14:20.0812 2192 swenum - ok

09:14:21.0125 2192 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:14:21.0234 2192 swmidi - ok

09:14:21.0531 2192 SwPrv - ok

09:14:21.0734 2192 symc810 - ok

09:14:21.0968 2192 symc8xx - ok

09:14:22.0171 2192 sym_hi - ok

09:14:22.0359 2192 sym_u3 - ok

09:14:22.0625 2192 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:14:22.0734 2192 sysaudio - ok

09:14:23.0031 2192 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:14:23.0140 2192 SysmonLog - ok

09:14:23.0500 2192 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:14:23.0656 2192 TapiSrv - ok

09:14:24.0171 2192 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:14:24.0453 2192 Tcpip - ok

09:14:24.0703 2192 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:14:24.0796 2192 TDPIPE - ok

09:14:25.0015 2192 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:14:25.0156 2192 TDTCP - ok

09:14:25.0390 2192 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:14:25.0531 2192 TermDD - ok

09:14:25.0812 2192 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:14:26.0046 2192 TermService - ok

09:14:26.0250 2192 tfsndrct - ok

09:14:26.0546 2192 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:14:26.0546 2192 Themes - ok

09:14:26.0765 2192 tifm21 - ok

09:14:26.0968 2192 TosIde - ok

09:14:27.0171 2192 TPECioCtl - ok

09:14:27.0421 2192 TPPWRIF - ok

09:14:27.0609 2192 traprcvr - ok

09:14:27.0890 2192 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:14:28.0015 2192 TrkWks - ok

09:14:28.0218 2192 TuneUp.Defrag - ok

09:14:28.0546 2192 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:14:28.0671 2192 Udfs - ok

09:14:28.0875 2192 uhcd - ok

09:14:29.0046 2192 ultra - ok

09:14:29.0421 2192 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:14:29.0718 2192 Update - ok

09:14:29.0875 2192 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:14:29.0984 2192 uploadmgr - ok

09:14:30.0296 2192 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:14:30.0562 2192 upnphost - ok

09:14:30.0765 2192 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:14:30.0921 2192 UPS - ok

09:14:31.0109 2192 USA49W2KP - ok

09:14:31.0390 2192 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:14:31.0453 2192 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

09:14:31.0453 2192 USBAAPL - detected UnsignedFile.Multi.Generic (1)

09:14:31.0765 2192 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:14:31.0875 2192 usbccgp - ok

09:14:32.0140 2192 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:14:32.0234 2192 usbehci - ok

09:14:32.0578 2192 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:14:32.0734 2192 usbhub - ok

09:14:32.0984 2192 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:14:33.0078 2192 usbohci - ok

09:14:33.0281 2192 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:14:33.0375 2192 usbprint - ok

09:14:33.0734 2192 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:14:33.0859 2192 usbscan - ok

09:14:34.0109 2192 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:14:34.0218 2192 USBSTOR - ok

09:14:34.0484 2192 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:14:34.0609 2192 usbuhci - ok

09:14:34.0812 2192 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:14:34.0937 2192 VgaSave - ok

09:14:35.0234 2192 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys

09:14:35.0328 2192 VIAHdAudAddService - ok

09:14:35.0515 2192 ViaIde - ok

09:14:35.0718 2192 videoacceleratorengine - ok

09:14:35.0906 2192 VNUSB - ok

09:14:36.0171 2192 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:14:36.0296 2192 VolSnap - ok

09:14:36.0468 2192 vsbus - ok

09:14:36.0640 2192 vsmon - ok

09:14:36.0906 2192 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:14:37.0078 2192 VSS - ok

09:14:37.0265 2192 vzcdbsvc - ok

09:14:37.0531 2192 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:14:37.0687 2192 W32Time - ok

09:14:37.0937 2192 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:14:38.0078 2192 Wanarp - ok

09:14:38.0234 2192 wap3gx - ok

09:14:38.0421 2192 Wdf01000 - ok

09:14:38.0656 2192 WDICA - ok

09:14:38.0890 2192 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:14:39.0015 2192 wdmaud - ok

09:14:39.0250 2192 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:14:39.0515 2192 WebClient - ok

09:14:39.0750 2192 win32sl - ok

09:14:40.0062 2192 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:14:40.0234 2192 winmgmt - ok

09:14:40.0484 2192 winvnc - ok

09:14:40.0765 2192 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:14:40.0812 2192 WmdmPmSN - ok

09:14:41.0062 2192 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:14:41.0187 2192 WmiApSrv - ok

09:14:41.0703 2192 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:14:42.0359 2192 WMPNetworkSvc - ok

09:14:42.0796 2192 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:14:42.0859 2192 WpdUsb - ok

09:14:43.0406 2192 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:14:43.0906 2192 WPFFontCache_v0400 - ok

09:14:44.0234 2192 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:14:44.0359 2192 WS2IFSL - ok

09:14:44.0640 2192 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:14:44.0781 2192 wscsvc - ok

09:14:44.0984 2192 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:14:45.0156 2192 wuauserv - ok

09:14:45.0500 2192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:14:45.0546 2192 WudfPf - ok

09:14:45.0843 2192 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:14:45.0890 2192 WudfRd - ok

09:14:46.0156 2192 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:14:46.0218 2192 WudfSvc - ok

09:14:46.0687 2192 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:14:47.0093 2192 WZCSVC - ok

09:14:47.0390 2192 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:14:47.0593 2192 xmlprov - ok

09:14:47.0781 2192 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok

09:14:47.0812 2192 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:14:48.0156 2192 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:14:48.0156 2192 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:14:48.0171 2192 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

09:14:48.0437 2192 \Device\Harddisk1\DR1 - ok

09:14:48.0437 2192 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0

09:14:48.0437 2192 \Device\Harddisk0\DR0\Partition0 - ok

09:14:48.0453 2192 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0

09:14:48.0453 2192 \Device\Harddisk1\DR1\Partition0 - ok

09:14:48.0453 2192 ============================================================

09:14:48.0453 2192 Scan finished

09:14:48.0453 2192 ============================================================

09:14:48.0593 2256 Detected object count: 7

09:14:48.0593 2256 Actual detected object count: 7

09:15:50.0625 2256 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0625 2256 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0625 2256 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0625 2256 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0640 2256 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0640 2256 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0640 2256 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0640 2256 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0640 2256 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0640 2256 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0640 2256 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

09:15:50.0640 2256 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:15:50.0640 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:15:50.0640 2256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:16:42.0984 1492 ============================================================

09:16:42.0984 1492 Scan started

09:16:42.0984 1492 Mode: Manual; SigCheck; TDLFS;

09:16:42.0984 1492 ============================================================

09:16:43.0562 1492 Abiosdsk - ok

09:16:43.0859 1492 abp480n5 - ok

09:16:44.0140 1492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:16:44.0937 1492 ACPI - ok

09:16:45.0265 1492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:16:45.0375 1492 ACPIEC - ok

09:16:45.0562 1492 ADIHdAudAddService - ok

09:16:45.0750 1492 adpu160m - ok

09:16:45.0968 1492 aeaudio - ok

09:16:46.0171 1492 AEAudioService - ok

09:16:46.0468 1492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:16:46.0593 1492 aec - ok

09:16:46.0890 1492 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:16:46.0921 1492 AFD - ok

09:16:47.0156 1492 Aha154x - ok

09:16:47.0375 1492 aic78u2 - ok

09:16:47.0546 1492 aic78xx - ok

09:16:47.0796 1492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:16:47.0906 1492 Alerter - ok

09:16:48.0109 1492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:16:48.0218 1492 ALG - ok

09:16:48.0421 1492 AliIde - ok

09:16:48.0687 1492 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:16:48.0718 1492 AmdK8 - ok

09:16:48.0937 1492 amsint - ok

09:16:49.0109 1492 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:16:49.0109 1492 Apple Mobile Device - ok

09:16:49.0281 1492 AppMgmt - ok

09:16:49.0468 1492 AppnApi - ok

09:16:49.0750 1492 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:16:49.0843 1492 Arp1394 - ok

09:16:50.0031 1492 asc - ok

09:16:50.0234 1492 asc3350p - ok

09:16:50.0406 1492 asc3550 - ok

09:16:50.0656 1492 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

09:16:50.0671 1492 AsIO - ok

09:16:50.0843 1492 aslm75 - ok

09:16:51.0062 1492 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

09:16:51.0078 1492 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

09:16:51.0078 1492 Aspi32 - detected UnsignedFile.Multi.Generic (1)

09:16:51.0375 1492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:16:51.0375 1492 aspnet_state - ok

09:16:51.0609 1492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:16:51.0703 1492 AsyncMac - ok

09:16:52.0015 1492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:16:52.0109 1492 atapi - ok

09:16:52.0312 1492 Atdisk - ok

09:16:52.0562 1492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:16:52.0687 1492 Atmarpc - ok

09:16:52.0937 1492 ATNT40K - ok

09:16:53.0234 1492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:16:53.0359 1492 AudioSrv - ok

09:16:53.0640 1492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:16:53.0875 1492 audstub - ok

09:16:54.0031 1492 avgfwsrv - ok

09:16:55.0609 1492 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

09:16:57.0000 1492 AVGIDSAgent - ok

09:16:57.0375 1492 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:16:57.0390 1492 AVGIDSDriver - ok

09:16:57.0828 1492 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:16:57.0843 1492 AVGIDSEH - ok

09:16:58.0125 1492 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:16:58.0140 1492 AVGIDSFilter - ok

09:16:58.0453 1492 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:16:58.0453 1492 AVGIDSShim - ok

09:16:58.0828 1492 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:16:58.0859 1492 Avgldx86 - ok

09:16:59.0125 1492 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:16:59.0125 1492 Avgmfx86 - ok

09:16:59.0375 1492 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:16:59.0390 1492 Avgrkx86 - ok

09:16:59.0687 1492 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:16:59.0703 1492 Avgtdix - ok

09:16:59.0968 1492 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

09:16:59.0968 1492 avgwd - ok

09:17:00.0187 1492 b57w2k - ok

09:17:00.0421 1492 backupexecjobengine - ok

09:17:00.0671 1492 backupexecnamingservice - ok

09:17:00.0906 1492 Bcim - ok

09:17:01.0125 1492 bdselfpr - ok

09:17:01.0468 1492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:17:01.0609 1492 Beep - ok

09:17:01.0984 1492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:17:02.0171 1492 BITS - ok

09:17:02.0390 1492 bocdrive - ok

09:17:02.0593 1492 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe

09:17:02.0687 1492 Bonjour Service - ok

09:17:02.0906 1492 bridge - ok

09:17:03.0203 1492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:17:03.0328 1492 Browser - ok

09:17:03.0531 1492 BrSerIf - ok

09:17:03.0781 1492 bvrp_pci - ok

09:17:03.0781 1492 catchme - ok

09:17:04.0093 1492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:17:04.0312 1492 cbidf2k - ok

09:17:04.0500 1492 cd20xrnt - ok

09:17:04.0765 1492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:17:04.0859 1492 Cdaudio - ok

09:17:05.0187 1492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:17:05.0328 1492 Cdfs - ok

09:17:05.0562 1492 cdfsvc - ok

09:17:05.0937 1492 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:17:06.0093 1492 Cdrom - ok

09:17:06.0359 1492 Changer - ok

09:17:06.0593 1492 cics.region1 - ok

09:17:06.0890 1492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:17:07.0062 1492 CiSvc - ok

09:17:07.0468 1492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:17:07.0640 1492 ClipSrv - ok

09:17:08.0062 1492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:17:08.0078 1492 clr_optimization_v2.0.50727_32 - ok

09:17:08.0312 1492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:17:08.0328 1492 clr_optimization_v4.0.30319_32 - ok

09:17:08.0625 1492 CmdIde - ok

09:17:08.0859 1492 COMSysApp - ok

09:17:09.0125 1492 Cpqarray - ok

09:17:09.0453 1492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:17:09.0609 1492 CryptSvc - ok

09:17:09.0843 1492 CTEDSPFX.DLL - ok

09:17:10.0078 1492 ctxhttp - ok

09:17:10.0343 1492 cxpt_service - ok

09:17:10.0609 1492 dac2w2k - ok

09:17:10.0859 1492 dac960nt - ok

09:17:11.0187 1492 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:17:11.0359 1492 DcomLaunch - ok

09:17:11.0656 1492 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:17:11.0750 1492 Dhcp - ok

09:17:11.0984 1492 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:17:12.0078 1492 Disk - ok

09:17:12.0265 1492 dlbx_device - ok

09:17:12.0437 1492 DM9102 - ok

09:17:12.0640 1492 dmadmin - ok

09:17:13.0234 1492 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:17:13.0562 1492 dmboot - ok

09:17:13.0843 1492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:17:13.0937 1492 dmio - ok

09:17:14.0171 1492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:17:14.0296 1492 dmload - ok

09:17:14.0531 1492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:17:14.0625 1492 dmserver - ok

09:17:14.0875 1492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:17:14.0984 1492 DMusic - ok

09:17:15.0218 1492 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:17:15.0250 1492 Dnscache - ok

09:17:15.0500 1492 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:17:15.0593 1492 Dot3svc - ok

09:17:15.0765 1492 downloadmanagerlite - ok

09:17:15.0968 1492 dpti2o - ok

09:17:16.0250 1492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:17:16.0359 1492 drmkaud - ok

09:17:16.0578 1492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:17:16.0671 1492 EapHost - ok

09:17:16.0843 1492 emu10k - ok

09:17:17.0062 1492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:17:17.0203 1492 ERSvc - ok

09:17:17.0500 1492 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:17:17.0546 1492 Eventlog - ok

09:17:17.0875 1492 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:17:17.0906 1492 EventSystem - ok

09:17:18.0281 1492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:17:18.0390 1492 Fastfat - ok

09:17:18.0671 1492 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:17:18.0687 1492 FastUserSwitchingCompatibility - ok

09:17:18.0937 1492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:17:19.0046 1492 Fdc - ok

09:17:19.0234 1492 filemon701 - ok

09:17:19.0546 1492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:17:19.0640 1492 Fips - ok

09:17:19.0921 1492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:17:20.0015 1492 Flpydisk - ok

09:17:20.0265 1492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:17:20.0390 1492 FltMgr - ok

09:17:20.0593 1492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:17:20.0609 1492 FontCache3.0.0.0 - ok

09:17:20.0921 1492 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:17:21.0031 1492 Fs_Rec - ok

09:17:21.0375 1492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:17:21.0468 1492 Ftdisk - ok

09:17:21.0640 1492 GBFSHook - ok

09:17:21.0906 1492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:17:21.0906 1492 GEARAspiWDM - ok

09:17:22.0109 1492 ggsemc - ok

09:17:22.0359 1492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:17:22.0484 1492 Gpc - ok

09:17:22.0765 1492 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:17:22.0781 1492 gupdate - ok

09:17:22.0828 1492 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:17:22.0828 1492 gupdatem - ok

09:17:22.0953 1492 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:17:22.0968 1492 gusvc - ok

09:17:23.0234 1492 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

09:17:23.0281 1492 HdAudAddService - ok

09:17:23.0656 1492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:17:23.0781 1492 HDAudBus - ok

09:17:23.0875 1492 helpsvc - ok

09:17:24.0062 1492 HidBth - ok

09:17:24.0328 1492 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:17:24.0421 1492 HidServ - ok

09:17:24.0718 1492 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:17:24.0828 1492 HidUsb - ok

09:17:25.0031 1492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:17:25.0156 1492 hkmsvc - ok

09:17:25.0343 1492 hpn - ok

09:17:25.0656 1492 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:17:25.0687 1492 HTTP - ok

09:17:25.0906 1492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:17:26.0015 1492 HTTPFilter - ok

09:17:26.0218 1492 i2omgmt - ok

09:17:26.0546 1492 i2omp - ok

09:17:26.0828 1492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:17:26.0921 1492 i8042prt - ok

09:17:27.0109 1492 iAimTV5 - ok

09:17:29.0437 1492 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:17:31.0296 1492 ialm - ok

09:17:31.0562 1492 ibmsmbus - ok

09:17:31.0843 1492 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:17:31.0875 1492 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:17:31.0875 1492 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:17:32.0437 1492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:17:32.0875 1492 idsvc - ok

09:17:33.0156 1492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:17:33.0296 1492 Imapi - ok

09:17:33.0640 1492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:17:33.0781 1492 ImapiService - ok

09:17:34.0062 1492 ini910u - ok

09:17:34.0281 1492 IntelIde - ok

09:17:34.0531 1492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:17:34.0609 1492 intelppm - ok

09:17:34.0906 1492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:17:35.0046 1492 Ip6Fw - ok

09:17:35.0296 1492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:17:35.0468 1492 IpFilterDriver - ok

09:17:35.0703 1492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:17:35.0859 1492 IpInIp - ok

09:17:36.0140 1492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:17:36.0312 1492 IpNat - ok

09:17:36.0734 1492 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe

09:17:36.0968 1492 iPod Service - ok

09:17:37.0312 1492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:17:37.0453 1492 IPSec - ok

09:17:37.0671 1492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:17:37.0765 1492 IRENUM - ok

09:17:38.0078 1492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:17:38.0187 1492 isapnp - ok

09:17:38.0375 1492 iviVD - ok

09:17:38.0703 1492 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

09:17:38.0718 1492 JavaQuickStarterService - ok

09:17:38.0968 1492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:17:39.0109 1492 Kbdclass - ok

09:17:39.0359 1492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:17:39.0437 1492 kbdhid - ok

09:17:39.0671 1492 klif - ok

09:17:40.0062 1492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:17:40.0171 1492 kmixer - ok

09:17:40.0484 1492 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:17:40.0531 1492 KSecDD - ok

09:17:40.0859 1492 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

09:17:40.0875 1492 L1e - ok

09:17:41.0156 1492 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:17:41.0187 1492 lanmanserver - ok

09:17:41.0453 1492 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:17:41.0484 1492 lanmanworkstation - ok

09:17:41.0718 1492 Lbd - ok

09:17:41.0937 1492 lbrtfdc - ok

09:17:42.0171 1492 lexbces - ok

09:17:42.0359 1492 lirsgt - ok

09:17:42.0703 1492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:17:42.0843 1492 LmHosts - ok

09:17:43.0015 1492 lvckap - ok

09:17:43.0250 1492 lyncusbserv - ok

09:17:43.0531 1492 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

09:17:43.0546 1492 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

09:17:43.0546 1492 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

09:17:43.0750 1492 mcdetect.exe - ok

09:17:43.0984 1492 mcupdmgr.exe - ok

09:17:44.0234 1492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:17:44.0312 1492 Messenger - ok

09:17:44.0562 1492 mfeavfk - ok

09:17:44.0812 1492 mferkdk - ok

09:17:45.0031 1492 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:17:45.0203 1492 mnmdd - ok

09:17:45.0421 1492 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:17:45.0593 1492 mnmsrvc - ok

09:17:45.0875 1492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:17:45.0968 1492 Modem - ok

09:17:46.0718 1492 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

09:17:47.0171 1492 monfilt - ok

09:17:47.0437 1492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:17:47.0562 1492 Mouclass - ok

09:17:47.0796 1492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:17:47.0921 1492 mouhid - ok

09:17:48.0156 1492 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:17:48.0250 1492 MountMgr - ok

09:17:48.0437 1492 mpservice - ok

09:17:48.0625 1492 mraid35x - ok

09:17:48.0812 1492 MREMP50a64 - ok

09:17:49.0062 1492 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:17:49.0171 1492 MRxDAV - ok

09:17:49.0515 1492 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:17:49.0703 1492 MRxSmb - ok

09:17:49.0921 1492 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:17:50.0015 1492 MSDTC - ok

09:17:50.0281 1492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:17:50.0406 1492 Msfs - ok

09:17:50.0593 1492 MSIServer - ok

09:17:50.0812 1492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:17:50.0890 1492 MSKSSRV - ok

09:17:51.0140 1492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:17:51.0234 1492 MSPCLOCK - ok

09:17:51.0500 1492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:17:51.0609 1492 MSPQM - ok

09:17:51.0828 1492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:17:51.0921 1492 mssmbios - ok

09:17:52.0171 1492 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

09:17:52.0187 1492 MTsensor - ok

09:17:52.0468 1492 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:17:52.0515 1492 Mup - ok

09:17:52.0812 1492 mwstick - ok

09:17:52.0968 1492 NAL - ok

09:17:53.0296 1492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:17:53.0406 1492 napagent - ok

09:17:53.0593 1492 navapel - ok

09:17:54.0031 1492 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

09:17:54.0187 1492 NBService - ok

09:17:54.0546 1492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:17:54.0671 1492 NDIS - ok

09:17:54.0906 1492 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:17:54.0937 1492 NdisTapi - ok

09:17:55.0171 1492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:17:55.0296 1492 Ndisuio - ok

09:17:55.0562 1492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:17:55.0687 1492 NdisWan - ok

09:17:55.0968 1492 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:17:56.0015 1492 NDProxy - ok

09:17:56.0218 1492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:17:56.0343 1492 NetBIOS - ok

09:17:56.0671 1492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:17:56.0796 1492 NetBT - ok

09:17:57.0046 1492 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:17:57.0125 1492 NetDDE - ok

09:17:57.0156 1492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:17:57.0265 1492 NetDDEdsdm - ok

09:17:57.0484 1492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:17:57.0656 1492 Netlogon - ok

09:17:58.0031 1492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:17:58.0187 1492 Netman - ok

09:17:58.0500 1492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:17:58.0515 1492 NetTcpPortSharing - ok

09:17:58.0718 1492 nfmservice - ok

09:17:58.0968 1492 ngdbserv - ok

09:17:59.0281 1492 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:17:59.0437 1492 NIC1394 - ok

09:17:59.0625 1492 NICSer_WPC300N - ok

09:17:59.0953 1492 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:17:59.0968 1492 Nla - ok

09:18:00.0921 1492 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

09:18:00.0937 1492 NMIndexingService - ok

09:18:01.0703 1492 nmwcdcm - ok

09:18:02.0078 1492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:18:02.0234 1492 Npfs - ok

09:18:02.0421 1492 NTACCESS - ok

09:18:02.0875 1492 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:18:03.0093 1492 Ntfs - ok

09:18:03.0406 1492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:18:03.0546 1492 NtLmSsp - ok

09:18:03.0937 1492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:18:04.0156 1492 NtmsSvc - ok

09:18:04.0421 1492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:18:04.0562 1492 Null - ok

09:18:06.0281 1492 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:18:08.0000 1492 nv - ok

09:18:08.0484 1492 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:18:08.0500 1492 NVENETFD - ok

09:18:08.0718 1492 NVNET - ok

09:18:09.0078 1492 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:18:09.0093 1492 nvnetbus - ok

09:18:09.0375 1492 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe

09:18:09.0406 1492 NVSvc - ok

09:18:09.0765 1492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:18:09.0875 1492 NwlnkFlt - ok

09:18:10.0187 1492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:18:10.0328 1492 NwlnkFwd - ok

09:18:10.0625 1492 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:18:10.0750 1492 ohci1394 - ok

09:18:11.0062 1492 oracleorahomedatagatherer - ok

09:18:11.0281 1492 oracleorahomepagingserver - ok

09:18:11.0500 1492 oraclexeclragent - ok

09:18:11.0734 1492 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:18:11.0734 1492 ose - ok

09:18:11.0984 1492 p2pimsvc - ok

09:18:12.0218 1492 Packet - ok

09:18:12.0406 1492 pae_1394 - ok

09:18:12.0828 1492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:18:12.0953 1492 Parport - ok

09:18:13.0296 1492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:18:13.0437 1492 PartMgr - ok

09:18:13.0765 1492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:18:13.0875 1492 ParVdm - ok

09:18:14.0046 1492 pav_service - ok

09:18:14.0390 1492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:18:14.0500 1492 PCI - ok

09:18:14.0703 1492 PciBus - ok

09:18:14.0937 1492 PCIDump - ok

09:18:15.0171 1492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:18:15.0265 1492 PCIIde - ok

09:18:15.0546 1492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:18:15.0656 1492 Pcmcia - ok

09:18:15.0921 1492 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

09:18:15.0921 1492 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

09:18:15.0921 1492 Pcouffin - detected UnsignedFile.Multi.Generic (1)

09:18:16.0109 1492 PDCOMP - ok

09:18:16.0390 1492 PDFRAME - ok

09:18:16.0640 1492 pdiddcci - ok

09:18:16.0843 1492 PDRELI - ok

09:18:17.0046 1492 PDRFRAME - ok

09:18:17.0218 1492 perc2 - ok

09:18:17.0500 1492 perc2hib - ok

09:18:17.0796 1492 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:18:17.0812 1492 PlugPlay - ok

09:18:18.0125 1492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:18:18.0250 1492 PolicyAgent - ok

09:18:18.0515 1492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:18:18.0609 1492 PptpMiniport - ok

09:18:18.0890 1492 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:18:19.0062 1492 Processor - ok

09:18:19.0343 1492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:18:19.0437 1492 ProtectedStorage - ok

09:18:19.0750 1492 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:18:19.0859 1492 PSched - ok

09:18:20.0062 1492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:18:20.0187 1492 Ptilink - ok

09:18:20.0343 1492 purgeieservice - ok

09:18:20.0609 1492 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:18:20.0609 1492 PxHelp20 - ok

09:18:20.0812 1492 ql1080 - ok

09:18:21.0062 1492 Ql10wnt - ok

09:18:21.0328 1492 ql12160 - ok

09:18:21.0609 1492 ql1240 - ok

09:18:21.0796 1492 ql1280 - ok

09:18:22.0093 1492 ramaint - ok

09:18:22.0343 1492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:18:22.0437 1492 RasAcd - ok

09:18:22.0656 1492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:18:22.0828 1492 RasAuto - ok

09:18:23.0125 1492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:18:23.0218 1492 Rasl2tp - ok

09:18:23.0546 1492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:18:23.0671 1492 RasMan - ok

09:18:23.0875 1492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:18:24.0000 1492 RasPppoe - ok

09:18:24.0281 1492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:18:24.0468 1492 Raspti - ok

09:18:24.0875 1492 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:18:24.0984 1492 Rdbss - ok

09:18:25.0218 1492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:18:25.0296 1492 RDPCDD - ok

09:18:25.0515 1492 rdpdr - ok

09:18:25.0781 1492 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:18:25.0812 1492 RDPWD - ok

09:18:26.0078 1492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:18:26.0171 1492 RDSessMgr - ok

09:18:26.0484 1492 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:18:26.0578 1492 redbook - ok

09:18:26.0812 1492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:18:26.0906 1492 RemoteAccess - ok

09:18:27.0109 1492 rimsptsk - ok

09:18:27.0281 1492 RIOXDRV - ok

09:18:27.0515 1492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:18:27.0609 1492 RpcLocator - ok

09:18:28.0062 1492 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:18:28.0156 1492 RpcSs - ok

09:18:28.0328 1492 rp_fws - ok

09:18:28.0593 1492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:18:28.0687 1492 RSVP - ok

09:18:28.0875 1492 s116nd5 - ok

09:18:29.0062 1492 s125mgmt - ok

09:18:29.0234 1492 s616unic - ok

09:18:29.0421 1492 sagefserver - ok

09:18:29.0640 1492 SaiNtBus - ok

09:18:29.0859 1492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:18:29.0953 1492 SamSs - ok

09:18:29.0953 1492 SANDRA - ok

09:18:30.0140 1492 savrtpel - ok

09:18:30.0390 1492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:18:30.0531 1492 SCardSvr - ok

09:18:30.0796 1492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:18:30.0921 1492 Schedule - ok

09:18:31.0109 1492 sdbus - ok

09:18:31.0312 1492 SE26mdfl - ok

09:18:31.0640 1492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:18:31.0750 1492 Secdrv - ok

09:18:32.0015 1492 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:18:32.0109 1492 seclogon - ok

09:18:32.0406 1492 SenFiltService - ok

09:18:32.0718 1492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:18:32.0843 1492 SENS - ok

09:18:33.0187 1492 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:18:33.0343 1492 serenum - ok

09:18:33.0562 1492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:18:33.0703 1492 Serial - ok

09:18:34.0015 1492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:18:34.0109 1492 Sfloppy - ok

09:18:34.0343 1492 SGHIDI - ok

09:18:34.0531 1492 sglogplayer - ok

09:18:34.0875 1492 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:18:35.0078 1492 SharedAccess - ok

09:18:35.0453 1492 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:18:35.0468 1492 ShellHWDetection - ok

09:18:35.0796 1492 si3114r - ok

09:18:36.0078 1492 Simbad - ok

09:18:36.0250 1492 smserial - ok

09:18:36.0531 1492 SNP2UVC - ok

09:18:36.0765 1492 snpstd - ok

09:18:37.0031 1492 Sparrow - ok

09:18:37.0343 1492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:18:37.0437 1492 splitter - ok

09:18:37.0781 1492 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:18:37.0812 1492 Spooler - ok

09:18:38.0062 1492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:18:38.0171 1492 sr - ok

09:18:38.0546 1492 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:18:38.0671 1492 srservice - ok

09:18:39.0109 1492 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:18:39.0218 1492 Srv - ok

09:18:39.0484 1492 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:18:39.0500 1492 sscdbus - ok

09:18:39.0734 1492 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:18:39.0750 1492 sscdmdfl - ok

09:18:40.0046 1492 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:18:40.0062 1492 sscdmdm - ok

09:18:40.0328 1492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:18:40.0437 1492 SSDPSRV - ok

09:18:40.0609 1492 ssfs0509 - ok

09:18:40.0859 1492 sskbfd - ok

09:18:41.0140 1492 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

09:18:41.0156 1492 StarOpen ( UnsignedFile.Multi.Generic ) - warning

09:18:41.0156 1492 StarOpen - detected UnsignedFile.Multi.Generic (1)

09:18:41.0718 1492 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:18:41.0921 1492 stisvc - ok

09:18:42.0218 1492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:18:42.0359 1492 swenum - ok

09:18:42.0593 1492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:18:42.0765 1492 swmidi - ok

09:18:42.0984 1492 SwPrv - ok

09:18:43.0203 1492 symc810 - ok

09:18:43.0562 1492 symc8xx - ok

09:18:43.0765 1492 sym_hi - ok

09:18:44.0000 1492 sym_u3 - ok

09:18:44.0296 1492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:18:44.0421 1492 sysaudio - ok

09:18:44.0750 1492 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:18:44.0906 1492 SysmonLog - ok

09:18:45.0234 1492 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:18:45.0406 1492 TapiSrv - ok

09:18:45.0796 1492 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:18:45.0984 1492 Tcpip - ok

09:18:46.0328 1492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:18:46.0500 1492 TDPIPE - ok

09:18:46.0750 1492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:18:46.0890 1492 TDTCP - ok

09:18:47.0156 1492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:18:47.0343 1492 TermDD - ok

09:18:47.0656 1492 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:18:47.0750 1492 TermService - ok

09:18:47.0984 1492 tfsndrct - ok

09:18:48.0312 1492 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:18:48.0312 1492 Themes - ok

09:18:48.0500 1492 tifm21 - ok

09:18:48.0703 1492 TosIde - ok

09:18:48.0921 1492 TPECioCtl - ok

09:18:49.0093 1492 TPPWRIF - ok

09:18:49.0328 1492 traprcvr - ok

09:18:49.0656 1492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:18:49.0828 1492 TrkWks - ok

09:18:50.0015 1492 TuneUp.Defrag - ok

09:18:50.0343 1492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:18:50.0515 1492 Udfs - ok

09:18:50.0718 1492 uhcd - ok

09:18:50.0906 1492 ultra - ok

09:18:51.0281 1492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:18:51.0578 1492 Update - ok

09:18:51.0781 1492 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:18:51.0875 1492 uploadmgr - ok

09:18:52.0203 1492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:18:52.0343 1492 upnphost - ok

09:18:52.0562 1492 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:18:52.0671 1492 UPS - ok

09:18:52.0890 1492 USA49W2KP - ok

09:18:53.0234 1492 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:18:53.0234 1492 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

09:18:53.0234 1492 USBAAPL - detected UnsignedFile.Multi.Generic (1)

09:18:53.0484 1492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:18:53.0593 1492 usbccgp - ok

09:18:53.0875 1492 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:18:54.0015 1492 usbehci - ok

09:18:54.0296 1492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:18:54.0468 1492 usbhub - ok

09:18:54.0812 1492 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:18:54.0968 1492 usbohci - ok

09:18:55.0343 1492 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:18:55.0484 1492 usbprint - ok

09:18:55.0812 1492 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:18:55.0953 1492 usbscan - ok

09:18:56.0171 1492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:18:56.0265 1492 USBSTOR - ok

09:18:56.0546 1492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:18:56.0640 1492 usbuhci - ok

09:18:56.0843 1492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:18:56.0953 1492 VgaSave - ok

09:18:57.0312 1492 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys

09:18:57.0375 1492 VIAHdAudAddService - ok

09:18:57.0656 1492 ViaIde - ok

09:18:57.0953 1492 videoacceleratorengine - ok

09:18:58.0187 1492 VNUSB - ok

09:18:58.0500 1492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:18:58.0656 1492 VolSnap - ok

09:18:58.0890 1492 vsbus - ok

09:18:59.0125 1492 vsmon - ok

09:18:59.0546 1492 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:18:59.0734 1492 VSS - ok

09:18:59.0937 1492 vzcdbsvc - ok

09:19:00.0265 1492 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:19:00.0468 1492 W32Time - ok

09:19:00.0781 1492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:19:00.0937 1492 Wanarp - ok

09:19:01.0187 1492 wap3gx - ok

09:19:01.0406 1492 Wdf01000 - ok

09:19:01.0671 1492 WDICA - ok

09:19:01.0968 1492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:19:02.0062 1492 wdmaud - ok

09:19:02.0296 1492 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:19:02.0437 1492 WebClient - ok

09:19:02.0609 1492 win32sl - ok

09:19:02.0921 1492 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:19:03.0000 1492 winmgmt - ok

09:19:03.0250 1492 winvnc - ok

09:19:03.0531 1492 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:19:03.0546 1492 WmdmPmSN - ok

09:19:03.0843 1492 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:19:03.0937 1492 WmiApSrv - ok

09:19:04.0468 1492 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:19:04.0859 1492 WMPNetworkSvc - ok

09:19:05.0203 1492 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:19:05.0250 1492 WpdUsb - ok

09:19:05.0796 1492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:19:05.0984 1492 WPFFontCache_v0400 - ok

09:19:06.0281 1492 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:19:06.0390 1492 WS2IFSL - ok

09:19:06.0671 1492 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:19:06.0781 1492 wscsvc - ok

09:19:07.0000 1492 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:19:07.0093 1492 wuauserv - ok

09:19:07.0359 1492 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:19:07.0375 1492 WudfPf - ok

09:19:07.0640 1492 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:19:07.0640 1492 WudfRd - ok

09:19:07.0984 1492 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:19:08.0000 1492 WudfSvc - ok

09:19:08.0406 1492 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:19:08.0593 1492 WZCSVC - ok

09:19:08.0843 1492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:19:08.0937 1492 xmlprov - ok

09:19:09.0156 1492 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok

09:19:09.0218 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:19:09.0625 1492 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:19:09.0625 1492 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:19:09.0640 1492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

09:19:09.0921 1492 \Device\Harddisk1\DR1 - ok

09:19:09.0937 1492 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0

09:19:09.0937 1492 \Device\Harddisk0\DR0\Partition0 - ok

09:19:09.0937 1492 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0

09:19:09.0937 1492 \Device\Harddisk1\DR1\Partition0 - ok

09:19:09.0937 1492 ============================================================

09:19:09.0937 1492 Scan finished

09:19:09.0937 1492 ============================================================

09:19:09.0953 3308 Detected object count: 7

09:19:09.0953 3308 Actual detected object count: 7

09:22:53.0171 3308 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0171 3308 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0171 3308 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0171 3308 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0171 3308 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0171 3308 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

09:22:53.0171 3308 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:23:02.0875 2904 Deinitialize success

Share this post


Link to post
Share on other sites

09:22:53.0187 3308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run it one more time and Cure / delete / quarantine that one.

Then run a new Combofix scan

Share this post


Link to post
Share on other sites

Ran new TDSS & ComboFix. Results below. Thanks.

...........................

09:47:10.0875 0172 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00

09:47:12.0875 0172 ============================================================

09:47:12.0875 0172 Current date / time: 2012/03/24 09:47:12.0875

09:47:12.0875 0172 SystemInfo:

09:47:12.0875 0172

09:47:12.0875 0172 OS Version: 5.1.2600 ServicePack: 3.0

09:47:12.0875 0172 Product type: Workstation

09:47:12.0875 0172 ComputerName: USER

09:47:13.0125 0172 UserName: Owner

09:47:13.0125 0172 Windows directory: C:\WINDOWS

09:47:13.0125 0172 System windows directory: C:\WINDOWS

09:47:13.0125 0172 Processor architecture: Intel x86

09:47:13.0125 0172 Number of processors: 2

09:47:13.0125 0172 Page size: 0x1000

09:47:13.0125 0172 Boot type: Normal boot

09:47:13.0125 0172 ============================================================

09:47:23.0015 0172 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:47:23.0031 0172 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:47:23.0156 0172 \Device\Harddisk0\DR0:

09:47:23.0171 0172 MBR used

09:47:23.0171 0172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

09:47:23.0171 0172 \Device\Harddisk1\DR1:

09:47:23.0171 0172 MBR used

09:47:23.0171 0172 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

09:47:23.0359 0172 Initialize success

09:47:23.0359 0172 ============================================================

09:47:34.0890 2872 ============================================================

09:47:34.0890 2872 Scan started

09:47:34.0890 2872 Mode: Manual; SigCheck; TDLFS;

09:47:34.0890 2872 ============================================================

09:47:36.0281 2872 Abiosdsk - ok

09:47:36.0546 2872 abp480n5 - ok

09:47:37.0046 2872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:47:47.0234 2872 ACPI - ok

09:47:47.0625 2872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:47:47.0781 2872 ACPIEC - ok

09:47:47.0968 2872 ADIHdAudAddService - ok

09:47:48.0156 2872 adpu160m - ok

09:47:48.0328 2872 aeaudio - ok

09:47:48.0531 2872 AEAudioService - ok

09:47:48.0796 2872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:47:49.0046 2872 aec - ok

09:47:49.0343 2872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:47:49.0593 2872 AFD - ok

09:47:49.0812 2872 Aha154x - ok

09:47:50.0015 2872 aic78u2 - ok

09:47:50.0187 2872 aic78xx - ok

09:47:50.0453 2872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:47:50.0593 2872 Alerter - ok

09:47:50.0843 2872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:47:51.0046 2872 ALG - ok

09:47:51.0312 2872 AliIde - ok

09:47:51.0703 2872 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

09:47:51.0765 2872 AmdK8 - ok

09:47:51.0968 2872 amsint - ok

09:47:52.0187 2872 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:47:52.0312 2872 Apple Mobile Device - ok

09:47:52.0562 2872 AppMgmt - ok

09:47:52.0734 2872 AppnApi - ok

09:47:53.0015 2872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:47:53.0125 2872 Arp1394 - ok

09:47:53.0406 2872 asc - ok

09:47:53.0578 2872 asc3350p - ok

09:47:53.0796 2872 asc3550 - ok

09:47:54.0078 2872 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys

09:47:54.0390 2872 AsIO - ok

09:47:54.0656 2872 aslm75 - ok

09:47:54.0968 2872 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

09:47:55.0046 2872 Aspi32 ( UnsignedFile.Multi.Generic ) - warning

09:47:55.0046 2872 Aspi32 - detected UnsignedFile.Multi.Generic (1)

09:47:55.0421 2872 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:47:55.0484 2872 aspnet_state - ok

09:47:55.0890 2872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:47:56.0031 2872 AsyncMac - ok

09:47:56.0437 2872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:47:56.0562 2872 atapi - ok

09:47:56.0859 2872 Atdisk - ok

09:47:57.0140 2872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:47:57.0281 2872 Atmarpc - ok

09:47:57.0484 2872 ATNT40K - ok

09:47:57.0781 2872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:47:57.0921 2872 AudioSrv - ok

09:47:58.0296 2872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:47:58.0453 2872 audstub - ok

09:47:58.0796 2872 avgfwsrv - ok

09:48:00.0765 2872 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

09:48:03.0718 2872 AVGIDSAgent - ok

09:48:04.0109 2872 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:48:04.0187 2872 AVGIDSDriver - ok

09:48:04.0437 2872 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:48:04.0453 2872 AVGIDSEH - ok

09:48:04.0765 2872 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:48:04.0781 2872 AVGIDSFilter - ok

09:48:05.0062 2872 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:48:05.0093 2872 AVGIDSShim - ok

09:48:05.0390 2872 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:48:05.0468 2872 Avgldx86 - ok

09:48:05.0812 2872 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:48:05.0843 2872 Avgmfx86 - ok

09:48:06.0109 2872 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:48:06.0125 2872 Avgrkx86 - ok

09:48:06.0421 2872 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:48:06.0515 2872 Avgtdix - ok

09:48:06.0796 2872 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

09:48:06.0859 2872 avgwd - ok

09:48:07.0109 2872 b57w2k - ok

09:48:07.0296 2872 backupexecjobengine - ok

09:48:07.0468 2872 backupexecnamingservice - ok

09:48:07.0656 2872 Bcim - ok

09:48:07.0828 2872 bdselfpr - ok

09:48:08.0109 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:48:08.0250 2872 Beep - ok

09:48:08.0640 2872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:48:09.0000 2872 BITS - ok

09:48:09.0171 2872 bocdrive - ok

09:48:09.0453 2872 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe

09:48:09.0625 2872 Bonjour Service - ok

09:48:09.0843 2872 bridge - ok

09:48:10.0078 2872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:48:10.0218 2872 Browser - ok

09:48:10.0390 2872 BrSerIf - ok

09:48:10.0562 2872 bvrp_pci - ok

09:48:10.0578 2872 catchme - ok

09:48:10.0843 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:48:11.0000 2872 cbidf2k - ok

09:48:11.0265 2872 cd20xrnt - ok

09:48:11.0546 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:48:11.0718 2872 Cdaudio - ok

09:48:12.0093 2872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:48:12.0203 2872 Cdfs - ok

09:48:12.0406 2872 cdfsvc - ok

09:48:12.0765 2872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:48:12.0937 2872 Cdrom - ok

09:48:13.0218 2872 Changer - ok

09:48:13.0406 2872 cics.region1 - ok

09:48:13.0640 2872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:48:13.0796 2872 CiSvc - ok

09:48:14.0109 2872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:48:14.0265 2872 ClipSrv - ok

09:48:14.0484 2872 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:48:14.0578 2872 clr_optimization_v2.0.50727_32 - ok

09:48:14.0765 2872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:48:14.0890 2872 clr_optimization_v4.0.30319_32 - ok

09:48:15.0125 2872 CmdIde - ok

09:48:15.0343 2872 COMSysApp - ok

09:48:15.0703 2872 Cpqarray - ok

09:48:16.0156 2872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:48:16.0359 2872 CryptSvc - ok

09:48:16.0687 2872 CTEDSPFX.DLL - ok

09:48:16.0890 2872 ctxhttp - ok

09:48:17.0078 2872 cxpt_service - ok

09:48:17.0359 2872 dac2w2k - ok

09:48:17.0562 2872 dac960nt - ok

09:48:17.0890 2872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:48:18.0156 2872 DcomLaunch - ok

09:48:18.0500 2872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:48:18.0765 2872 Dhcp - ok

09:48:19.0156 2872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:48:19.0343 2872 Disk - ok

09:48:19.0515 2872 dlbx_device - ok

09:48:19.0750 2872 DM9102 - ok

09:48:19.0953 2872 dmadmin - ok

09:48:20.0546 2872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:48:21.0343 2872 dmboot - ok

09:48:21.0812 2872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:48:21.0968 2872 dmio - ok

09:48:22.0250 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:48:22.0359 2872 dmload - ok

09:48:22.0625 2872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:48:22.0750 2872 dmserver - ok

09:48:23.0000 2872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:48:23.0125 2872 DMusic - ok

09:48:23.0375 2872 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:48:23.0453 2872 Dnscache - ok

09:48:23.0828 2872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:48:23.0968 2872 Dot3svc - ok

09:48:24.0156 2872 downloadmanagerlite - ok

09:48:24.0421 2872 dpti2o - ok

09:48:24.0718 2872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:48:24.0828 2872 drmkaud - ok

09:48:25.0031 2872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:48:25.0140 2872 EapHost - ok

09:48:25.0312 2872 emu10k - ok

09:48:25.0546 2872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:48:25.0656 2872 ERSvc - ok

09:48:25.0890 2872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:48:25.0984 2872 Eventlog - ok

09:48:26.0296 2872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

09:48:26.0468 2872 EventSystem - ok

09:48:26.0828 2872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:48:27.0031 2872 Fastfat - ok

09:48:27.0281 2872 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:48:27.0375 2872 FastUserSwitchingCompatibility - ok

09:48:27.0656 2872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:48:27.0796 2872 Fdc - ok

09:48:27.0953 2872 filemon701 - ok

09:48:28.0203 2872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:48:28.0375 2872 Fips - ok

09:48:28.0593 2872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:48:28.0734 2872 Flpydisk - ok

09:48:29.0015 2872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:48:29.0171 2872 FltMgr - ok

09:48:29.0421 2872 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:48:29.0468 2872 FontCache3.0.0.0 - ok

09:48:29.0703 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:48:29.0812 2872 Fs_Rec - ok

09:48:30.0093 2872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:48:30.0218 2872 Ftdisk - ok

09:48:30.0421 2872 GBFSHook - ok

09:48:30.0703 2872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:48:30.0750 2872 GEARAspiWDM - ok

09:48:31.0015 2872 ggsemc - ok

09:48:31.0328 2872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:48:31.0437 2872 Gpc - ok

09:48:31.0734 2872 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:48:31.0765 2872 gupdate - ok

09:48:31.0828 2872 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

09:48:31.0859 2872 gupdatem - ok

09:48:31.0968 2872 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:48:32.0015 2872 gusvc - ok

09:48:32.0390 2872 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

09:48:32.0484 2872 HdAudAddService - ok

09:48:32.0781 2872 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:48:32.0921 2872 HDAudBus - ok

09:48:33.0000 2872 helpsvc - ok

09:48:33.0187 2872 HidBth - ok

09:48:33.0484 2872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

09:48:33.0625 2872 HidServ - ok

09:48:33.0906 2872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:48:34.0000 2872 HidUsb - ok

09:48:34.0218 2872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:48:34.0375 2872 hkmsvc - ok

09:48:34.0593 2872 hpn - ok

09:48:34.0921 2872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:48:35.0140 2872 HTTP - ok

09:48:35.0375 2872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:48:35.0484 2872 HTTPFilter - ok

09:48:35.0734 2872 i2omgmt - ok

09:48:36.0000 2872 i2omp - ok

09:48:36.0265 2872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:48:36.0375 2872 i8042prt - ok

09:48:36.0562 2872 iAimTV5 - ok

09:48:38.0687 2872 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:48:42.0703 2872 ialm - ok

09:48:42.0984 2872 ibmsmbus - ok

09:48:43.0218 2872 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:48:43.0296 2872 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:48:43.0296 2872 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:48:43.0859 2872 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:48:44.0453 2872 idsvc - ok

09:48:44.0828 2872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:48:44.0937 2872 Imapi - ok

09:48:45.0187 2872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:48:45.0312 2872 ImapiService - ok

09:48:45.0484 2872 ini910u - ok

09:48:45.0687 2872 IntelIde - ok

09:48:45.0906 2872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:48:46.0000 2872 intelppm - ok

09:48:46.0203 2872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:48:46.0312 2872 Ip6Fw - ok

09:48:46.0531 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:48:46.0671 2872 IpFilterDriver - ok

09:48:46.0875 2872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:48:46.0968 2872 IpInIp - ok

09:48:47.0203 2872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:48:47.0375 2872 IpNat - ok

09:48:47.0734 2872 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe

09:48:47.0921 2872 iPod Service - ok

09:48:48.0250 2872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:48:48.0375 2872 IPSec - ok

09:48:48.0578 2872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:48:48.0687 2872 IRENUM - ok

09:48:48.0906 2872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:48:49.0046 2872 isapnp - ok

09:48:49.0218 2872 iviVD - ok

09:48:49.0515 2872 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

09:48:49.0609 2872 JavaQuickStarterService - ok

09:48:49.0875 2872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:48:49.0968 2872 Kbdclass - ok

09:48:50.0187 2872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:48:50.0265 2872 kbdhid - ok

09:48:50.0421 2872 klif - ok

09:48:50.0687 2872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:48:50.0828 2872 kmixer - ok

09:48:51.0078 2872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:48:51.0250 2872 KSecDD - ok

09:48:51.0484 2872 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

09:48:51.0562 2872 L1e - ok

09:48:51.0812 2872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:48:51.0890 2872 lanmanserver - ok

09:48:52.0140 2872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:48:52.0218 2872 lanmanworkstation - ok

09:48:52.0406 2872 Lbd - ok

09:48:52.0593 2872 lbrtfdc - ok

09:48:52.0781 2872 lexbces - ok

09:48:52.0953 2872 lirsgt - ok

09:48:53.0171 2872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:48:53.0281 2872 LmHosts - ok

09:48:53.0437 2872 lvckap - ok

09:48:53.0609 2872 lyncusbserv - ok

09:48:53.0859 2872 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

09:48:53.0906 2872 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

09:48:53.0906 2872 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

09:48:54.0062 2872 mcdetect.exe - ok

09:48:54.0234 2872 mcupdmgr.exe - ok

09:48:54.0453 2872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:48:54.0546 2872 Messenger - ok

09:48:54.0750 2872 mfeavfk - ok

09:48:54.0937 2872 mferkdk - ok

09:48:55.0203 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:48:55.0312 2872 mnmdd - ok

09:48:55.0515 2872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

09:48:55.0640 2872 mnmsrvc - ok

09:48:55.0843 2872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:48:55.0953 2872 Modem - ok

09:48:56.0578 2872 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

09:48:57.0390 2872 monfilt - ok

09:48:57.0625 2872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:48:57.0765 2872 Mouclass - ok

09:48:57.0984 2872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:48:58.0109 2872 mouhid - ok

09:48:58.0312 2872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:48:58.0421 2872 MountMgr - ok

09:48:58.0609 2872 mpservice - ok

09:48:58.0812 2872 mraid35x - ok

09:48:58.0984 2872 MREMP50a64 - ok

09:48:59.0218 2872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:48:59.0359 2872 MRxDAV - ok

09:48:59.0718 2872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:49:00.0031 2872 MRxSmb - ok

09:49:00.0250 2872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

09:49:00.0328 2872 MSDTC - ok

09:49:00.0546 2872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:49:00.0656 2872 Msfs - ok

09:49:00.0828 2872 MSIServer - ok

09:49:01.0031 2872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:49:01.0140 2872 MSKSSRV - ok

09:49:01.0328 2872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:49:01.0437 2872 MSPCLOCK - ok

09:49:01.0671 2872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:49:01.0781 2872 MSPQM - ok

09:49:01.0984 2872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:49:02.0078 2872 mssmbios - ok

09:49:02.0312 2872 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

09:49:02.0359 2872 MTsensor - ok

09:49:02.0625 2872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:49:02.0750 2872 Mup - ok

09:49:02.0937 2872 mwstick - ok

09:49:03.0109 2872 NAL - ok

09:49:03.0359 2872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:49:03.0546 2872 napagent - ok

09:49:03.0703 2872 navapel - ok

09:49:04.0078 2872 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

09:49:04.0453 2872 NBService - ok

09:49:04.0796 2872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:49:04.0953 2872 NDIS - ok

09:49:05.0187 2872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:49:05.0281 2872 NdisTapi - ok

09:49:05.0546 2872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:49:05.0640 2872 Ndisuio - ok

09:49:05.0859 2872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:49:05.0984 2872 NdisWan - ok

09:49:06.0218 2872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:49:06.0312 2872 NDProxy - ok

09:49:06.0515 2872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:49:06.0625 2872 NetBIOS - ok

09:49:06.0875 2872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:49:07.0015 2872 NetBT - ok

09:49:07.0265 2872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:49:07.0406 2872 NetDDE - ok

09:49:07.0437 2872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:49:07.0515 2872 NetDDEdsdm - ok

09:49:07.0718 2872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:49:07.0812 2872 Netlogon - ok

09:49:08.0109 2872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:49:08.0265 2872 Netman - ok

09:49:08.0484 2872 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:49:08.0531 2872 NetTcpPortSharing - ok

09:49:08.0703 2872 nfmservice - ok

09:49:08.0859 2872 ngdbserv - ok

09:49:09.0140 2872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:49:09.0281 2872 NIC1394 - ok

09:49:09.0437 2872 NICSer_WPC300N - ok

09:49:09.0750 2872 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:49:09.0843 2872 Nla - ok

09:49:10.0109 2872 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

09:49:10.0187 2872 NMIndexingService - ok

09:49:10.0343 2872 nmwcdcm - ok

09:49:10.0609 2872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:49:10.0734 2872 Npfs - ok

09:49:10.0906 2872 NTACCESS - ok

09:49:11.0281 2872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:49:11.0625 2872 Ntfs - ok

09:49:11.0828 2872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:49:11.0906 2872 NtLmSsp - ok

09:49:12.0218 2872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:49:12.0515 2872 NtmsSvc - ok

09:49:12.0718 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:49:12.0828 2872 Null - ok

09:49:14.0015 2872 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:49:16.0015 2872 nv - ok

09:49:16.0359 2872 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:49:16.0406 2872 NVENETFD - ok

09:49:16.0562 2872 NVNET - ok

09:49:16.0796 2872 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:49:16.0843 2872 nvnetbus - ok

09:49:17.0062 2872 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe

09:49:17.0125 2872 NVSvc - ok

09:49:17.0343 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:49:17.0468 2872 NwlnkFlt - ok

09:49:17.0671 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:49:17.0781 2872 NwlnkFwd - ok

09:49:18.0015 2872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:49:18.0156 2872 ohci1394 - ok

09:49:18.0343 2872 oracleorahomedatagatherer - ok

09:49:18.0515 2872 oracleorahomepagingserver - ok

09:49:18.0687 2872 oraclexeclragent - ok

09:49:18.0843 2872 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:49:18.0875 2872 ose - ok

09:49:19.0046 2872 p2pimsvc - ok

09:49:19.0218 2872 Packet - ok

09:49:19.0406 2872 pae_1394 - ok

09:49:19.0687 2872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:49:19.0828 2872 Parport - ok

09:49:20.0031 2872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:49:20.0140 2872 PartMgr - ok

09:49:20.0343 2872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:49:20.0453 2872 ParVdm - ok

09:49:20.0625 2872 pav_service - ok

09:49:20.0828 2872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:49:20.0953 2872 PCI - ok

09:49:21.0109 2872 PciBus - ok

09:49:21.0312 2872 PCIDump - ok

09:49:21.0515 2872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:49:21.0609 2872 PCIIde - ok

09:49:21.0859 2872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:49:21.0984 2872 Pcmcia - ok

09:49:22.0218 2872 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys

09:49:22.0265 2872 Pcouffin ( UnsignedFile.Multi.Generic ) - warning

09:49:22.0265 2872 Pcouffin - detected UnsignedFile.Multi.Generic (1)

09:49:22.0453 2872 PDCOMP - ok

09:49:22.0640 2872 PDFRAME - ok

09:49:22.0812 2872 pdiddcci - ok

09:49:22.0984 2872 PDRELI - ok

09:49:23.0171 2872 PDRFRAME - ok

09:49:23.0359 2872 perc2 - ok

09:49:23.0531 2872 perc2hib - ok

09:49:23.0796 2872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:49:23.0812 2872 PlugPlay - ok

09:49:24.0031 2872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:49:24.0109 2872 PolicyAgent - ok

09:49:24.0359 2872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:49:24.0468 2872 PptpMiniport - ok

09:49:24.0687 2872 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:49:24.0828 2872 Processor - ok

09:49:25.0000 2872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:49:25.0078 2872 ProtectedStorage - ok

09:49:25.0296 2872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:49:25.0406 2872 PSched - ok

09:49:25.0593 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:49:25.0718 2872 Ptilink - ok

09:49:25.0906 2872 purgeieservice - ok

09:49:26.0171 2872 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:49:26.0234 2872 PxHelp20 - ok

09:49:26.0421 2872 ql1080 - ok

09:49:26.0593 2872 Ql10wnt - ok

09:49:26.0781 2872 ql12160 - ok

09:49:26.0968 2872 ql1240 - ok

09:49:27.0140 2872 ql1280 - ok

09:49:27.0312 2872 ramaint - ok

09:49:27.0515 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:49:27.0625 2872 RasAcd - ok

09:49:27.0843 2872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:49:27.0953 2872 RasAuto - ok

09:49:28.0187 2872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:49:28.0312 2872 Rasl2tp - ok

09:49:28.0531 2872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:49:28.0671 2872 RasMan - ok

09:49:28.0859 2872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:49:28.0953 2872 RasPppoe - ok

09:49:29.0140 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:49:29.0265 2872 Raspti - ok

09:49:29.0515 2872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:49:29.0671 2872 Rdbss - ok

09:49:29.0890 2872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:49:29.0984 2872 RDPCDD - ok

09:49:30.0140 2872 rdpdr - ok

09:49:30.0406 2872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:49:30.0546 2872 RDPWD - ok

09:49:30.0781 2872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:49:30.0921 2872 RDSessMgr - ok

09:49:31.0171 2872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:49:31.0281 2872 redbook - ok

09:49:31.0500 2872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:49:31.0609 2872 RemoteAccess - ok

09:49:31.0781 2872 rimsptsk - ok

09:49:31.0953 2872 RIOXDRV - ok

09:49:32.0156 2872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

09:49:32.0250 2872 RpcLocator - ok

09:49:32.0562 2872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:49:32.0656 2872 RpcSs - ok

09:49:32.0828 2872 rp_fws - ok

09:49:33.0031 2872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

09:49:33.0171 2872 RSVP - ok

09:49:33.0343 2872 s116nd5 - ok

09:49:33.0515 2872 s125mgmt - ok

09:49:33.0687 2872 s616unic - ok

09:49:33.0843 2872 sagefserver - ok

09:49:34.0015 2872 SaiNtBus - ok

09:49:34.0218 2872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:49:34.0296 2872 SamSs - ok

09:49:34.0312 2872 SANDRA - ok

09:49:34.0468 2872 savrtpel - ok

09:49:34.0703 2872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:49:34.0812 2872 SCardSvr - ok

09:49:35.0062 2872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:49:35.0203 2872 Schedule - ok

09:49:35.0375 2872 sdbus - ok

09:49:35.0546 2872 SE26mdfl - ok

09:49:35.0796 2872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:49:35.0906 2872 Secdrv - ok

09:49:36.0078 2872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:49:36.0171 2872 seclogon - ok

09:49:36.0343 2872 SenFiltService - ok

09:49:36.0546 2872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:49:36.0656 2872 SENS - ok

09:49:36.0875 2872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:49:36.0984 2872 serenum - ok

09:49:37.0187 2872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:49:37.0296 2872 Serial - ok

09:49:37.0546 2872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:49:37.0656 2872 Sfloppy - ok

09:49:37.0812 2872 SGHIDI - ok

09:49:37.0984 2872 sglogplayer - ok

09:49:38.0265 2872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:49:38.0531 2872 SharedAccess - ok

09:49:38.0765 2872 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:49:38.0781 2872 ShellHWDetection - ok

09:49:38.0953 2872 si3114r - ok

09:49:39.0125 2872 Simbad - ok

09:49:39.0296 2872 smserial - ok

09:49:39.0468 2872 SNP2UVC - ok

09:49:39.0640 2872 snpstd - ok

09:49:39.0828 2872 Sparrow - ok

09:49:40.0046 2872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:49:40.0140 2872 splitter - ok

09:49:40.0359 2872 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:49:40.0421 2872 Spooler - ok

09:49:40.0671 2872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:49:40.0781 2872 sr - ok

09:49:41.0031 2872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:49:41.0156 2872 srservice - ok

09:49:41.0453 2872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:49:41.0703 2872 Srv - ok

09:49:41.0953 2872 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

09:49:41.0984 2872 sscdbus - ok

09:49:42.0187 2872 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

09:49:42.0203 2872 sscdmdfl - ok

09:49:42.0421 2872 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

09:49:42.0468 2872 sscdmdm - ok

09:49:42.0687 2872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:49:42.0812 2872 SSDPSRV - ok

09:49:42.0968 2872 ssfs0509 - ok

09:49:43.0140 2872 sskbfd - ok

09:49:43.0359 2872 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

09:49:43.0421 2872 StarOpen ( UnsignedFile.Multi.Generic ) - warning

09:49:43.0421 2872 StarOpen - detected UnsignedFile.Multi.Generic (1)

09:49:43.0687 2872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:49:43.0953 2872 stisvc - ok

09:49:44.0187 2872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:49:44.0265 2872 swenum - ok

09:49:44.0484 2872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:49:44.0593 2872 swmidi - ok

09:49:44.0781 2872 SwPrv - ok

09:49:45.0000 2872 symc810 - ok

09:49:45.0171 2872 symc8xx - ok

09:49:45.0359 2872 sym_hi - ok

09:49:45.0546 2872 sym_u3 - ok

09:49:45.0781 2872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:49:45.0875 2872 sysaudio - ok

09:49:46.0109 2872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:49:46.0234 2872 SysmonLog - ok

09:49:46.0515 2872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:49:46.0671 2872 TapiSrv - ok

09:49:47.0000 2872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:49:47.0171 2872 Tcpip - ok

09:49:47.0375 2872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:49:47.0484 2872 TDPIPE - ok

09:49:47.0687 2872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:49:47.0781 2872 TDTCP - ok

09:49:48.0000 2872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:49:48.0109 2872 TermDD - ok

09:49:48.0359 2872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:49:48.0562 2872 TermService - ok

09:49:48.0734 2872 tfsndrct - ok

09:49:48.0968 2872 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:49:48.0984 2872 Themes - ok

09:49:49.0140 2872 tifm21 - ok

09:49:49.0328 2872 TosIde - ok

09:49:49.0500 2872 TPECioCtl - ok

09:49:49.0671 2872 TPPWRIF - ok

09:49:49.0828 2872 traprcvr - ok

09:49:50.0062 2872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:49:50.0187 2872 TrkWks - ok

09:49:50.0359 2872 TuneUp.Defrag - ok

09:49:50.0578 2872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:49:50.0687 2872 Udfs - ok

09:49:50.0859 2872 uhcd - ok

09:49:51.0031 2872 ultra - ok

09:49:51.0343 2872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:49:51.0625 2872 Update - ok

09:49:51.0781 2872 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:49:51.0890 2872 uploadmgr - ok

09:49:52.0125 2872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:49:52.0265 2872 upnphost - ok

09:49:52.0468 2872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:49:52.0562 2872 UPS - ok

09:49:52.0734 2872 USA49W2KP - ok

09:49:52.0984 2872 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:49:53.0031 2872 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

09:49:53.0031 2872 USBAAPL - detected UnsignedFile.Multi.Generic (1)

09:49:53.0234 2872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:49:53.0343 2872 usbccgp - ok

09:49:53.0578 2872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:49:53.0671 2872 usbehci - ok

09:49:53.0906 2872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:49:54.0015 2872 usbhub - ok

09:49:54.0218 2872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:49:54.0312 2872 usbohci - ok

09:49:54.0515 2872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:49:54.0625 2872 usbprint - ok

09:49:54.0843 2872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:49:54.0937 2872 usbscan - ok

09:49:55.0140 2872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:49:55.0234 2872 USBSTOR - ok

09:49:55.0484 2872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:49:55.0609 2872 usbuhci - ok

09:49:55.0828 2872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:49:55.0921 2872 VgaSave - ok

09:49:56.0218 2872 VIAHdAudAddService (6b2c9ee4c16616e9398bbd0bc80ceb22) C:\WINDOWS\system32\drivers\viahduaa.sys

09:49:56.0312 2872 VIAHdAudAddService - ok

09:49:56.0484 2872 ViaIde - ok

09:49:56.0671 2872 videoacceleratorengine - ok

09:49:56.0843 2872 VNUSB - ok

09:49:57.0062 2872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:49:57.0187 2872 VolSnap - ok

09:49:57.0359 2872 vsbus - ok

09:49:57.0531 2872 vsmon - ok

09:49:57.0796 2872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:49:57.0953 2872 VSS - ok

09:49:58.0125 2872 vzcdbsvc - ok

09:49:58.0359 2872 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:49:58.0500 2872 W32Time - ok

09:49:58.0750 2872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:49:58.0890 2872 Wanarp - ok

09:49:59.0046 2872 wap3gx - ok

09:49:59.0218 2872 Wdf01000 - ok

09:49:59.0406 2872 WDICA - ok

09:49:59.0625 2872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:49:59.0718 2872 wdmaud - ok

09:49:59.0937 2872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:50:00.0093 2872 WebClient - ok

09:50:00.0265 2872 win32sl - ok

09:50:00.0562 2872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:50:00.0671 2872 winmgmt - ok

09:50:00.0843 2872 winvnc - ok

09:50:01.0062 2872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:50:01.0093 2872 WmdmPmSN - ok

09:50:01.0328 2872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:50:01.0468 2872 WmiApSrv - ok

09:50:01.0875 2872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:50:02.0359 2872 WMPNetworkSvc - ok

09:50:02.0640 2872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:50:02.0671 2872 WpdUsb - ok

09:50:03.0109 2872 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:50:03.0515 2872 WPFFontCache_v0400 - ok

09:50:03.0859 2872 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:50:04.0000 2872 WS2IFSL - ok

09:50:04.0218 2872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:50:04.0343 2872 wscsvc - ok

09:50:04.0531 2872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:50:04.0625 2872 wuauserv - ok

09:50:04.0859 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:50:04.0921 2872 WudfPf - ok

09:50:05.0156 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:50:05.0187 2872 WudfRd - ok

09:50:05.0390 2872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:50:05.0421 2872 WudfSvc - ok

09:50:05.0781 2872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:50:06.0093 2872 WZCSVC - ok

09:50:06.0328 2872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:50:06.0453 2872 xmlprov - ok

09:50:06.0625 2872 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok

09:50:06.0671 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:50:07.0031 2872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:50:07.0031 2872 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:50:07.0062 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

09:50:07.0234 2872 \Device\Harddisk1\DR1 - ok

09:50:07.0234 2872 Boot (0x1200) (86be2e19de0ce07e25cefc15a2995d8f) \Device\Harddisk0\DR0\Partition0

09:50:07.0234 2872 \Device\Harddisk0\DR0\Partition0 - ok

09:50:07.0234 2872 Boot (0x1200) (90c163a7e1b491257ec4337544de6d04) \Device\Harddisk1\DR1\Partition0

09:50:07.0234 2872 \Device\Harddisk1\DR1\Partition0 - ok

09:50:07.0250 2872 ============================================================

09:50:07.0250 2872 Scan finished

09:50:07.0250 2872 ============================================================

09:50:07.0390 2092 Detected object count: 7

09:50:07.0390 2092 Actual detected object count: 7

09:50:35.0484 2092 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0484 2092 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0484 2092 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0484 2092 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0484 2092 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0484 2092 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

09:50:35.0484 2092 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine

09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

09:50:35.0625 2092 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine

09:50:35.0640 2092 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

09:50:35.0703 2092 \Device\Harddisk0\DR0\TDLFS\module.dll - copied to quarantine

09:50:35.0703 2092 \Device\Harddisk0\DR0\TDLFS - deleted

09:50:35.0703 2092 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

09:50:56.0500 3700 Deinitialize success

...............................

ComboFix 12-03-22.01 - Owner 24/03/2012 10:08:44.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.595 [GMT 10:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))

.

.

2012-03-23 14:05 . 2012-03-23 14:05 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-23 03:32 . 2012-03-23 03:32 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-21 08:14 . 2012-03-21 08:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2012-03-20 14:25 . 2012-03-20 14:25 -------- d-----w- c:\program files\Microsoft Research

2012-03-03 06:33 . 2012-03-03 06:33 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-03-03 06:33 . 2012-03-03 06:33 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-03-03 06:33 . 2012-03-03 06:33 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-03-03 06:33 . 2012-03-17 03:44 646072 ----a-w- c:\program files\Mozilla Firefox\nss3.dll

2012-03-03 06:33 . 2012-03-17 03:44 371640 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll

2012-03-03 06:33 . 2012-03-17 03:44 109496 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll

2012-03-03 06:33 . 2012-03-17 03:44 105400 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll

2012-03-03 06:33 . 2012-03-17 03:44 269240 ----a-w- c:\program files\Mozilla Firefox\updater.exe

2012-03-03 06:33 . 2012-03-17 03:44 19896 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-29 04:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-23 14:06 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2012-02-28 14:03 . 2011-05-19 22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 05:34 . 2007-11-23 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-27 05:34 . 2010-05-01 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-09 16:20 . 2006-09-05 00:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-12-16 07:07 . 2008-10-23 07:21 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-12-16 07:07 . 2008-10-23 07:21 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-10-23 07:21 . 2008-10-23 07:21 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-03-17 03:44 . 2012-03-03 06:33 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-23_15.44.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-24 00:05 . 2012-03-24 00:05 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-11 548864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

"nwiz"="nwiz.exe" [2005-10-10 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]

"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-11-20 30720]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-11-17 10:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 06:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]

2007-02-23 06:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"g:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"g:\\Program Files\\WM Recorder 10\\WMR90.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]

R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/11/2009 8:28 AM 47360]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [24/11/2008 12:22 PM 222976]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2009 1:20 PM 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/03/2012 1:32 PM 24064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

bridge

ibmsmbus

mferkdk

si3114r

p2pimsvc

cics.region1

nfmservice

b57w2k

gmer

vzcdbsvc

Bcim

GBFSHook

ssfs0509

lyncusbserv

CTEDSPFX.DLL

tifm21

winvnc

pae_1394

s616unic

SE26mdfl

vsbus

ATNT40K

NTACCESS

MREMP50a64

ntsvcmgr

sskbfd

aeaudio

sglogplayer

cdfsvc

smserial

SGHIDI

mwstick

TuneUp.Defrag

traprcvr

snpstd

NVNET

navapel

iviVD

avgfwsrv

oracleorahomedatagatherer

rdpdr

purgeieservice

pav_service

backupexecnamingservice

pdiddcci

aslm75

DM9102

NAL

ngdbserv

{a7447300-8075-4b0d-83f1-3d75c8ebc623}

tfsndrct

s116nd5

mcdetect.exe

Packet

videoacceleratorengine

BrSerIf

Wdf01000

bdselfpr

emu10k

backupexecjobengine

s125mgmt

mpservice

mcupdmgr.exe

filemon701

SaiNtBus

ramaint

sagefserver

oraclexeclragent

iAimTV5

savrtpel

win32sl

PciBus

klif

mbr

uhcd

AppnApi

downloadmanagerlite

cxpt_service

VNUSB

lexbces

SNP2UVC

USA49W2KP

bvrp_pci

NICSer_WPC300N

mfeavfk

oracleorahomepagingserver

vsmon

dlbx_device

lirsgt

rimsptsk

rp_fws

nmwcdcm

lvckap

bocdrive

TPPWRIF

isdrv122

sdbus

RIOXDRV

ctxhttp

HidBth

wap3gx

ggsemc

TPECioCtl

uploadmgr

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

.

2012-03-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 08:42]

.

2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 03:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: iinet.net.au\www

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4a4uylfi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-24 10:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????R???????C??????x?+}???????????}?????????????](}0??????????????????? ??|????0??|????????j??|????0???????[??????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{747D0EF3-6199-5A17-059C-25698D5821F6}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abekgmihmimkejidodpaegdeleabffljgd"=hex:61,61,00,ff

"mabkbmaddopnenjcoomefibbah"=hex:61,61,00,ff

.

[HKEY_USERS\S-1-5-21-1409082233-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD3E7F6-F954-5B53-909C-6EF38F9BBDD7}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2012-03-24 10:40:03

ComboFix-quarantined-files.txt 2012-03-24 00:39

ComboFix2.txt 2012-03-23 22:39

ComboFix3.txt 2012-03-23 15:54

ComboFix4.txt 2011-04-06 07:44

.

Pre-Run: 51,482,660,864 bytes free

Post-Run: 51,465,273,344 bytes free

.

- - End Of File - - 9060F0D76F9D0B205F334870CF8ED0B2

Share this post


Link to post
Share on other sites

Seems to be running ok now, no more avg threat popups, and have not had any more browser redirects yet. Might be good?

Share this post


Link to post
Share on other sites

Spoke too soon, avg threat just detected. Still the Trojan horse Crypt.AQLW. AVG found it in c:\system vol info\_restore{.......}\RP219\Aoo27260.dll

What now Obiwan?

Share this post


Link to post
Share on other sites

c:\system vol info\_restore

We'll kill that when you uninstall Combofix.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites

Thanks Larry, desktop seems to be ok now (touch wood), your help has been terrific.

Combofix uninstalled.

All passwords have been changed via clean laptop. Java 6-31 was installed on desktop and MS, AVG & MBAM all up to date.

Just a few quick questions if you don't mind, all for good security.

- What about tdsskiller? Leave it or remove it?

- I have a firewall on my D-Link router, is this normally good enough or would it be more advantageous to look at a software firewall as well. Don't want to have 2 runnng.

- I had not heard of M86 (thanks for the link). It looks similar to what my AVG LinkScanner does in warning of bad sites. Would the 2 programs conflict, say like using 2 antivirus/firewall programs?

Again, my thanks for your help, it is greatly appreciated.

Cheers.

Share this post


Link to post
Share on other sites

What about tdsskiller? Leave it or remove it?

Delete it

- I have a firewall on my D-Link router, is this normally good enough or would it be more advantageous to look at a software firewall as well. Don't want to have 2 runnng.

Keep using only your D-Link


- I had not heard of M86 (thanks for the link). It looks similar to what my AVG LinkScanner does in warning of bad sites. Would the 2 programs conflict, say like using 2 antivirus/firewall programs?

LinkScanner should be fine

You're more than welcome.

Glad we were able to help

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.