Sign in to follow this  
Followers 0
tduro

I've been hijacked.

11 posts in this topic

When I click a link from a Google search, I'm redirected to a bogus search engine or a bogus antivirus site. I updated and ran Malwarebytes and Avira Antivirus. Both found threats and purportedly eliminated them, but the problem remained. I'm not sure if this is related, but I can no longer access a Google or Bing front page. I can, however, get to other sites if I have a link to it or type it in the search bar directly. I ran DDS and the DDS.txt and Attach.txt are posted below:

DDS.TXT

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by HP_Administrator at 18:18:01 on 2012-03-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.332 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\DISC\DiscStreamHub.exe

c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [prmlt] rundll32.exe "c:\docume~1\hp_adm~1\locals~1\temp\prmlt.dll",EnumMCCustomSetNumberRelease

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: trymedia.com

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab

DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab

DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://24.229.34.148/viewer/activeXViewer/activexviewer.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.shh.org/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

TCP: Interfaces\{B7BBC842-5ECC-4F76-943A-4A4EE4342D2B} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Hosts: 87.229.126.40 www.google.com

Hosts: 87.229.126.41 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-25 11608]

R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [2009-4-1 64160]

R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\drivers\NEOFLTR_700_17289.SYS [2011-6-30 84336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-25 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-25 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-25 66616]

R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2006-9-12 307295]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-10-5 237056]

R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-10-5 1060352]

R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-10-5 484352]

R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2011-5-30 36224]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2006-9-12 109008]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-6 11520]

R4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2011-5-30 134912]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [2007-1-4 516635]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

.

=============== File Associations ===============

.

.scr=DWGTrueViewScriptFile

.

=============== Created Last 30 ================

.

2012-03-24 17:01:31 884 ---ha-r- c:\windows\system32\drivers\etc\hosts.sys

2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Waavy

2012-03-24 02:22:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\Muycad

2012-03-11 13:02:44 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\PMB Files

2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr

.

==================== Find3M ====================

.

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 18:20:05.98 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/17/2006 8:59:42 PM

System Uptime: 3/26/2012 5:23:14 PM (1 hours ago)

.

Motherboard: ASUSTek Computer INC. | | Amberine M

Processor: AMD Athlon 64 Processor 3700+ | Socket 939 | 2188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 178 GiB total, 62.227 GiB free.

D: is FIXED (FAT32) - 9 GiB total, 1.117 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is CDROM (UDF)

L: is Removable

M: is FIXED (NTFS) - 1862 GiB total, 1756.306 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0001

Service: vpnva

.

==== System Restore Points ===================

.

RP220: 12/28/2011 11:45:07 AM - System Checkpoint

RP221: 12/29/2011 3:40:43 PM - System Checkpoint

RP222: 12/30/2011 3:45:09 PM - System Checkpoint

RP223: 1/1/2012 2:20:22 PM - System Checkpoint

RP224: 1/2/2012 2:45:02 PM - System Checkpoint

RP225: 1/3/2012 3:45:02 PM - System Checkpoint

RP226: 1/4/2012 4:33:18 PM - System Checkpoint

RP227: 1/5/2012 4:50:50 PM - System Checkpoint

RP228: 1/6/2012 7:16:18 PM - System Checkpoint

RP229: 1/7/2012 8:00:46 PM - System Checkpoint

RP230: 1/8/2012 9:00:41 PM - System Checkpoint

RP231: 1/9/2012 10:00:44 PM - System Checkpoint

RP232: 1/10/2012 10:03:33 PM - System Checkpoint

RP233: 1/11/2012 2:00:25 AM - Software Distribution Service 3.0

RP234: 1/12/2012 2:00:47 AM - System Checkpoint

RP235: 1/13/2012 2:05:32 AM - System Checkpoint

RP236: 1/14/2012 3:05:23 AM - System Checkpoint

RP237: 1/15/2012 4:05:32 AM - System Checkpoint

RP238: 1/16/2012 4:46:46 AM - System Checkpoint

RP239: 1/17/2012 5:46:46 AM - System Checkpoint

RP240: 1/18/2012 6:46:39 AM - System Checkpoint

RP241: 1/19/2012 6:52:41 AM - System Checkpoint

RP242: 1/20/2012 7:37:04 AM - System Checkpoint

RP243: 1/21/2012 10:08:02 AM - System Checkpoint

RP244: 1/22/2012 10:46:18 AM - System Checkpoint

RP245: 1/23/2012 11:25:59 AM - System Checkpoint

RP246: 1/24/2012 12:26:01 PM - System Checkpoint

RP247: 1/25/2012 12:38:08 PM - System Checkpoint

RP248: 1/26/2012 2:00:17 AM - Software Distribution Service 3.0

RP249: 1/27/2012 2:22:30 AM - System Checkpoint

RP250: 1/28/2012 3:22:31 AM - System Checkpoint

RP251: 1/29/2012 4:22:23 AM - System Checkpoint

RP252: 1/30/2012 5:22:35 AM - System Checkpoint

RP253: 1/31/2012 6:22:35 AM - System Checkpoint

RP254: 2/1/2012 7:38:36 AM - System Checkpoint

RP255: 2/2/2012 8:22:25 AM - System Checkpoint

RP256: 2/3/2012 8:41:06 AM - System Checkpoint

RP257: 2/4/2012 9:41:13 AM - System Checkpoint

RP258: 2/5/2012 11:02:16 AM - System Checkpoint

RP259: 2/6/2012 11:42:39 AM - System Checkpoint

RP260: 2/7/2012 11:53:08 AM - System Checkpoint

RP261: 2/8/2012 12:29:38 PM - System Checkpoint

RP262: 2/9/2012 12:41:57 PM - System Checkpoint

RP263: 2/10/2012 9:11:40 PM - System Checkpoint

RP264: 2/11/2012 10:21:47 PM - System Checkpoint

RP265: 2/12/2012 11:03:48 PM - System Checkpoint

RP266: 2/14/2012 12:04:00 AM - System Checkpoint

RP267: 2/15/2012 1:04:01 AM - System Checkpoint

RP268: 2/16/2012 2:00:20 AM - Software Distribution Service 3.0

RP269: 2/16/2012 9:03:27 PM - Removed iTunes

RP270: 2/17/2012 9:20:05 PM - System Checkpoint

RP271: 2/18/2012 9:48:11 PM - System Checkpoint

RP272: 2/19/2012 11:08:19 PM - System Checkpoint

RP273: 2/20/2012 11:24:06 PM - System Checkpoint

RP274: 2/22/2012 12:24:17 AM - System Checkpoint

RP275: 2/23/2012 1:24:17 AM - System Checkpoint

RP276: 2/24/2012 2:24:09 AM - System Checkpoint

RP277: 2/25/2012 3:24:21 AM - System Checkpoint

RP278: 2/26/2012 4:24:10 AM - System Checkpoint

RP279: 2/27/2012 5:24:29 AM - System Checkpoint

RP280: 2/28/2012 6:24:16 AM - System Checkpoint

RP281: 2/29/2012 7:51:31 AM - System Checkpoint

RP282: 3/1/2012 8:24:14 AM - System Checkpoint

RP283: 3/2/2012 8:41:59 AM - System Checkpoint

RP284: 3/3/2012 9:42:00 AM - System Checkpoint

RP285: 3/4/2012 10:42:04 AM - System Checkpoint

RP286: 3/5/2012 11:42:03 AM - System Checkpoint

RP287: 3/6/2012 12:42:06 PM - System Checkpoint

RP288: 3/7/2012 1:39:41 PM - System Checkpoint

RP289: 3/8/2012 2:39:44 PM - System Checkpoint

RP290: 3/9/2012 5:52:19 PM - System Checkpoint

RP291: 3/10/2012 7:16:25 PM - System Checkpoint

RP292: 3/11/2012 10:31:02 PM - System Checkpoint

RP293: 3/12/2012 10:35:38 PM - System Checkpoint

RP294: 3/13/2012 11:35:51 PM - System Checkpoint

RP295: 3/14/2012 2:00:26 AM - Software Distribution Service 3.0

RP296: 3/15/2012 2:17:01 AM - System Checkpoint

RP297: 3/16/2012 2:52:50 AM - System Checkpoint

RP298: 3/17/2012 3:17:15 AM - System Checkpoint

RP299: 3/18/2012 4:17:05 AM - System Checkpoint

RP300: 3/19/2012 5:17:07 AM - System Checkpoint

RP301: 3/20/2012 6:17:06 AM - System Checkpoint

RP302: 3/21/2012 6:41:34 AM - System Checkpoint

RP303: 3/22/2012 8:11:40 AM - System Checkpoint

RP304: 3/23/2012 8:41:47 AM - System Checkpoint

RP305: 3/24/2012 10:45:49 AM - System Checkpoint

RP306: 3/25/2012 11:30:13 AM - System Checkpoint

RP307: 3/26/2012 12:20:37 PM - System Checkpoint

.

==== Installed Programs ======================

.

1600

1600_Help

1600Trb

5 Card Slingo from HP Media Center (remove only)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader Korean Fonts

Adobe Reader X (10.0.1)

Adobe Shockwave Player 11.5

AIM 6

AiO_Scan

AiO_Scan_CDA

AiOSoftware

AiOSoftwareNPI

Amazon Add to Wish List IE Extension 1.1

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression for Kodak

AstroPop Deluxe from HP Media Center (remove only)

ATI Control Panel

ATI Display Driver

Audacity 1.2.6

Avira AntiVir Personal - Free Antivirus

Barnyard Invasion from HP Media Center (remove only)

Bejeweled 2 Deluxe from HP Media Center (remove only)

Blackhawk Striker 2 from HP Media Center (remove only)

Blasterball 2 from HP Media Center (remove only)

Blasterball 2 Remix from HP Media Center (remove only)

Boggle Supreme from HP Media Center (remove only)

Bonjour

Bookworm Deluxe from HP Media Center (remove only)

Bounce Symphony from HP Media Center (remove only)

BufferChm

CameraDrivers

Check Point SSL Network Extender Components Shell

Check Point SSL Network Extender Service

Chuzzle Deluxe from HP Media Center (remove only)

Cisco AnyConnect VPN Client

Coupon Printer for Windows

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_LightScribePlugin

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

Crystal Maze from HP Media Center (remove only)

CueTour

Customer Experience Enhancement

Destinations

DeviceManagementQFolder

DISCover

DocProc

DocumentViewer

DocumentViewerQFolder

Dropbox

DWG TrueView 2007

Easy Internet Sign-up

Easy MOV Converter 1.3.7

Enhanced Multimedia Keyboard Solution

ESET Online Scanner v3

Exif Viewer Ver.1.1

Family Feud

Family Tree Maker

Fax

Fax_CDA

Fellowes/NEATO MediaFACE

FMS

Free M4a to MP3 Converter 6.2

GCalc 3

GdiplusUpgrade

GemMaster Mystic

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hallmark Card Studio

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Deskjet Printer Preload

HP DigitalMedia Archive

HP Document Viewer 5.3

HP Game Console and games

HP Image Zone 5.3

HP Image Zone for Media Center PC

HP Imaging Device Functions 5.3

HP Photosmart 330,380,420,470,7800,8000,8200 Series

HP Photosmart Cameras 5.0

HP Product Assistant

HP PSC & OfficeJet 5.3.A

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

HpSdpAppCoreApp

Insaniquarium Deluxe from HP Media Center (remove only)

InstantShareDevices

InterVideo WinDVD Player

Java Auto Updater

Java 6 Update 24

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

K-Lite Codec Pack 4.0.0 (Full)

League of Legends

Lemonade Tycoon 2 from HP Media Center (remove only)

Lexibox Deluxe from HP Media Center (remove only)

LG USB Modem driver

LightScribe 1.4.52.1

Mah Jong Quest from HP Media Center (remove only)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Away Mode

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mp3tag v2.48

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

muvee autoProducer 4.5

muvee autoProducer unPlugged 1.2

NewCopy

NewCopy_CDA

Otto

Pando Media Booster

PanoStandAlone

PC-Doctor 5 for Windows

PenCam SD Manager

PhotoGallery

Picasa 3

Polar Bowler from HP Media Center (remove only)

Polar Golfer from HP Media Center (remove only)

ProductContext

Protected Music Converter 1.0.0.10

PS2

PSPrinters08

PSTAPlugin

Puzzle Express from HP Media Center (remove only)

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QBrew (remove only)

Quicken 2010

QuickTime

RandMap

Readme

RealPlayer

Remove IntelliMover Demo

Ricochet Lost Worlds from HP Media Center (remove only)

Scan

ScannerCopy

SCRABBLE from HP Media Center (remove only)

Screen Cleaner

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shooting Stars Pool from HP Media Center (remove only)

Shrek 2 Ogre Bowler from HP Media Center (remove only)

Sibelius Scorch Plugin

SkinsHP1

Skype Toolbars

Skype™ 4.2

Slingo Deluxe from HP Media Center (remove only)

Snowboard SuperJam from HP Media Center (remove only)

SolutionCenter

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sonic_PrimoSDK

Status

Super Granny from HP Media Center (remove only)

TaxACT 2005

TaxACT 2006

TaxACT 2007

TaxACT 2008

TaxACT 2008 Pennsylvania

TaxACT 2009

TaxACT 2009 Pennsylvania

TaxACT 2010

TaxACT 2010 Pennsylvania

TaxACT 2011 - 1040 Edition

TaxACT 2011 Pennsylvania

TaxACT Pennsylvania 2005

TaxACT Pennsylvania 2006

TaxACT Pennsylvania 2007

Tradewinds from HP Media Center (remove only)

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP (remove only)

V CAST Music with Rhapsody

Visual CADD 4

WD SmartWare

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

WildTangent Web Driver

Winamp (remove only)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live installer

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format Runtime

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Zuma Deluxe from HP Media Center (remove only)

.

==== Event Viewer Messages From Past Week ========

.

3/24/2012 6:52:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde

3/24/2012 10:47:39 PM, error: VolSnap [20] - The shadow copy of volume M: was aborted because of a failed free space computation.

3/20/2012 6:46:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.

3/20/2012 2:38:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vpnagent service.

3/20/2012 2:37:57 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Hi MrC. Thank you for helping me. I ran RogueKiller. Below is the report.

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: HP_Administrator [Admin rights]

Mode: Scan -- Date: 03/27/2012 12:33:03

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] arpwrmsg.exe -- C:\WINDOWS\ARPWRMSG.EXE -> KILLED [TermProc]

[sUSP PATH] prmlt.dll -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : prmlt (rundll32.exe "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll",EnumMCCustomSetNumberRelease) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xF7CEA114)

SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7CEA0CE)

SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xF7CEA11E)

SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7CEA0C4)

SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7CEA0D3)

SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7CEA0DD)

SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xF7CEA10F)

SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7CEA0E2)

SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7CEA0B0)

SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7CEA0B5)

SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7CEA0EC)

SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7CEA0E7)

SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xF7CEA123)

SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7CEA0D8)

SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7CEA0BF)

S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7CEA128)

S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7CEA12D)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

87.229.126.40 www.google.com

87.229.126.41 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2000JD-60KLB0 +++++

--- User ---

[MBR] 263c68a8674ee29e5ccfabab0b247ed4

[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8714 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17848215 | Size: 182056 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and

Under......

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] prmlt.dll -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll -> KILLED [TermProc]

Select this one (uncheck the rest) and choose Delete on the right

-------------------------------------------

and under.....

¤¤¤ Registry Entries: 2 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Run : prmlt (rundll32.exe "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\prmlt.dll",EnumMCCustomSetNumberRelease) -> FOUND

Select this one (uncheck the rest) and choose Delete on the right

-----------------------------------

These are bad:

¤¤¤ HOSTS File: ¤¤¤

87.229.126.40 www.google.com

87.229.126.41 www.bing.com

So click on the HostFix box on the right.

Reboot and let me know if that corrects your problem, MrC

Share this post


Link to post
Share on other sites

Wow! That seemed too easy. No more symptoms. Google and Bing home pages are accessible. Links to search results no longer redirect.

Is there anything else I need to do as a final cleanup?

Share this post


Link to post
Share on other sites

Great, lets just do a quick check for any rootkits:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

27 suspicious files, but none malicious. No prompt to reboot, but I'll do so now. Here's the report:

18:24:49.0828 2224 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

18:24:50.0125 2224 ============================================================

18:24:50.0125 2224 Current date / time: 2012/03/27 18:24:50.0125

18:24:50.0125 2224 SystemInfo:

18:24:50.0125 2224

18:24:50.0125 2224 OS Version: 5.1.2600 ServicePack: 3.0

18:24:50.0125 2224 Product type: Workstation

18:24:50.0125 2224 ComputerName: YOUR-4DACD0EA75

18:24:50.0125 2224 UserName: HP_Administrator

18:24:50.0125 2224 Windows directory: C:\WINDOWS

18:24:50.0125 2224 System windows directory: C:\WINDOWS

18:24:50.0125 2224 Processor architecture: Intel x86

18:24:50.0125 2224 Number of processors: 1

18:24:50.0125 2224 Page size: 0x1000

18:24:50.0125 2224 Boot type: Normal boot

18:24:50.0125 2224 ============================================================

18:24:54.0546 2224 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:24:54.0656 2224 \Device\Harddisk0\DR0:

18:24:54.0656 2224 MBR used

18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1105758

18:24:54.0656 2224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1105797, BlocksNum 0x16394769

18:24:54.0703 2224 Initialize success

18:24:54.0703 2224 ============================================================

18:25:15.0484 0964 ============================================================

18:25:15.0484 0964 Scan started

18:25:15.0484 0964 Mode: Manual; SigCheck; TDLFS;

18:25:15.0484 0964 ============================================================

18:25:15.0875 0964 Abiosdsk - ok

18:25:15.0890 0964 abp480n5 - ok

18:25:16.0062 0964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

18:25:16.0484 0964 ACDaemon - ok

18:25:16.0546 0964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:25:18.0015 0964 ACPI - ok

18:25:18.0156 0964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:25:18.0312 0964 ACPIEC - ok

18:25:18.0328 0964 adpu160m - ok

18:25:18.0390 0964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:25:18.0562 0964 aec - ok

18:25:18.0609 0964 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

18:25:18.0656 0964 Afc - ok

18:25:18.0703 0964 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:25:18.0765 0964 AFD - ok

18:25:18.0781 0964 Aha154x - ok

18:25:18.0796 0964 aic78u2 - ok

18:25:18.0812 0964 aic78xx - ok

18:25:19.0000 0964 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

18:25:19.0718 0964 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning

18:25:19.0718 0964 ALCXWDM - detected UnsignedFile.Multi.Generic (1)

18:25:19.0859 0964 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:25:20.0015 0964 Alerter - ok

18:25:20.0046 0964 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:25:20.0171 0964 ALG - ok

18:25:20.0218 0964 AliIde - ok

18:25:20.0265 0964 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

18:25:20.0312 0964 AmdK8 ( UnsignedFile.Multi.Generic ) - warning

18:25:20.0312 0964 AmdK8 - detected UnsignedFile.Multi.Generic (1)

18:25:20.0328 0964 amsint - ok

18:25:20.0437 0964 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe

18:25:20.0515 0964 AntiVirSchedulerService - ok

18:25:20.0546 0964 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

18:25:20.0578 0964 AntiVirService - ok

18:25:20.0687 0964 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:25:20.0718 0964 Apple Mobile Device - ok

18:25:20.0828 0964 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

18:25:20.0984 0964 AppMgmt - ok

18:25:21.0046 0964 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys

18:25:21.0093 0964 aracpi - ok

18:25:21.0187 0964 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys

18:25:21.0218 0964 ArcCD ( UnsignedFile.Multi.Generic ) - warning

18:25:21.0218 0964 ArcCD - detected UnsignedFile.Multi.Generic (1)

18:25:21.0250 0964 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys

18:25:21.0281 0964 ArcRec ( UnsignedFile.Multi.Generic ) - warning

18:25:21.0281 0964 ArcRec - detected UnsignedFile.Multi.Generic (1)

18:25:21.0312 0964 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys

18:25:21.0375 0964 ArcUdfs ( UnsignedFile.Multi.Generic ) - warning

18:25:21.0375 0964 ArcUdfs - detected UnsignedFile.Multi.Generic (1)

18:25:21.0406 0964 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys

18:25:21.0437 0964 arhidfltr - ok

18:25:21.0531 0964 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys

18:25:21.0562 0964 arkbcfltr - ok

18:25:21.0640 0964 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys

18:25:21.0703 0964 armoucfltr - ok

18:25:21.0765 0964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:25:21.0921 0964 Arp1394 - ok

18:25:21.0968 0964 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys

18:25:22.0015 0964 ARPolicy - ok

18:25:22.0062 0964 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe

18:25:23.0843 0964 ARSVC - ok

18:25:23.0953 0964 asc - ok

18:25:24.0000 0964 asc3350p - ok

18:25:24.0015 0964 asc3550 - ok

18:25:24.0125 0964 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:25:24.0187 0964 aspnet_state - ok

18:25:24.0234 0964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:25:24.0375 0964 AsyncMac - ok

18:25:24.0437 0964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:25:24.0562 0964 atapi - ok

18:25:24.0578 0964 Atdisk - ok

18:25:24.0625 0964 Ati HotKey Poller (d21352bcaab174948eb9672bc203bb0f) C:\WINDOWS\system32\Ati2evxx.exe

18:25:24.0703 0964 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning

18:25:24.0703 0964 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)

18:25:24.0781 0964 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:25:24.0890 0964 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

18:25:24.0890 0964 ati2mtag - detected UnsignedFile.Multi.Generic (1)

18:25:24.0921 0964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:25:25.0062 0964 Atmarpc - ok

18:25:25.0109 0964 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:25:25.0250 0964 AudioSrv - ok

18:25:25.0359 0964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:25:25.0515 0964 audstub - ok

18:25:25.0609 0964 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

18:25:25.0625 0964 avgio - ok

18:25:25.0687 0964 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:25:25.0718 0964 avgntflt - ok

18:25:25.0765 0964 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:25:25.0796 0964 avipbb - ok

18:25:25.0828 0964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:25:25.0984 0964 Beep - ok

18:25:26.0046 0964 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:25:26.0265 0964 BITS - ok

18:25:26.0359 0964 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe

18:25:26.0406 0964 Bonjour Service - ok

18:25:26.0515 0964 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:25:26.0687 0964 Browser - ok

18:25:26.0796 0964 btaudio (74ef010b27a2bf44dd5649dd331899a0) C:\WINDOWS\system32\drivers\btaudio.sys

18:25:26.0890 0964 btaudio ( UnsignedFile.Multi.Generic ) - warning

18:25:26.0890 0964 btaudio - detected UnsignedFile.Multi.Generic (1)

18:25:26.0937 0964 BTDriver (3c7c61c3d0b0f87136ad925ca624dc1c) C:\WINDOWS\system32\DRIVERS\btport.sys

18:25:26.0984 0964 BTDriver ( UnsignedFile.Multi.Generic ) - warning

18:25:26.0984 0964 BTDriver - detected UnsignedFile.Multi.Generic (1)

18:25:27.0046 0964 BTKRNL (515617cc36e7c5bee744b3c62affb4f5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

18:25:27.0218 0964 BTKRNL ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0218 0964 BTKRNL - detected UnsignedFile.Multi.Generic (1)

18:25:27.0359 0964 btwdins (cba04ea1d394951549d26ea2ec3d85e6) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

18:25:27.0421 0964 btwdins ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0421 0964 btwdins - detected UnsignedFile.Multi.Generic (1)

18:25:27.0546 0964 BTWDNDIS (2ccd954aac705aaa98ad7e545bd44efe) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

18:25:27.0593 0964 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0593 0964 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)

18:25:27.0640 0964 btwhid (af60e6ffef11cc9653d5edc0b238893b) C:\WINDOWS\system32\DRIVERS\btwhid.sys

18:25:27.0671 0964 btwhid ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0671 0964 btwhid - detected UnsignedFile.Multi.Generic (1)

18:25:27.0718 0964 btwmodem (a1da2b09932f7ba210174695644f1490) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

18:25:27.0765 0964 btwmodem ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0765 0964 btwmodem - detected UnsignedFile.Multi.Generic (1)

18:25:27.0796 0964 BTWUSB (dceffeeae5672e57dd1343236fbb5763) C:\WINDOWS\system32\Drivers\btwusb.sys

18:25:27.0812 0964 BTWUSB ( UnsignedFile.Multi.Generic ) - warning

18:25:27.0812 0964 BTWUSB - detected UnsignedFile.Multi.Generic (1)

18:25:27.0875 0964 Ca100v (9b908a67f3b344b60cdaaf984ad547d1) C:\WINDOWS\system32\Drivers\Ca100v.sys

18:25:28.0062 0964 Ca100v - ok

18:25:28.0203 0964 catchme - ok

18:25:28.0250 0964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:25:28.0406 0964 cbidf2k - ok

18:25:28.0546 0964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:25:28.0687 0964 CCDECODE - ok

18:25:28.0734 0964 cd20xrnt - ok

18:25:28.0750 0964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:25:28.0906 0964 Cdaudio - ok

18:25:28.0968 0964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:25:29.0093 0964 Cdfs - ok

18:25:29.0140 0964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:25:29.0281 0964 Cdrom - ok

18:25:29.0296 0964 Changer - ok

18:25:29.0343 0964 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:25:29.0484 0964 CiSvc - ok

18:25:29.0531 0964 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:25:29.0671 0964 ClipSrv - ok

18:25:29.0781 0964 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:25:29.0843 0964 clr_optimization_v2.0.50727_32 - ok

18:25:29.0937 0964 CmdIde - ok

18:25:29.0968 0964 COMSysApp - ok

18:25:30.0078 0964 cpextender (7684bc5b9ec71ca29776efa194108df5) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

18:25:30.0156 0964 cpextender ( UnsignedFile.Multi.Generic ) - warning

18:25:30.0156 0964 cpextender - detected UnsignedFile.Multi.Generic (1)

18:25:30.0187 0964 Cpqarray - ok

18:25:30.0203 0964 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:25:30.0343 0964 CryptSvc - ok

18:25:30.0359 0964 dac2w2k - ok

18:25:30.0375 0964 dac960nt - ok

18:25:30.0437 0964 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:25:30.0531 0964 DcomLaunch - ok

18:25:30.0609 0964 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:25:30.0734 0964 Dhcp - ok

18:25:30.0968 0964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:25:31.0125 0964 Disk - ok

18:25:31.0265 0964 dmadmin - ok

18:25:31.0359 0964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:25:31.0609 0964 dmboot - ok

18:25:31.0656 0964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:25:31.0828 0964 dmio - ok

18:25:31.0875 0964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:25:32.0015 0964 dmload - ok

18:25:32.0109 0964 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:25:32.0250 0964 dmserver - ok

18:25:32.0343 0964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:25:32.0484 0964 DMusic - ok

18:25:32.0515 0964 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:25:32.0625 0964 Dnscache - ok

18:25:32.0671 0964 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:25:32.0828 0964 Dot3svc - ok

18:25:32.0843 0964 dpti2o - ok

18:25:32.0890 0964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:25:33.0015 0964 drmkaud - ok

18:25:33.0046 0964 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:25:33.0187 0964 EapHost - ok

18:25:33.0265 0964 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe

18:25:33.0296 0964 ehRecvr - ok

18:25:33.0375 0964 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe

18:25:33.0453 0964 ehSched - ok

18:25:33.0562 0964 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:25:33.0687 0964 ERSvc - ok

18:25:33.0734 0964 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:25:33.0828 0964 Eventlog - ok

18:25:33.0875 0964 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:25:33.0937 0964 EventSystem - ok

18:25:34.0000 0964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:25:34.0125 0964 Fastfat - ok

18:25:34.0171 0964 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:25:34.0250 0964 FastUserSwitchingCompatibility - ok

18:25:34.0328 0964 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

18:25:34.0500 0964 Fax - ok

18:25:34.0562 0964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:25:34.0703 0964 Fdc - ok

18:25:34.0781 0964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:25:34.0921 0964 Fips - ok

18:25:34.0968 0964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:25:35.0125 0964 Flpydisk - ok

18:25:35.0218 0964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:25:35.0375 0964 FltMgr - ok

18:25:35.0484 0964 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:25:35.0531 0964 FontCache3.0.0.0 - ok

18:25:35.0625 0964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:25:35.0781 0964 Fs_Rec - ok

18:25:35.0843 0964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:25:36.0015 0964 Ftdisk - ok

18:25:36.0078 0964 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys

18:25:36.0125 0964 ftsata2 ( UnsignedFile.Multi.Generic ) - warning

18:25:36.0125 0964 ftsata2 - detected UnsignedFile.Multi.Generic (1)

18:25:36.0218 0964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

18:25:36.0234 0964 GEARAspiWDM - ok

18:25:36.0281 0964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:25:36.0406 0964 Gpc - ok

18:25:36.0531 0964 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:25:36.0546 0964 gupdate - ok

18:25:36.0593 0964 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:25:36.0593 0964 gupdatem - ok

18:25:36.0656 0964 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:25:36.0703 0964 gusvc - ok

18:25:36.0781 0964 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:25:36.0921 0964 helpsvc - ok

18:25:36.0968 0964 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

18:25:37.0109 0964 HidServ - ok

18:25:37.0234 0964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:25:37.0375 0964 HidUsb - ok

18:25:37.0453 0964 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:25:37.0625 0964 hkmsvc - ok

18:25:37.0640 0964 hpn - ok

18:25:37.0687 0964 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:25:37.0812 0964 HPZid412 - ok

18:25:37.0828 0964 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:25:37.0906 0964 HPZipr12 - ok

18:25:37.0937 0964 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:25:38.0015 0964 HPZius12 - ok

18:25:38.0062 0964 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:25:38.0140 0964 HSFHWBS2 - ok

18:25:38.0203 0964 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:25:38.0375 0964 HSF_DP - ok

18:25:38.0531 0964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:25:38.0593 0964 HTTP - ok

18:25:38.0640 0964 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:25:38.0781 0964 HTTPFilter - ok

18:25:38.0796 0964 i2omgmt - ok

18:25:38.0812 0964 i2omp - ok

18:25:38.0859 0964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:25:39.0000 0964 i8042prt - ok

18:25:39.0078 0964 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys

18:25:39.0250 0964 iaStor ( UnsignedFile.Multi.Generic ) - warning

18:25:39.0250 0964 iaStor - detected UnsignedFile.Multi.Generic (1)

18:25:39.0406 0964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

18:25:39.0468 0964 IDriverT ( UnsignedFile.Multi.Generic ) - warning

18:25:39.0468 0964 IDriverT - detected UnsignedFile.Multi.Generic (1)

18:25:39.0687 0964 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:25:39.0906 0964 idsvc - ok

18:25:40.0031 0964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:25:40.0171 0964 Imapi - ok

18:25:40.0234 0964 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:25:40.0343 0964 ImapiService - ok

18:25:40.0359 0964 ini910u - ok

18:25:40.0375 0964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:25:40.0500 0964 IntelIde - ok

18:25:40.0578 0964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:25:40.0703 0964 intelppm - ok

18:25:40.0750 0964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:25:40.0875 0964 Ip6Fw - ok

18:25:40.0921 0964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:25:41.0078 0964 IpFilterDriver - ok

18:25:41.0125 0964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:25:41.0250 0964 IpInIp - ok

18:25:41.0296 0964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:25:41.0421 0964 IpNat - ok

18:25:41.0468 0964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:25:41.0593 0964 IPSec - ok

18:25:41.0625 0964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:25:41.0734 0964 IRENUM - ok

18:25:41.0812 0964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:25:41.0953 0964 isapnp - ok

18:25:41.0968 0964 ivusb - ok

18:25:42.0093 0964 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe

18:25:42.0140 0964 JavaQuickStarterService - ok

18:25:42.0187 0964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:25:42.0312 0964 Kbdclass - ok

18:25:42.0343 0964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:25:42.0468 0964 kbdhid - ok

18:25:42.0500 0964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:25:42.0609 0964 kmixer - ok

18:25:42.0656 0964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:25:42.0750 0964 KSecDD - ok

18:25:42.0796 0964 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:25:42.0859 0964 lanmanserver - ok

18:25:42.0890 0964 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:25:42.0968 0964 lanmanworkstation - ok

18:25:43.0046 0964 lbrtfdc - ok

18:25:43.0156 0964 LightScribeService (6e68e520e6f2f5dce97a9ff947038769) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

18:25:43.0203 0964 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

18:25:43.0203 0964 LightScribeService - detected UnsignedFile.Multi.Generic (1)

18:25:43.0265 0964 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:25:43.0406 0964 LmHosts - ok

18:25:43.0484 0964 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe

18:25:43.0546 0964 McrdSvc - ok

18:25:43.0562 0964 MCSTRM - ok

18:25:43.0625 0964 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

18:25:43.0671 0964 MDM - ok

18:25:43.0703 0964 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:25:43.0765 0964 mdmxsdk - ok

18:25:43.0796 0964 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:25:43.0953 0964 Messenger - ok

18:25:44.0031 0964 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll

18:25:44.0140 0964 MHN ( UnsignedFile.Multi.Generic ) - warning

18:25:44.0140 0964 MHN - detected UnsignedFile.Multi.Generic (1)

18:25:44.0250 0964 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

18:25:44.0296 0964 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

18:25:44.0296 0964 MHNDRV - detected UnsignedFile.Multi.Generic (1)

18:25:44.0359 0964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:25:44.0515 0964 mnmdd - ok

18:25:44.0546 0964 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:25:44.0671 0964 mnmsrvc - ok

18:25:44.0718 0964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:25:44.0828 0964 Modem - ok

18:25:44.0843 0964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:25:44.0984 0964 Mouclass - ok

18:25:45.0015 0964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:25:45.0203 0964 mouhid - ok

18:25:45.0250 0964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:25:45.0390 0964 MountMgr - ok

18:25:45.0406 0964 mraid35x - ok

18:25:45.0437 0964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:25:45.0578 0964 MRxDAV - ok

18:25:45.0640 0964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:25:45.0828 0964 MRxSmb - ok

18:25:45.0906 0964 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:25:46.0031 0964 MSDTC - ok

18:25:46.0140 0964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:25:46.0265 0964 Msfs - ok

18:25:46.0281 0964 MSIServer - ok

18:25:46.0328 0964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:25:46.0453 0964 MSKSSRV - ok

18:25:46.0484 0964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:25:46.0609 0964 MSPCLOCK - ok

18:25:46.0656 0964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:25:46.0781 0964 MSPQM - ok

18:25:46.0828 0964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:25:46.0937 0964 mssmbios - ok

18:25:46.0984 0964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:25:47.0125 0964 MSTEE - ok

18:25:47.0156 0964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:25:47.0203 0964 Mup - ok

18:25:47.0234 0964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:25:47.0359 0964 NABTSFEC - ok

18:25:47.0453 0964 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:25:47.0687 0964 napagent - ok

18:25:47.0796 0964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:25:47.0937 0964 NDIS - ok

18:25:48.0000 0964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:25:48.0125 0964 NdisIP - ok

18:25:48.0171 0964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:25:48.0234 0964 NdisTapi - ok

18:25:48.0281 0964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:25:48.0453 0964 Ndisuio - ok

18:25:48.0515 0964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:25:48.0640 0964 NdisWan - ok

18:25:48.0687 0964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:25:48.0750 0964 NDProxy - ok

18:25:48.0828 0964 NEOFLTR_600_14137 (8624b03dc85183f1dcf8432c502cbcf4) C:\WINDOWS\system32\Drivers\NEOFLTR_600_14137.SYS

18:25:48.0859 0964 NEOFLTR_600_14137 - ok

18:25:48.0937 0964 NEOFLTR_700_17289 (21795b5ee8f96d094ed4e6b87ad31895) C:\WINDOWS\system32\Drivers\NEOFLTR_700_17289.SYS

18:25:48.0953 0964 NEOFLTR_700_17289 - ok

18:25:49.0031 0964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:25:49.0171 0964 NetBIOS - ok

18:25:49.0203 0964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:25:49.0343 0964 NetBT - ok

18:25:49.0375 0964 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:25:49.0515 0964 NetDDE - ok

18:25:49.0531 0964 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:25:49.0625 0964 NetDDEdsdm - ok

18:25:49.0687 0964 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:25:49.0812 0964 Netlogon - ok

18:25:49.0843 0964 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:25:49.0953 0964 Netman - ok

18:25:50.0078 0964 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:25:50.0125 0964 NetTcpPortSharing - ok

18:25:50.0203 0964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:25:50.0312 0964 NIC1394 - ok

18:25:50.0406 0964 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:25:50.0421 0964 Nla - ok

18:25:50.0484 0964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:25:50.0625 0964 Npfs - ok

18:25:50.0687 0964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:25:50.0906 0964 Ntfs - ok

18:25:50.0953 0964 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:25:51.0062 0964 NtLmSsp - ok

18:25:51.0109 0964 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:25:51.0312 0964 NtmsSvc - ok

18:25:51.0359 0964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:25:51.0515 0964 Null - ok

18:25:51.0546 0964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:25:51.0687 0964 NwlnkFlt - ok

18:25:51.0718 0964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:25:51.0875 0964 NwlnkFwd - ok

18:25:51.0906 0964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:25:52.0031 0964 ohci1394 - ok

18:25:52.0078 0964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:25:52.0203 0964 Parport - ok

18:25:52.0281 0964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:25:52.0406 0964 PartMgr - ok

18:25:52.0421 0964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:25:52.0593 0964 ParVdm - ok

18:25:52.0625 0964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:25:52.0765 0964 PCI - ok

18:25:52.0781 0964 PCIDump - ok

18:25:52.0828 0964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:25:52.0984 0964 PCIIde - ok

18:25:53.0031 0964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:25:53.0171 0964 Pcmcia - ok

18:25:53.0187 0964 PDCOMP - ok

18:25:53.0203 0964 PDFRAME - ok

18:25:53.0218 0964 PDRELI - ok

18:25:53.0234 0964 PDRFRAME - ok

18:25:53.0250 0964 perc2 - ok

18:25:53.0265 0964 perc2hib - ok

18:25:53.0343 0964 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:25:53.0578 0964 PlugPlay - ok

18:25:53.0718 0964 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

18:25:53.0781 0964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:25:53.0781 0964 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:25:53.0859 0964 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:25:53.0968 0964 PolicyAgent - ok

18:25:54.0046 0964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:25:54.0171 0964 PptpMiniport - ok

18:25:54.0203 0964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:25:54.0312 0964 Processor - ok

18:25:54.0328 0964 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:25:54.0437 0964 ProtectedStorage - ok

18:25:54.0484 0964 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

18:25:54.0531 0964 Ps2 - ok

18:25:54.0546 0964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:25:54.0687 0964 PSched - ok

18:25:54.0734 0964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:25:54.0875 0964 Ptilink - ok

18:25:54.0921 0964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:25:54.0953 0964 PxHelp20 - ok

18:25:55.0000 0964 ql1080 - ok

18:25:55.0015 0964 Ql10wnt - ok

18:25:55.0031 0964 ql12160 - ok

18:25:55.0046 0964 ql1240 - ok

18:25:55.0062 0964 ql1280 - ok

18:25:55.0078 0964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:25:55.0234 0964 RasAcd - ok

18:25:55.0281 0964 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:25:55.0421 0964 RasAuto - ok

18:25:55.0453 0964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:25:55.0593 0964 Rasl2tp - ok

18:25:55.0640 0964 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:25:55.0765 0964 RasMan - ok

18:25:55.0828 0964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:25:55.0953 0964 RasPppoe - ok

18:25:55.0984 0964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:25:56.0140 0964 Raspti - ok

18:25:56.0187 0964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:25:56.0328 0964 Rdbss - ok

18:25:56.0375 0964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:25:56.0531 0964 RDPCDD - ok

18:25:56.0562 0964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:25:56.0718 0964 rdpdr - ok

18:25:56.0812 0964 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:25:56.0921 0964 RDPWD - ok

18:25:57.0031 0964 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:25:57.0171 0964 RDSessMgr - ok

18:25:57.0250 0964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:25:57.0375 0964 redbook - ok

18:25:57.0421 0964 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:25:57.0546 0964 RemoteAccess - ok

18:25:57.0593 0964 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

18:25:57.0734 0964 RemoteRegistry - ok

18:25:57.0765 0964 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:25:57.0937 0964 RpcLocator - ok

18:25:58.0000 0964 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

18:25:58.0093 0964 RpcSs - ok

18:25:58.0171 0964 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:25:58.0390 0964 RSVP - ok

18:25:58.0453 0964 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

18:25:58.0515 0964 RTL8023xp - ok

18:25:58.0546 0964 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

18:25:58.0625 0964 rtl8139 - ok

18:25:58.0656 0964 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:25:58.0750 0964 SamSs - ok

18:25:58.0781 0964 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:25:58.0921 0964 SCardSvr - ok

18:25:58.0984 0964 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:25:59.0125 0964 Schedule - ok

18:25:59.0187 0964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:25:59.0312 0964 Secdrv - ok

18:25:59.0359 0964 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:25:59.0468 0964 seclogon - ok

18:25:59.0500 0964 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:25:59.0609 0964 SENS - ok

18:25:59.0687 0964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:25:59.0812 0964 Serial - ok

18:25:59.0875 0964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:26:00.0000 0964 Sfloppy - ok

18:26:00.0062 0964 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:26:00.0218 0964 SharedAccess - ok

18:26:00.0281 0964 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:26:00.0296 0964 ShellHWDetection - ok

18:26:00.0343 0964 Simbad - ok

18:26:00.0390 0964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:26:00.0515 0964 SLIP - ok

18:26:00.0531 0964 Sparrow - ok

18:26:00.0578 0964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:26:00.0687 0964 splitter - ok

18:26:00.0750 0964 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:26:00.0812 0964 Spooler - ok

18:26:00.0890 0964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:26:01.0015 0964 sr - ok

18:26:01.0109 0964 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:26:01.0250 0964 srservice - ok

18:26:01.0296 0964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:26:01.0421 0964 Srv - ok

18:26:01.0453 0964 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:26:01.0609 0964 SSDPSRV - ok

18:26:01.0781 0964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

18:26:01.0859 0964 ssmdrv - ok

18:26:01.0906 0964 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:26:02.0125 0964 stisvc - ok

18:26:02.0187 0964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:26:02.0328 0964 streamip - ok

18:26:02.0375 0964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:26:02.0515 0964 swenum - ok

18:26:02.0562 0964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:26:02.0687 0964 swmidi - ok

18:26:02.0703 0964 SwPrv - ok

18:26:02.0718 0964 symc810 - ok

18:26:02.0734 0964 symc8xx - ok

18:26:02.0750 0964 sym_hi - ok

18:26:02.0765 0964 sym_u3 - ok

18:26:02.0796 0964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:26:02.0937 0964 sysaudio - ok

18:26:02.0984 0964 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:26:03.0234 0964 SysmonLog - ok

18:26:03.0281 0964 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:26:03.0406 0964 TapiSrv - ok

18:26:03.0468 0964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:26:03.0531 0964 Tcpip - ok

18:26:03.0609 0964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:26:03.0750 0964 TDPIPE - ok

18:26:03.0781 0964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:26:03.0906 0964 TDTCP - ok

18:26:03.0968 0964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:26:04.0093 0964 TermDD - ok

18:26:04.0140 0964 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:26:04.0296 0964 TermService - ok

18:26:04.0343 0964 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:26:04.0359 0964 Themes - ok

18:26:04.0390 0964 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

18:26:04.0515 0964 TlntSvr - ok

18:26:04.0562 0964 TosIde - ok

18:26:04.0625 0964 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:26:04.0750 0964 TrkWks - ok

18:26:04.0812 0964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:26:04.0953 0964 Udfs - ok

18:26:04.0984 0964 ultra - ok

18:26:05.0000 0964 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe

18:26:05.0062 0964 UMWdf - ok

18:26:05.0125 0964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:26:05.0296 0964 Update - ok

18:26:05.0343 0964 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:26:05.0484 0964 upnphost - ok

18:26:05.0515 0964 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:26:05.0640 0964 UPS - ok

18:26:05.0687 0964 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:26:05.0765 0964 USBAAPL - ok

18:26:05.0843 0964 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

18:26:05.0937 0964 usbbus - ok

18:26:06.0031 0964 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk100.sys

18:26:06.0078 0964 USBCamera - ok

18:26:06.0140 0964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:26:06.0265 0964 usbccgp - ok

18:26:06.0312 0964 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

18:26:06.0359 0964 UsbDiag - ok

18:26:06.0406 0964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:26:06.0546 0964 usbehci - ok

18:26:06.0578 0964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:26:06.0750 0964 usbhub - ok

18:26:06.0828 0964 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

18:26:06.0875 0964 USBModem - ok

18:26:06.0968 0964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:26:07.0078 0964 usbohci - ok

18:26:07.0125 0964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:26:07.0234 0964 usbprint - ok

18:26:07.0312 0964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:26:07.0437 0964 usbscan - ok

18:26:07.0468 0964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:26:07.0578 0964 usbstor - ok

18:26:07.0640 0964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:26:07.0765 0964 usbuhci - ok

18:26:07.0812 0964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:26:07.0937 0964 VgaSave - ok

18:26:07.0984 0964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:26:08.0109 0964 ViaIde - ok

18:26:08.0156 0964 VNA (3bb079ac39b37b257a88e68116808069) C:\WINDOWS\system32\DRIVERS\vna.sys

18:26:08.0203 0964 VNA - ok

18:26:08.0250 0964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:26:08.0375 0964 VolSnap - ok

18:26:08.0453 0964 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

18:26:08.0546 0964 vpnagent - ok

18:26:08.0671 0964 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys

18:26:08.0703 0964 vpnva - ok

18:26:08.0765 0964 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:26:08.0937 0964 VSS - ok

18:26:09.0000 0964 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:26:09.0125 0964 W32Time - ok

18:26:09.0156 0964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:26:09.0312 0964 Wanarp - ok

18:26:09.0359 0964 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

18:26:09.0437 0964 WDC_SAM - ok

18:26:09.0546 0964 WDDMService (5ae4bfd04563afe55a0f666da23f252f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

18:26:09.0578 0964 WDDMService ( UnsignedFile.Multi.Generic ) - warning

18:26:09.0578 0964 WDDMService - detected UnsignedFile.Multi.Generic (1)

18:26:09.0625 0964 WDFME (f1361e91bc6e118a6ed0480ba60eab39) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

18:26:09.0718 0964 WDFME ( UnsignedFile.Multi.Generic ) - warning

18:26:09.0718 0964 WDFME - detected UnsignedFile.Multi.Generic (1)

18:26:09.0812 0964 WDICA - ok

18:26:09.0859 0964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:26:10.0000 0964 wdmaud - ok

18:26:10.0015 0964 WDSC (637cd767a88938560e8ee26572080729) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

18:26:10.0140 0964 WDSC ( UnsignedFile.Multi.Generic ) - warning

18:26:10.0140 0964 WDSC - detected UnsignedFile.Multi.Generic (1)

18:26:10.0203 0964 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:26:10.0343 0964 WebClient - ok

18:26:10.0421 0964 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:26:10.0546 0964 winachsf - ok

18:26:10.0609 0964 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:26:10.0750 0964 winmgmt - ok

18:26:10.0843 0964 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe

18:26:10.0937 0964 WLSetupSvc - ok

18:26:11.0015 0964 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll

18:26:11.0062 0964 WmdmPmSN - ok

18:26:11.0140 0964 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

18:26:11.0250 0964 Wmi - ok

18:26:11.0296 0964 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:26:11.0453 0964 WmiApSrv - ok

18:26:11.0531 0964 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys

18:26:11.0578 0964 WpdUsb - ok

18:26:11.0625 0964 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:26:11.0781 0964 WS2IFSL - ok

18:26:11.0812 0964 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

18:26:11.0953 0964 wscsvc - ok

18:26:12.0000 0964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:26:12.0125 0964 WSTCODEC - ok

18:26:12.0218 0964 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:26:12.0343 0964 wuauserv - ok

18:26:12.0406 0964 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:26:12.0578 0964 WZCSVC - ok

18:26:12.0609 0964 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:26:12.0750 0964 xmlprov - ok

18:26:12.0796 0964 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0

18:26:12.0875 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:26:12.0875 0964 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:26:12.0875 0964 Boot (0x1200) (24cfe822ba3421ec6520f040f536559e) \Device\Harddisk0\DR0\Partition0

18:26:12.0875 0964 \Device\Harddisk0\DR0\Partition0 - ok

18:26:12.0875 0964 Boot (0x1200) (f9144b3a6772d7992b16247922b7cffb) \Device\Harddisk0\DR0\Partition1

18:26:12.0890 0964 \Device\Harddisk0\DR0\Partition1 - ok

18:26:12.0890 0964 ============================================================

18:26:12.0890 0964 Scan finished

18:26:12.0890 0964 ============================================================

18:26:13.0031 2348 Detected object count: 27

18:26:13.0031 2348 Actual detected object count: 27

18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 ArcCD ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 ArcRec ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 ArcUdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0828 2348 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 btwhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 cpextender ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 ftsata2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0843 2348 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user

18:27:02.0859 2348 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:27:02.0859 2348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Share this post


Link to post
Share on other sites

They are OK, just unsigned files.

If everything is OK.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

So far, so good. I have a WD external HD that I unplugged when I started this cleanup. Can I just plug it back in, or should I do something to ensure it's clean too?

Share this post


Link to post
Share on other sites

It should be OK to plug back in, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.