Sign in to follow this  
Followers 0
Tobez

Google redirection

12 posts in this topic

I keep getting redirected to different website when i click on google search result links.

Share this post


Link to post
Share on other sites

Can someone advise me in which files need to be deleted:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:13:31 PM, on 1/06/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DebugDiag\DbgSvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Citrix\ICA Client\redirector.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files\mRemoteNG\mRemoteNG.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Citrix\AuthManager\AuthManSvr.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wam-isa.winaust.com.au:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Microsoft Web Recorder Helper - {06D7D698-1ECD-407F-A1C9-EFA54860490A} - C:\Program Files\System Center Operations Manager 2007\Microsoft.Mom.RecorderBarBHO.dll

O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

O4 - HKLM\..\Run: [bsmeli] rundll32.exe "C:\DOCUME~1\DANIEL~1.RUS\LOCALS~1\Temp\bsmeli.dll",EnumShootingModeRelease

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [self-service] C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe -logonreconnectapps

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Citrix Receiver.lnk = C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

O4 - Startup: Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://mail.hyaline.com.au

O15 - Trusted Zone: http://access.nuvo.net.au

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mmn-sa.webex.com/client/v_mywebex-mmninteg/mywebex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://meeting.jtac.juniper.net/dana-cached/sc/JuniperSetupClient.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = winaust.com.au

O17 - HKLM\Software\..\Telephony: DomainName = winaust.com.au

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = winaust.com.au

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = asia.ad.nsk.com,wesley.org.au,winaust.com.au,corp.ewtipping.org.au

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = asia.ad.nsk.com,wesley.org.au,winaust.com.au,corp.ewtipping.org.au

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\822\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DANIEL~1.RUS/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif

--

End of file - 13565 bytes

Share this post


Link to post
Share on other sites

Hello Tobez and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post both log files in your next reply.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • DDS log file with Attach.txt

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.03.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Toby.Srira :: DANIEL-DT-MELB1 [administrator]

4/06/2012 9:39:34 AM

mbam-log-2012-06-04 (09-39-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 324946

Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 16

HKCR\CrossriderApp0003491.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 750d6f4a9d8616d0dc8a593c495a1387 -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|bsmeli (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\DANIEL~1.RUS\LOCALS~1\Temp\bsmeli.dll",EnumShootingModeRelease -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\Daniel.Russell\Local Settings\temp\bsmeli.dll (Trojan.Agent.LTGen) -> Delete on reboot.

C:\Program Files\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Toby.Srira at 11:04:41 on 2012-06-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1286 [GMT 10:00]

.

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {47418616-1C2D-4CB8-A2CB-580447D52A43}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DebugDiag\DbgSvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Citrix\ICA Client\redirector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\DOWNLO~1\MyWebEx\429\mwmPad.exe

C:\WINDOWS\DOWNLO~1\MyWebEx\429\mwmstd.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = wam-isa.winaust.com.au:8080

uInternet Settings,ProxyOverride = *.local;<local>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Microsoft Web Recorder Helper: {06d7d698-1ecd-407f-a1c9-efa54860490a} - c:\program files\system center operations manager 2007\Microsoft.Mom.RecorderBarBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: CtxIEInterceptorBHO Class: {2c4631ff-5cc8-4ebc-a0df-34c92291759e} - c:\program files\citrix\ica client\IEInterceptor.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Web Recorder: {09f5d5a0-7d28-49e2-b238-a9353829cf64} - mscoree.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [self-service] c:\program files\citrix\selfserviceplugin\SelfService.exe -logonreconnectapps

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\redirector.exe" /startup

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\selfserviceplugin\SelfServicePlugin.exe

StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE

StartupFolder: c:\docume~1\daniel~1.rus\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: cisco.com\www

Trusted Zone: dccs.com.au\citrix

Trusted Zone: hyaline.com.au\mail

Trusted Zone: mfb.com.au\access

Trusted Zone: midas.com.au\www.mail

Trusted Zone: nuvo.net.au\access

Trusted Zone: partnerelearning.com\cisco

Trusted Zone: trendmicro.com\www.olr

Trusted Zone: trintiymanor.com.au\apps

Trusted Zone: winaust.com.au.\access

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mmn-sa.webex.com/client/v_mywebex-mmninteg/mywebex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://meeting.jtac.juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.53.10 192.168.50.10

TCP: Interfaces\{2EAD2C19-31F8-4241-91F1-65AFE27BEFF8} : DhcpNameServer = 192.168.53.10 192.168.50.10

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\822\G2AWinLogon.dll

AppInit_DLLs: c:\progra~1\citrix\icacli~1\RSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\daniel.russell\application data\mozilla\firefox\profiles\knwz8z9u.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.ftp - wam-isa

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - wam-isa

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - wam-isa

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - wam-isa

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - wam-isa

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\citrix\ica client\npicaN.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Mozilla Safe Browsing: {E1B28275-94B0-11E1-826D-B8AC6F996F26} - c:\documents and settings\daniel.russell\local settings\application data\{E1B28275-94B0-11E1-826D-B8AC6F996F26}

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 66776]

R2 DbgSvc;Debug Diagnostic Service;c:\program files\debugdiag\DbgSvc.exe [2007-1-16 316256]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-5-24 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-6-10 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-6-10 36624]

S1 RapportBuka;RapportBuka;\??\c:\windows\system32\drivers\rapportbuka.sys --> c:\windows\system32\drivers\RapportBuka.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-11 257696]

S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-4-19 6656]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-26 136176]

S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-7-15 689416]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [2009-5-8 269696]

.

=============== Created Last 30 ================

.

2012-05-29 00:14:04 -------- d-----w- c:\documents and settings\daniel.russell\application data\Felix_Deimel

2012-05-29 00:11:17 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\mRemoteNG

2012-05-29 00:11:17 -------- d-----w- c:\documents and settings\daniel.russell\application data\mRemoteNG

2012-05-29 00:11:13 -------- d-----w- c:\documents and settings\daniel.russell\AppData

2012-05-29 00:11:03 -------- d-----w- c:\program files\mRemoteNG

2012-05-14 04:22:40 -------- d-----w- c:\program files\WebEx

2012-05-11 05:17:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-11 00:22:32 388096 ----a-r- c:\documents and settings\daniel.russell\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-10 04:32:08 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\Vid-Saver

2012-05-10 04:32:00 -------- d-----w- c:\program files\Vid-Saver

2012-05-10 04:31:53 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\CRE

2012-05-10 04:31:27 -------- d-----w- c:\program files\Conduit

2012-05-10 04:31:24 -------- d-----w- c:\documents and settings\daniel.russell\local settings\application data\Conduit

2012-05-10 04:31:06 -------- d-----w- c:\program files\BitTorrent

2012-05-10 04:30:09 -------- d-----w- c:\documents and settings\daniel.russell\application data\BitTorrent

2012-05-08 23:49:39 102400 ----a-w- c:\windows\RegBootClean.exe

2012-05-08 23:47:09 -------- d-----w- C:\e468781bcccbc4ce20dac6b493

2012-05-08 03:40:37 398704 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll

2012-05-08 03:40:37 345456 ----a-w- c:\windows\system32\dsNcCredProv.dll

2012-05-08 03:40:07 -------- d-----w- c:\program files\Juniper Networks

.

==================== Find3M ====================

.

2012-05-24 06:25:49 103272 ----a-w- c:\documents and settings\daniel.russell\GoToAssistDownloadHelper.exe

2012-05-11 05:17:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-08 23:49:39 22032 ----a-w- c:\windows\DCEBoot.exe

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-08 02:08:44 60304 ----a-w- c:\documents and settings\daniel.russell\g2mdlhlpx.exe

.

============= FINISH: 11:06:26.12 ===============

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/02/2010 2:55:33 PM

System Uptime: 4/06/2012 10:54:49 AM (1 hours ago)

.

Motherboard: Acer | | M945G

Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2793/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 24.648 GiB free.

D: is CDROM ()

G: is CDROM ()

H: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.

I: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.

O: is NetworkDisk (NTFS) - 7317 GiB total, 175.442 GiB free.

S: is NetworkDisk (NTFS) - 120 GiB total, 8.002 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP229: 20/03/2012 3:35:04 PM - Removed Citrix Access Gateway Plugin

RP230: 20/03/2012 3:35:38 PM - Removed Citrix Access Gateway Plugin

RP231: 20/03/2012 3:37:23 PM - Removed Citrix Access Gateway Plugin

RP232: 20/03/2012 3:40:23 PM - Removed Citrix Access Gateway Plugin

RP233: 22/03/2012 1:16:50 PM - System Checkpoint

RP234: 23/03/2012 1:19:14 PM - System Checkpoint

RP235: 26/03/2012 12:49:15 PM - System Checkpoint

RP236: 28/03/2012 1:10:23 PM - System Checkpoint

RP237: 29/03/2012 5:04:54 PM - Software Distribution Service 3.0

RP238: 2/04/2012 9:53:44 AM - Installed Windows Internet Explorer 8.

RP239: 3/04/2012 2:59:24 PM - System Checkpoint

RP240: 10/04/2012 5:14:05 PM - System Checkpoint

RP241: 13/04/2012 1:36:09 PM - System Checkpoint

RP242: 13/04/2012 4:57:37 PM - Software Distribution Service 3.0

RP243: 17/04/2012 8:53:52 AM - System Checkpoint

RP244: 18/04/2012 12:42:31 PM - System Checkpoint

RP245: 19/04/2012 1:23:00 PM - System Checkpoint

RP246: 20/04/2012 5:31:58 PM - Software Distribution Service 3.0

RP247: 24/04/2012 1:14:03 PM - System Checkpoint

RP248: 26/04/2012 1:00:04 PM - System Checkpoint

RP249: 1/05/2012 8:50:41 AM - System Checkpoint

RP250: 4/05/2012 1:21:00 PM - System Checkpoint

RP251: 7/05/2012 12:42:15 PM - System Checkpoint

RP252: 9/05/2012 3:17:25 PM - System Checkpoint

RP253: 10/05/2012 5:08:38 PM - Software Distribution Service 3.0

RP254: 11/05/2012 10:22:28 AM - Installed HiJackThis

RP255: 11/05/2012 1:08:13 PM - Software Distribution Service 3.0

RP256: 11/05/2012 3:16:47 PM - Removed Ask Toolbar.

RP257: 11/05/2012 3:18:11 PM - Removed Skype Toolbars

RP258: 11/05/2012 4:55:41 PM - Software Distribution Service 3.0

RP259: 16/05/2012 1:32:29 PM - System Checkpoint

RP260: 17/05/2012 4:31:55 PM - System Checkpoint

RP261: 18/05/2012 4:54:12 PM - System Checkpoint

RP262: 25/05/2012 1:04:51 PM - System Checkpoint

RP263: 28/05/2012 12:19:51 PM - System Checkpoint

RP264: 30/05/2012 9:07:59 AM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 4.65

Access Management Console

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AviSynth 2.5

BitTorrent

Bonjour

Cisco Packet Tracer 5.2.1

Citrix Authentication Manager

Citrix Receiver

Citrix Receiver (HDX Flash Redirection)

Citrix Receiver Inside

Citrix Receiver(Aero)

Citrix Receiver(DV)

Citrix Receiver(USB)

CutePDF Writer 2.8

Debug Diagnostics Tool 1.1 (x86)

DisplayFusion 3.2.0

Google Apps Migration For Microsoft Outlook® 2.3.12.34

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

GoToMeeting 5.1.0.874

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB969084)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImgBurn

Java Auto Updater

Java 6 Update 26

Juniper Networks Network Connect 6.5.0

Juniper Networks Secure Meeting 7.0.0

Juniper Networks Setup Client

Junk Mail filter update

Karen's Directory Printer

Kyocera Address Editor

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft CRM

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Press Training Kit Exam Prep Suite 70-648 and 70-649

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.6.23)

mRemote

mRemoteNG

MSVCRT

MSXML 6 Service Pack 2 (KB973686)

MuvEnum Address Bar - Windows Explorer Extension

Notepad++

NVIDIA Control Panel 266.58

NVIDIA Graphics Driver 266.58

NVIDIA Install Application

NVIDIA nView 135.50

NVIDIA nView Desktop Manager

office Convert Pdf to Jpg Jpeg Tiff Free 6.4

OGA Notifier 2.0.0048.0

Online Plug-in

PowerISO

QuickTime

QuorumSoft Alike

Realtek High Definition Audio Driver

ScrewDrivers Client v4 (rdp only)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Self-service Plug-in

SIW version 2011.10.29

System Center Operations Manager 2007 R2

System Center Operations Manager 2007 R2 Authoring Console

System Center Operations Manager 2007 R2 Authoring Resource Kit

System Requirements Lab

SystemCenter Operations Manager 2007 R2 Admin Reskit

TeamViewer 7

TreeSize Free V2.5

Trend Micro OfficeScan Client

TrueCrypt

UltraISO Premium V9.2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2362765)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2264107)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Vid-Saver

Videora iPhone Converter 6

VLC media player 1.1.4

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows Presentation Foundation

Windows Resource Kit Tools

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows Search 4.0

Windows Server 2003 Administration Tools Pack

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

Please uninstall BitTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

15:16:00.0741 4668 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

15:16:02.0335 4668 ============================================================

15:16:02.0335 4668 Current date / time: 2012/06/05 15:16:02.0335

15:16:02.0335 4668 SystemInfo:

15:16:02.0335 4668

15:16:02.0335 4668 OS Version: 5.1.2600 ServicePack: 3.0

15:16:02.0335 4668 Product type: Workstation

15:16:02.0335 4668 ComputerName: DANIEL-DT-MELB1

15:16:02.0335 4668 UserName: toby.srira

15:16:02.0335 4668 Windows directory: C:\WINDOWS

15:16:02.0335 4668 System windows directory: C:\WINDOWS

15:16:02.0335 4668 Processor architecture: Intel x86

15:16:02.0335 4668 Number of processors: 2

15:16:02.0335 4668 Page size: 0x1000

15:16:02.0335 4668 Boot type: Normal boot

15:16:02.0335 4668 ============================================================

15:16:05.0085 4668 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:16:05.0100 4668 ============================================================

15:16:05.0100 4668 \Device\Harddisk0\DR0:

15:16:05.0100 4668 MBR partitions:

15:16:05.0100 4668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

15:16:05.0100 4668 ============================================================

15:16:05.0147 4668 C: <-> \Device\Harddisk0\DR0\Partition0

15:16:05.0147 4668 ============================================================

15:16:05.0147 4668 Initialize success

15:16:05.0147 4668 ============================================================

15:16:30.0303 1876 ============================================================

15:16:30.0303 1876 Scan started

15:16:30.0303 1876 Mode: Manual; SigCheck; TDLFS;

15:16:30.0303 1876 ============================================================

15:16:30.0631 1876 Abiosdsk - ok

15:16:30.0631 1876 abp480n5 - ok

15:16:30.0694 1876 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:16:31.0131 1876 ACPI - ok

15:16:31.0163 1876 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:16:31.0350 1876 ACPIEC - ok

15:16:31.0444 1876 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:16:31.0506 1876 AdobeFlashPlayerUpdateSvc - ok

15:16:31.0522 1876 adpu160m - ok

15:16:31.0569 1876 AdtAgent (df14027c120e9c54c8e850d326f047a6) C:\WINDOWS\system32\AdtAgent.exe

15:16:31.0631 1876 AdtAgent - ok

15:16:31.0694 1876 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:16:31.0928 1876 aec - ok

15:16:31.0960 1876 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:16:32.0053 1876 AFD - ok

15:16:32.0069 1876 Aha154x - ok

15:16:32.0085 1876 aic78u2 - ok

15:16:32.0100 1876 aic78xx - ok

15:16:32.0147 1876 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:16:32.0319 1876 Alerter - ok

15:16:32.0335 1876 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:16:32.0522 1876 ALG - ok

15:16:32.0538 1876 AliIde - ok

15:16:32.0538 1876 amsint - ok

15:16:32.0678 1876 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:16:32.0725 1876 Apple Mobile Device - ok

15:16:32.0756 1876 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:16:32.0944 1876 AppMgmt - ok

15:16:32.0944 1876 asc - ok

15:16:32.0944 1876 asc3350p - ok

15:16:32.0960 1876 asc3550 - ok

15:16:33.0100 1876 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:16:33.0178 1876 aspnet_state - ok

15:16:33.0225 1876 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:16:33.0381 1876 AsyncMac - ok

15:16:33.0397 1876 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:16:33.0553 1876 atapi - ok

15:16:33.0569 1876 Atdisk - ok

15:16:33.0600 1876 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:16:33.0788 1876 Atmarpc - ok

15:16:33.0819 1876 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:16:33.0991 1876 AudioSrv - ok

15:16:34.0038 1876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:16:34.0194 1876 audstub - ok

15:16:34.0225 1876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:16:34.0413 1876 Beep - ok

15:16:34.0460 1876 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:16:34.0741 1876 BITS - ok

15:16:34.0835 1876 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe

15:16:34.0897 1876 Bonjour Service - ok

15:16:34.0944 1876 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:16:35.0116 1876 Browser - ok

15:16:35.0116 1876 cag - ok

15:16:35.0303 1876 catchme - ok

15:16:35.0350 1876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:16:35.0522 1876 cbidf2k - ok

15:16:35.0553 1876 cd20xrnt - ok

15:16:35.0600 1876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:16:35.0788 1876 Cdaudio - ok

15:16:35.0835 1876 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:16:35.0991 1876 Cdfs - ok

15:16:36.0038 1876 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:16:36.0194 1876 Cdrom - ok

15:16:36.0210 1876 Changer - ok

15:16:36.0256 1876 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:16:36.0428 1876 CiSvc - ok

15:16:36.0475 1876 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:16:36.0663 1876 ClipSrv - ok

15:16:36.0741 1876 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:16:36.0819 1876 clr_optimization_v2.0.50727_32 - ok

15:16:36.0913 1876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:16:37.0038 1876 clr_optimization_v4.0.30319_32 - ok

15:16:37.0038 1876 CmdIde - ok

15:16:37.0053 1876 COMSysApp - ok

15:16:37.0053 1876 Cpqarray - ok

15:16:37.0100 1876 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:16:37.0272 1876 CryptSvc - ok

15:16:37.0319 1876 ctxusbm (4e08a98dba0b1249c2eb4b191978a9a4) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

15:16:37.0428 1876 ctxusbm - ok

15:16:37.0428 1876 dac2w2k - ok

15:16:37.0444 1876 dac960nt - ok

15:16:37.0538 1876 DbgSvc (115f8c318d00c1322b28b6922efaa7e4) C:\Program Files\DebugDiag\DbgSvc.exe

15:16:37.0600 1876 DbgSvc - ok

15:16:37.0663 1876 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:16:37.0772 1876 DcomLaunch - ok

15:16:37.0819 1876 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:16:37.0991 1876 Dhcp - ok

15:16:38.0006 1876 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:16:38.0194 1876 Disk - ok

15:16:38.0194 1876 dmadmin - ok

15:16:38.0256 1876 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:16:38.0538 1876 dmboot - ok

15:16:38.0569 1876 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:16:38.0772 1876 dmio - ok

15:16:38.0803 1876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:16:38.0991 1876 dmload - ok

15:16:39.0038 1876 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:16:39.0194 1876 dmserver - ok

15:16:39.0209 1876 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:16:39.0381 1876 DMusic - ok

15:16:39.0428 1876 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

15:16:39.0475 1876 DNE - ok

15:16:39.0522 1876 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:16:39.0600 1876 Dnscache - ok

15:16:39.0663 1876 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:16:39.0850 1876 Dot3svc - ok

15:16:39.0850 1876 dpti2o - ok

15:16:39.0881 1876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:16:40.0038 1876 drmkaud - ok

15:16:40.0084 1876 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

15:16:40.0147 1876 dsNcAdpt - ok

15:16:40.0256 1876 dsNcService (0e08704523eacace8b2790114cc828aa) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

15:16:40.0319 1876 dsNcService - ok

15:16:40.0350 1876 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:16:40.0522 1876 EapHost - ok

15:16:40.0553 1876 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:16:40.0725 1876 ERSvc - ok

15:16:40.0772 1876 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:16:40.0897 1876 Eventlog - ok

15:16:40.0944 1876 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:16:41.0022 1876 EventSystem - ok

15:16:41.0053 1876 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:16:41.0241 1876 Fastfat - ok

15:16:41.0303 1876 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:16:41.0381 1876 FastUserSwitchingCompatibility - ok

15:16:41.0413 1876 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:16:41.0584 1876 Fdc - ok

15:16:41.0631 1876 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:16:41.0803 1876 Fips - ok

15:16:41.0850 1876 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:16:42.0022 1876 Flpydisk - ok

15:16:42.0069 1876 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:16:42.0256 1876 FltMgr - ok

15:16:42.0413 1876 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:16:42.0444 1876 FontCache3.0.0.0 - ok

15:16:42.0491 1876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:16:42.0663 1876 Fs_Rec - ok

15:16:42.0694 1876 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:16:42.0897 1876 Ftdisk - ok

15:16:42.0959 1876 genmcmnUSB (86f732d2995ada73fd307539ec266d3a) C:\WINDOWS\system32\DRIVERS\gflmouhid.sys

15:16:43.0038 1876 genmcmnUSB - ok

15:16:43.0194 1876 GoToAssist (80d6ea9c46904608cea146c4996a824a) C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe

15:16:43.0225 1876 GoToAssist - ok

15:16:43.0272 1876 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:16:43.0444 1876 Gpc - ok

15:16:43.0522 1876 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:16:43.0553 1876 gupdate - ok

15:16:43.0553 1876 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

15:16:43.0584 1876 gupdatem - ok

15:16:43.0600 1876 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:16:43.0663 1876 gusvc - ok

15:16:43.0694 1876 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

15:16:43.0819 1876 HdAudAddService - ok

15:16:43.0897 1876 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:16:44.0100 1876 HDAudBus - ok

15:16:44.0178 1876 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:16:44.0334 1876 helpsvc - ok

15:16:44.0397 1876 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:16:44.0569 1876 HidServ - ok

15:16:44.0600 1876 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:16:44.0772 1876 hidusb - ok

15:16:44.0834 1876 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:16:45.0038 1876 hkmsvc - ok

15:16:45.0038 1876 hpn - ok

15:16:45.0053 1876 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:16:45.0147 1876 HTTP - ok

15:16:45.0178 1876 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:16:45.0366 1876 HTTPFilter - ok

15:16:45.0366 1876 i2omgmt - ok

15:16:45.0366 1876 i2omp - ok

15:16:45.0413 1876 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:16:45.0600 1876 i8042prt - ok

15:16:45.0756 1876 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:16:45.0850 1876 idsvc - ok

15:16:45.0897 1876 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:16:46.0100 1876 Imapi - ok

15:16:46.0116 1876 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:16:46.0319 1876 ImapiService - ok

15:16:46.0319 1876 ini910u - ok

15:16:46.0506 1876 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:16:46.0819 1876 IntcAzAudAddService - ok

15:16:46.0928 1876 IntelIde - ok

15:16:46.0928 1876 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:16:47.0131 1876 intelppm - ok

15:16:47.0163 1876 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:16:47.0334 1876 Ip6Fw - ok

15:16:47.0381 1876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:16:47.0553 1876 IpFilterDriver - ok

15:16:47.0584 1876 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:16:47.0756 1876 IpInIp - ok

15:16:47.0819 1876 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:16:48.0022 1876 IpNat - ok

15:16:48.0069 1876 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:16:48.0241 1876 IPSec - ok

15:16:48.0272 1876 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:16:48.0428 1876 IRENUM - ok

15:16:48.0459 1876 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:16:48.0647 1876 isapnp - ok

15:16:48.0741 1876 ISODrive (bf71a06ff065e3fd7e32ea67dca34885) C:\Program Files\UltraISO\drivers\ISODrive.sys

15:16:48.0772 1876 ISODrive ( UnsignedFile.Multi.Generic ) - warning

15:16:48.0772 1876 ISODrive - detected UnsignedFile.Multi.Generic (1)

15:16:48.0866 1876 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

15:16:48.0928 1876 JavaQuickStarterService - ok

15:16:48.0944 1876 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:16:49.0131 1876 Kbdclass - ok

15:16:49.0147 1876 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:16:49.0303 1876 kbdhid - ok

15:16:49.0366 1876 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:16:49.0522 1876 kmixer - ok

15:16:49.0569 1876 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:16:49.0663 1876 KSecDD - ok

15:16:49.0725 1876 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:16:49.0803 1876 lanmanserver - ok

15:16:49.0850 1876 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:16:49.0897 1876 lanmanworkstation - ok

15:16:49.0913 1876 lbrtfdc - ok

15:16:49.0944 1876 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:16:50.0116 1876 LmHosts - ok

15:16:50.0131 1876 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:16:50.0319 1876 Messenger - ok

15:16:50.0397 1876 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

15:16:50.0444 1876 Microsoft Office Groove Audit Service - ok

15:16:50.0475 1876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:16:50.0663 1876 mnmdd - ok

15:16:50.0709 1876 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:16:50.0913 1876 mnmsrvc - ok

15:16:50.0928 1876 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:16:51.0116 1876 Modem - ok

15:16:51.0116 1876 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:16:51.0288 1876 Mouclass - ok

15:16:51.0334 1876 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:16:51.0522 1876 mouhid - ok

15:16:51.0569 1876 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:16:51.0725 1876 MountMgr - ok

15:16:51.0725 1876 mraid35x - ok

15:16:51.0756 1876 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:16:51.0834 1876 MRxDAV - ok

15:16:51.0913 1876 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:16:52.0069 1876 MRxSmb - ok

15:16:52.0100 1876 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:16:52.0272 1876 MSDTC - ok

15:16:52.0303 1876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:16:52.0491 1876 Msfs - ok

15:16:52.0491 1876 MSIServer - ok

15:16:52.0522 1876 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:16:52.0709 1876 MSKSSRV - ok

15:16:52.0725 1876 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:16:52.0913 1876 MSPCLOCK - ok

15:16:52.0944 1876 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:16:53.0116 1876 MSPQM - ok

15:16:53.0178 1876 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:16:53.0366 1876 mssmbios - ok

15:16:53.0397 1876 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:16:53.0491 1876 Mup - ok

15:16:53.0538 1876 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:16:53.0725 1876 napagent - ok

15:16:53.0772 1876 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:16:53.0991 1876 NDIS - ok

15:16:54.0022 1876 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:16:54.0084 1876 NdisTapi - ok

15:16:54.0116 1876 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:16:54.0288 1876 Ndisuio - ok

15:16:54.0303 1876 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:16:54.0475 1876 NdisWan - ok

15:16:54.0522 1876 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:16:54.0584 1876 NDProxy - ok

15:16:54.0600 1876 Net6IM - ok

15:16:54.0631 1876 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:16:54.0803 1876 NetBIOS - ok

15:16:54.0850 1876 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:16:55.0053 1876 NetBT - ok

15:16:55.0069 1876 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:16:55.0256 1876 NetDDE - ok

15:16:55.0256 1876 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:16:55.0397 1876 NetDDEdsdm - ok

15:16:55.0444 1876 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:16:55.0616 1876 Netlogon - ok

15:16:55.0631 1876 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:16:55.0788 1876 Netman - ok

15:16:55.0897 1876 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:16:55.0975 1876 NetTcpPortSharing - ok

15:16:56.0022 1876 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:16:56.0069 1876 Nla - ok

15:16:56.0100 1876 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:16:56.0272 1876 Npfs - ok

15:16:56.0334 1876 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:16:56.0584 1876 Ntfs - ok

15:16:56.0631 1876 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:16:56.0772 1876 NtLmSsp - ok

15:16:56.0803 1876 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:16:57.0037 1876 NtmsSvc - ok

15:16:57.0209 1876 ntrtscan (32e9e017efeaef961bde32d140fc8071) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

15:16:57.0287 1876 ntrtscan - ok

15:16:57.0412 1876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:16:57.0600 1876 Null - ok

15:16:57.0975 1876 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:16:58.0631 1876 nv - ok

15:16:58.0756 1876 nvsvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe

15:16:58.0803 1876 nvsvc - ok

15:16:58.0850 1876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:16:59.0053 1876 NwlnkFlt - ok

15:16:59.0069 1876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:16:59.0241 1876 NwlnkFwd - ok

15:16:59.0381 1876 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:16:59.0459 1876 odserv - ok

15:16:59.0491 1876 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:16:59.0537 1876 ose - ok

15:16:59.0584 1876 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:16:59.0741 1876 Parport - ok

15:16:59.0787 1876 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:16:59.0959 1876 PartMgr - ok

15:16:59.0975 1876 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:17:00.0162 1876 ParVdm - ok

15:17:00.0194 1876 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:17:00.0381 1876 PCI - ok

15:17:00.0381 1876 PCIDump - ok

15:17:00.0412 1876 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:17:00.0584 1876 PCIIde - ok

15:17:00.0600 1876 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:17:00.0803 1876 Pcmcia - ok

15:17:00.0803 1876 PDCOMP - ok

15:17:00.0803 1876 PDFRAME - ok

15:17:00.0819 1876 PDRELI - ok

15:17:00.0819 1876 PDRFRAME - ok

15:17:00.0834 1876 perc2 - ok

15:17:00.0834 1876 perc2hib - ok

15:17:00.0881 1876 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:17:00.0928 1876 PlugPlay - ok

15:17:00.0975 1876 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:01.0116 1876 PolicyAgent - ok

15:17:01.0131 1876 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:17:01.0303 1876 PptpMiniport - ok

15:17:01.0303 1876 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:01.0444 1876 ProtectedStorage - ok

15:17:01.0491 1876 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:17:01.0662 1876 PSched - ok

15:17:01.0709 1876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:17:01.0881 1876 Ptilink - ok

15:17:01.0881 1876 ql1080 - ok

15:17:01.0897 1876 Ql10wnt - ok

15:17:01.0897 1876 ql12160 - ok

15:17:01.0912 1876 ql1240 - ok

15:17:01.0912 1876 ql1280 - ok

15:17:01.0912 1876 RapportBuka - ok

15:17:01.0928 1876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:17:02.0100 1876 RasAcd - ok

15:17:02.0131 1876 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:17:02.0303 1876 RasAuto - ok

15:17:02.0350 1876 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:17:02.0522 1876 Rasl2tp - ok

15:17:02.0569 1876 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:17:02.0756 1876 RasMan - ok

15:17:02.0772 1876 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:17:02.0944 1876 RasPppoe - ok

15:17:02.0959 1876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:17:03.0147 1876 Raspti - ok

15:17:03.0194 1876 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:17:03.0381 1876 Rdbss - ok

15:17:03.0397 1876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:17:03.0569 1876 RDPCDD - ok

15:17:03.0616 1876 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:17:03.0803 1876 rdpdr - ok

15:17:03.0850 1876 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

15:17:03.0944 1876 RDPWD - ok

15:17:03.0975 1876 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:17:04.0194 1876 RDSessMgr - ok

15:17:04.0225 1876 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:17:04.0412 1876 redbook - ok

15:17:04.0444 1876 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:17:04.0616 1876 RemoteAccess - ok

15:17:04.0662 1876 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:17:04.0819 1876 RemoteRegistry - ok

15:17:04.0866 1876 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

15:17:05.0022 1876 RpcLocator - ok

15:17:05.0069 1876 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

15:17:05.0116 1876 RpcSs - ok

15:17:05.0147 1876 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

15:17:05.0350 1876 RSVP - ok

15:17:05.0366 1876 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:05.0522 1876 SamSs - ok

15:17:05.0537 1876 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:17:05.0741 1876 SCardSvr - ok

15:17:05.0787 1876 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys

15:17:05.0850 1876 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

15:17:05.0850 1876 SCDEmu - detected UnsignedFile.Multi.Generic (1)

15:17:05.0881 1876 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:17:06.0084 1876 Schedule - ok

15:17:06.0100 1876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:17:06.0287 1876 Secdrv - ok

15:17:06.0319 1876 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:17:06.0491 1876 seclogon - ok

15:17:06.0537 1876 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:17:06.0694 1876 SENS - ok

15:17:06.0741 1876 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:17:06.0897 1876 serenum - ok

15:17:06.0928 1876 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:17:07.0100 1876 Serial - ok

15:17:07.0131 1876 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:17:07.0287 1876 Sfloppy - ok

15:17:07.0334 1876 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:17:07.0553 1876 SharedAccess - ok

15:17:07.0600 1876 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:17:07.0631 1876 ShellHWDetection - ok

15:17:07.0631 1876 Simbad - ok

15:17:07.0647 1876 Sparrow - ok

15:17:07.0678 1876 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:17:07.0850 1876 splitter - ok

15:17:07.0881 1876 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:17:07.0975 1876 Spooler - ok

15:17:08.0006 1876 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:17:08.0194 1876 sr - ok

15:17:08.0241 1876 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:17:08.0412 1876 srservice - ok

15:17:08.0459 1876 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:17:08.0600 1876 Srv - ok

15:17:08.0616 1876 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:17:08.0787 1876 SSDPSRV - ok

15:17:08.0850 1876 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:17:09.0069 1876 stisvc - ok

15:17:09.0084 1876 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:17:09.0256 1876 swenum - ok

15:17:09.0272 1876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:17:09.0444 1876 swmidi - ok

15:17:09.0444 1876 SwPrv - ok

15:17:09.0444 1876 symc810 - ok

15:17:09.0459 1876 symc8xx - ok

15:17:09.0459 1876 sym_hi - ok

15:17:09.0475 1876 sym_u3 - ok

15:17:09.0522 1876 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:17:09.0694 1876 sysaudio - ok

15:17:09.0725 1876 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:17:09.0912 1876 SysmonLog - ok

15:17:09.0928 1876 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:17:10.0131 1876 TapiSrv - ok

15:17:10.0178 1876 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:17:10.0256 1876 Tcpip - ok

15:17:10.0303 1876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:17:10.0491 1876 TDPIPE - ok

15:17:10.0522 1876 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:17:10.0694 1876 TDTCP - ok

15:17:10.0725 1876 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:17:10.0897 1876 TermDD - ok

15:17:10.0928 1876 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:17:11.0116 1876 TermService - ok

15:17:11.0162 1876 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:17:11.0194 1876 Themes - ok

15:17:11.0241 1876 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

15:17:11.0444 1876 TlntSvr - ok

15:17:11.0475 1876 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys

15:17:11.0522 1876 tmactmon - ok

15:17:11.0631 1876 TMBMServer (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

15:17:11.0694 1876 TMBMServer - ok

15:17:11.0741 1876 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys

15:17:11.0772 1876 tmcomm - ok

15:17:11.0787 1876 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys

15:17:11.0834 1876 tmevtmgr - ok

15:17:11.0928 1876 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

15:17:12.0022 1876 TmFilter - ok

15:17:12.0116 1876 tmlisten (1125044215cba381cfa3af68b864c0c1) C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

15:17:12.0194 1876 tmlisten - ok

15:17:12.0209 1876 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

15:17:12.0256 1876 TmPreFilter - ok

15:17:12.0303 1876 TmProxy (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

15:17:12.0366 1876 TmProxy - ok

15:17:12.0475 1876 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

15:17:12.0522 1876 tmtdi - ok

15:17:12.0522 1876 TosIde - ok

15:17:12.0584 1876 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:17:12.0756 1876 TrkWks - ok

15:17:12.0803 1876 truecrypt (746b8cf9cededdd865472544edf626da) C:\WINDOWS\system32\drivers\truecrypt.sys

15:17:12.0881 1876 truecrypt - ok

15:17:12.0912 1876 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:17:13.0084 1876 Udfs - ok

15:17:13.0100 1876 ultra - ok

15:17:13.0147 1876 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:17:13.0319 1876 Update - ok

15:17:13.0350 1876 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:17:13.0553 1876 upnphost - ok

15:17:13.0600 1876 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:17:13.0787 1876 UPS - ok

15:17:13.0834 1876 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:17:13.0897 1876 USBAAPL - ok

15:17:13.0928 1876 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:17:14.0100 1876 usbccgp - ok

15:17:14.0147 1876 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:17:14.0319 1876 usbehci - ok

15:17:14.0366 1876 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:17:14.0522 1876 usbhub - ok

15:17:14.0569 1876 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:17:14.0741 1876 usbscan - ok

15:17:14.0772 1876 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:17:14.0959 1876 USBSTOR - ok

15:17:14.0991 1876 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:17:15.0147 1876 usbuhci - ok

15:17:15.0178 1876 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:17:15.0334 1876 VgaSave - ok

15:17:15.0350 1876 ViaIde - ok

15:17:15.0366 1876 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:17:15.0537 1876 VolSnap - ok

15:17:15.0662 1876 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

15:17:15.0740 1876 VSApiNt - ok

15:17:15.0865 1876 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:17:16.0084 1876 VSS - ok

15:17:16.0115 1876 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:17:16.0287 1876 W32Time - ok

15:17:16.0350 1876 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:17:16.0522 1876 Wanarp - ok

15:17:16.0553 1876 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

15:17:16.0600 1876 WDC_SAM - ok

15:17:16.0615 1876 WDICA - ok

15:17:16.0647 1876 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:17:16.0819 1876 wdmaud - ok

15:17:16.0865 1876 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:17:17.0053 1876 WebClient - ok

15:17:17.0147 1876 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:17:17.0319 1876 winmgmt - ok

15:17:17.0381 1876 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

15:17:17.0709 1876 WinRM - ok

15:17:17.0740 1876 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:17:17.0803 1876 WmdmPmSN - ok

15:17:17.0865 1876 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:17:17.0959 1876 Wmi - ok

15:17:18.0053 1876 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:17:18.0256 1876 WmiApSrv - ok

15:17:18.0397 1876 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:17:18.0584 1876 WMPNetworkSvc - ok

15:17:18.0756 1876 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:17:18.0865 1876 WPFFontCache_v0400 - ok

15:17:18.0944 1876 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:17:19.0147 1876 wscsvc - ok

15:17:19.0147 1876 WSearch - ok

15:17:19.0194 1876 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:17:19.0350 1876 wuauserv - ok

15:17:19.0397 1876 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:17:19.0490 1876 WudfPf - ok

15:17:19.0522 1876 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:17:19.0584 1876 WudfRd - ok

15:17:19.0631 1876 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:17:19.0694 1876 WudfSvc - ok

15:17:19.0756 1876 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:17:19.0912 1876 WZCSVC - ok

15:17:19.0944 1876 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:17:20.0115 1876 xmlprov - ok

15:17:20.0194 1876 yukonwxp (b29e7a2e211494ac05c2575d4725497a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

15:17:20.0334 1876 yukonwxp - ok

15:17:20.0365 1876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:17:20.0819 1876 \Device\Harddisk0\DR0 - ok

15:17:20.0819 1876 Boot (0x1200) (b95f0315da4908d5660add189cf69e85) \Device\Harddisk0\DR0\Partition0

15:17:20.0819 1876 \Device\Harddisk0\DR0\Partition0 - ok

15:17:20.0819 1876 ============================================================

15:17:20.0819 1876 Scan finished

15:17:20.0819 1876 ============================================================

15:17:20.0944 5016 Detected object count: 2

15:17:20.0944 5016 Actual detected object count: 2

15:17:33.0412 5016 ISODrive ( UnsignedFile.Multi.Generic ) - skipped by user

15:17:33.0412 5016 ISODrive ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:17:33.0412 5016 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

15:17:33.0412 5016 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Sorry i can't unload my office scan(turn off anti-virus) because i won't be able to install it gain from the server console due to the fact i have no access.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.