Luke56 Posted January 26, 2012 ID:520539 Share Posted January 26, 2012 Tried all the methods listed in the FAQ's (re-naming the .exe, random installer, safe mode and Chameleon).Software will install, and update. All attempts to initialize the program result in "Malwarebytes has encountered an error and needs to close... etc.Any help is greatly appreciated.DDS.txt and Attach.txt logs are pasted below.Thanks!.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Luke at 19:17:13 on 2012-01-25Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2534 [GMT -7:00].AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\program files\mcrewserver\mcfolderwatcher.exeC:\WINDOWS\Explorer.EXEc:\program files\mcrewserver\mcservice.exeC:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\SpamFighter\Fighters\SPAMfighter\sfus.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Fighters\FighterSuiteService.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files\Seagate\DiscWizard\TimounterMonitor.exeC:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exeC:\Program Files\Mcrewserver\McTaskTray.exeC:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exeC:\Program Files\Razer\DeathAdder\razerhid.exeC:\Program Files\SpamFighter\Fighters\SPAMfighter\sfagent.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Sony\Mcrew Music Server\McrewHttpService.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXEC:\Program Files\Acer Display\eDisplay Management\DTHtml.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\U-ABIT\abitEQ\ABITEQ.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Steam\steam.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exeC:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exeC:\Program Files\Razer\DeathAdder\razertra.exeC:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exeC:\Program Files\Razer\DeathAdder\razerofa.exeC:\Program Files\Sony\Mcrew Music Server\McrewUPnPService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Outlook Express\msimn.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://yahoo.com/BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dlluRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\ABITEQ.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [steam] "c:\program files\steam\steam.exe" -silentmRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exemRun: [setDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exemRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorunmRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exemRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exemRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"mRun: [McrewTask] c:\program files\mcrewserver\McTaskTray.exemRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /TraybarmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exemRun: [sfagent] c:\program files\spamfighter\fighters\spamfighter\sfagent.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACRmRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"mRun: [WINDVDPatch] CTHELPER.EXEmRun: [AudioHQ] c:\program files\creative\sblive\audiohq\AHQTB.EXEmRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquietmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeTrusted Zone: aol.com\freeDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260849744703DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260849738031DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://us.myweatherford.com/dana-cached/setup/JuniperSetupSP1.cabDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://us.myweatherford.com/dana-cached/sc/JuniperSetupClient.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{F887F573-64F6-4107-B29D-CA4BC597BCB3} : DhcpNameServer = 192.168.1.1Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Authentication Packages = msv1_0 relog_apmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\luke\application data\mozilla\firefox\profiles\egkb0e63.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p=FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.81\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll.============= SERVICES / DRIVERS ===============.R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 129992]R2 McrewFolderWatcher;Mcrew Folder Watcher;c:\program files\mcrewserver\McFolderWatcher.exe [2006-7-21 49152]R2 McrewMusicStreamingServer;Mcrew Music Streaming Server;c:\program files\sony\mcrew music server\McrewHttpService.exe [2006-10-4 745472]R2 McrewUPnPMusicServer;Mcrew UPnP Music Server;c:\program files\sony\mcrew music server\McrewUPnPService.exe [2006-7-21 368640]R2 McrewWebradioServer;Mcrew Webradio Server;c:\program files\mcrewserver\McService.exe [2006-8-29 180224]R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-4 2253120]R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-12-11 113264]R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143752]R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 97096]R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111688]R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112456]R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\fighters\spamfighter\sfus.exe [2011-6-10 215688]R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2011-6-10 1299080]R3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2009-10-8 4608]R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-11-15 11136]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-11-15 5760]S0 qfrhll;qfrhll;c:\windows\system32\drivers\smltr.sys --> c:\windows\system32\drivers\smltr.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]S3 ampa;ampa;c:\windows\system32\ampa.sys [2012-1-25 10936]S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-11-15 38528]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-1-25 16472]S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-1-25 11104]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-01-26 01:44:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2012-01-26 01:12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-01-25 23:16:26 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2012-01-25 21:07:42 98992 ----a-w- c:\windows\system32\drivers\63313139.sys2012-01-25 21:06:36 -------- d-----w- C:\TDSSKiller_Quarantine2012-01-25 20:12:25 919872 ----a-w- c:\windows\system32\nvdispco32.dll2012-01-25 20:12:25 877376 ----a-w- c:\windows\system32\nvgenco32.dll2012-01-25 19:14:51 1323448 ----a-w- c:\windows\ampa.exe2012-01-25 19:14:51 10936 ----a-w- c:\windows\system32\ampa.sys2012-01-25 19:14:49 -------- d-----w- c:\program files\Aomei Partition Assistant Home Edition 4.02012-01-25 19:04:27 922184 ----a-w- c:\windows\system32\pwNative.exe2012-01-25 19:04:27 16472 ------w- c:\windows\system32\pwdrvio.sys2012-01-25 19:04:27 11104 ------w- c:\windows\system32\pwdspio.sys2012-01-25 06:39:59 235352 ----a-w- c:\windows\system32\xactengine3_4.dll2012-01-25 06:38:45 -------- d-----w- c:\program files\Essentials Codec Pack2012-01-25 06:38:04 -------- d-----w- c:\documents and settings\luke\application data\Nullsoft2012-01-24 22:22:00 3584 ----a-w- c:\windows\system32\Ahqcpres.dll2012-01-24 22:22:00 18432 ----a-w- c:\windows\system32\Audiohq.cpl2012-01-24 21:54:51 77824 ----a-w- c:\windows\system32\EAXAC3.DLL2012-01-24 21:54:51 61440 ----a-w- c:\windows\MIDIDEF.EXE2012-01-24 21:54:51 51200 ----a-w- c:\windows\system32\sfman32.dll2012-01-24 21:54:51 49152 ----a-w- c:\windows\system32\KILLAPPS.EXE2012-01-24 21:54:51 36864 ----a-w- c:\windows\system32\REGPLIB.EXE2012-01-24 21:49:44 -------- d-----w- c:\windows\system32\Data2012-01-24 21:49:41 61440 ----a-w- c:\windows\system32\CTAGENT.DLL2012-01-24 21:49:41 24576 ----a-w- c:\windows\system32\CTHELPER.EXE2012-01-24 21:48:51 12288 ------w- c:\windows\system32\AHQCpURes.dll2012-01-24 21:48:49 32768 ----a-w- c:\windows\system32\AudioHQU.cpl2012-01-24 21:45:20 90112 ------w- c:\windows\Updreg.EXE2012-01-24 21:45:19 84992 ------w- c:\windows\system32\SFCVRT32.DLL2012-01-24 21:45:19 53552 ------w- c:\windows\CTCCW.DLL2012-01-24 21:45:19 24976 ------w- c:\windows\CTRES.DLL2012-01-24 21:45:18 82432 ------w- c:\windows\system32\CTWFLT32.DLL2012-01-24 21:45:18 54784 ------w- c:\windows\system32\INETWH32.DLL2012-01-24 21:45:18 26768 ------w- c:\windows\system32\CTL3D.DLL2012-01-24 21:45:18 -------- d-----w- c:\windows\system32\Defaults2012-01-24 21:44:17 10194 ------w- c:\windows\system32\PFMODNT.SYS2012-01-24 21:14:18 149504 ------w- c:\windows\system32\MFCANS32.DLL2012-01-24 21:14:18 108032 ------w- c:\windows\system32\MFCUIA32.DLL2012-01-24 20:30:13 20480 ----a-w- c:\windows\INRES.DLL2012-01-24 18:13:20 -------- d-----w- c:\program files\Marvell.==================== Find3M ====================.2012-01-25 20:12:58 285788 ----a-w- c:\windows\system32\nvdrsdb1.bin2012-01-25 20:12:58 1 ----a-w- c:\windows\system32\nvdrssel.bin2012-01-25 20:12:56 285788 ----a-w- c:\windows\system32\nvdrsdb0.bin2011-12-11 09:21:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll2011-11-11 10:05:43 139096 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2011-11-11 10:05:33 202008 ----a-w- c:\windows\system32\PnkBstrB.exe2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll.============= FINISH: 19:17:55.15 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume3Install Date: 10/8/2009 1:19:28 AMSystem Uptime: 1/25/2012 6:59:43 PM (1 hours ago).Motherboard: http://www.abit.com.tw/ | | IP35-E(Intel P35+ICH9R)Processor: Intel Pentium II processor | Socket 775 | 1836/204mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 503 GiB total, 466.726 GiB free.D: is FIXED (NTFS) - 195 GiB total, 171.384 GiB free.E: is FIXED (NTFS) - 38 GiB total, 23.755 GiB free.F: is FIXED (NTFS) - 19 GiB total, 9.688 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}Description: Realtek High Definition AudioDevice ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_147B0000&REV_1000\4&5A350D8&0&0001Manufacturer: RealtekName: Realtek High Definition AudioPNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_147B0000&REV_1000\4&5A350D8&0&0001Service: IntcAzAudAddService.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: ParportDevice ID: ROOT\LEGACY_PARPORT\0000Manufacturer:Name: ParportPNP Device ID: ROOT\LEGACY_PARPORT\0000Service: Parport.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: SerialDevice ID: ROOT\LEGACY_SERIAL\0000Manufacturer:Name: SerialPNP Device ID: ROOT\LEGACY_SERIAL\0000Service: Serial.==== System Restore Points ===================.RP464: 1/25/2012 12:35:44 PM - System Checkpoint.==== Installed Programs ======================.abitEQ V1.1.0.9Acer eDisplay ManagementAdobe Acrobat - Reader 6.0.2 UpdateAdobe Acrobat 6.0.1 StandardAdobe Acrobat and Reader 6.0.3 UpdateAdobe Acrobat and Reader 6.0.4 UpdateAdobe Acrobat and Reader 6.0.5 UpdateAdobe Acrobat and Reader 6.0.6 UpdateAdobe Atmosphere Player for Acrobat and Adobe ReaderAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.3.4Adobe Shockwave Player 11.5Aomei Partition Assistant Home Edition 4.0AudioHQBelarc Advisor 8.1Brother MFL-Pro SuiteCompatibility Pack for the 2007 Office systemCreative PC-CAM CenterCreative Surround MixerCreative WebCam MonitorCreative WebCam NX Pro Driver (1.02.03.0218)Creative WebCam NX Pro User's Guide (English)EVGA Display DriverFlashMenuFree 3GP Video Converter version 3.5Google Earth Plug-inGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB954550-v5)Java Auto UpdaterJava 6 Update 29Juniper Networks Network Connect 6.1.0Juniper Networks Network Connect 7.0.0Juniper Networks Setup ClientLeft 4 Dead 2LightScribe System Software 1.10.16.1M-crew ServerMalwarebytes Anti-Malware version 1.60.0.1800Marvell Miniport DriverMcrew Music ServerMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office 2000 PremiumMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Works 6-9 ConverterMozilla Firefox 6.0.2 (x86 en-US)Mp3tag v2.46aMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 8 EssentialsneroxmlNHL® 09NVIDIA Control Panel 285.58NVIDIA Graphics Driver 285.58NVIDIA Install ApplicationNVIDIA nView 135.95NVIDIA nView Desktop ManagerNVIDIA PhysXNVIDIA PhysX System Software 9.10.0514NVIDIA Update 1.3.5NVIDIA Update ComponentsOGA Notifier 2.0.0048.0OpenMG Limited Patch 4.4-06-13-19-01OpenMG Secure Module 4.4.00Panda Cloud AntivirusPaperPortPivot Pro PluginPIXresizer 2.0.4PowerArchiverRazer DeathAdder MouseRealtek High Definition Audio DriverSDKSeagate DiscWizardSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows XP (KB923789)Segoe UISkype™ 5.3Sound Blaster Live!SPAMfighterSPAMfighter ClientSpectrum PrereqSteamTixatiTrustView For Office and PDF 3.5.0Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Windows Internet Explorer 8 (KB2362765)Update for Windows Internet Explorer 8 (KB2447568)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB2632503)Update for Windows Internet Explorer 8 (KB973874)Update for Windows Internet Explorer 8 (KB975364)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB978506)Update for Windows Internet Explorer 8 (KB980182)Update for Windows Internet Explorer 8 (KB980302)Update for Windows Internet Explorer 8 (KB982632)Update for Windows Internet Explorer 8 (KB982664)VCRedistSetupWebFldrs XPWindows Driver Package - Cypress (CYUSB) USB (06/05/2009 3.4.1.20)Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)Windows Essentials Media Codec Pack 3.6 [32-Bit]Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Management Framework CoreWindows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3.==== Event Viewer Messages From Past Week ========.1/25/2012 6:44:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}1/25/2012 2:13:53 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).1/25/2012 2:00:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}1/25/2012 12:59:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Steam Client Service service to connect.1/25/2012 12:59:48 PM, error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/25/2012 1:59:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips intelppm PSINKNC1/25/2012 1:58:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/25/2012 1:49:50 PM, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).1/24/2012 2:17:13 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.1/24/2012 2:17:13 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort0..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 21, 2012 ID:536652 Share Posted March 21, 2012 Hello,Please advise if you have resolved your issues.If not, and you need guided help, do the following.If I do not hear back from you in 4 days, this topic will be closed.Step 11. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders.On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed."CHECK" (turn on) Display the contents of system folders.Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.Next, un-check Hide extensions for known file types.Next un-check Hide protected operating system files.Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security CheckFollow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.Step 6Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or>> from here <<Quit all programs that you may have started.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start.Wait until Prescan has finished ...Click on Scan.Click on Report and copy/paste the content of the notepad into your next reply.Step 7RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
Luke56 Posted March 22, 2012 Author ID:536689 Share Posted March 22, 2012 Please leave the topic open. I will be at work for the next few weeks, and will post the information requested when I get back home. Thank you. Link to post Share on other sites More sharing options...
Luke56 Posted April 15, 2012 Author ID:542835 Share Posted April 15, 2012 Couldn't get BitDefender to run...Thanks for keeping this topic open, and having a look at the logs.info.txtlog.txtcheckup.txtRKreport2.txtRKreport1.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 15, 2012 ID:542866 Share Posted April 15, 2012 Going forward, do NOT attach logs (reports). Open them using NOTEPAD & Copy all lines & Paste into reply box. Always. Thanks.Otherwise, it makes my task that much harder.Step 2This system appears to have Limewire utility, which is not advised since it poses a security risk. Most all peer-to-peer filesharing exposes your system to security risks and facilitates transmission of malware.Go to Control Panel >> Add-or-Remove Programs and remove Limewire.Step 3If you have Ad-Aware then make sure Ad-watch is turned off while we have this case open.Right click on the Ad-Watch icon in the system tray.At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: This will turn Ad-Watch On\Off without closing it. Automatic: Suspicious activity will be blocked automatically.Uncheck both of those boxes.Step 4Temporarily disable AVIRA realtime protection. Do a right-click on Avira taskbar-icon and un-check Realtime protection. Download aswMBR.exe ( 511KB ) to your desktop.Double click on aswMBR.exe to start.change the a-v scan to None.uncheck trace disk IO callsClick the "Scan" button to start scanOn completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next replyStep 5Please read carefully and follow these steps.Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application.Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OKThen press Start ScanWhen the scan is done, it will display a summary screen. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Step 6Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.========================================================Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.========================================================Double-click gmer.exe. The program will begin to run. **Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan.Click Yes.Once the scan is complete, you may receive another notice about rootkit activity. Click OK. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt". Save it where you can easily find it, such as your desktop.If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt". Save it where you can easily find it, such as your desktop.Step 7Please download ListpartsRun the tool, click Scan and post the log (Result.txt) it makes.When done, re-enable AVIRA realtime. Do a right-click on Avira taskbar-icon and Check (turn on) Realtime protection.Reply with contents (Copy & PASTE) of aswMBR logTDSSKILLER logGMER.txt logResult.txtThere will be lots more work to do later. Link to post Share on other sites More sharing options...
Luke56 Posted April 16, 2012 Author ID:543051 Share Posted April 16, 2012 Thanks for the help. Much appreciated.Limewire has been uninstalled for a year or more. It does not show up in Add/Remove Programs, nor as a directory in Program Files.I had AdAware in the past, but it also has been uninstalled long ago.The Fix button was not enabled after running aswMBR.exe.aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-04-15 09:28:07-----------------------------09:28:07.265 OS Version: Windows 5.1.2600 Service Pack 309:28:07.265 Number of processors: 1 586 0x160109:28:07.265 ComputerName: LUKES-PC UserName: Luke09:28:08.078 Initialize success09:28:34.546 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-409:28:34.546 Disk 0 Vendor: IBM-DTLA-307020 TX3OA50C Size: 19623MB BusType: 309:28:34.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c09:28:34.546 Disk 1 Vendor: Maxtor_6E040L0 NAR61590 Size: 39205MB BusType: 309:28:34.546 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-1d09:28:34.546 Disk 2 Vendor: ST3750640AS 3.AAE Size: 715404MB BusType: 309:28:34.562 Disk 2 MBR read successfully09:28:34.562 Disk 2 MBR scan09:28:34.562 Disk 2 Windows XP default MBR code09:28:34.562 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 515405 MB offset 6309:28:34.578 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 199996 MB offset 105555182709:28:34.578 Disk 2 scanning sectors +146514506509:28:34.703 Disk 2 scanning C:\WINDOWS\system32\drivers09:28:39.437 Service scanning09:28:47.734 Modules scanning09:29:00.156 Scan finished successfully09:29:23.687 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\Luke\My Documents\MBR.dat"09:29:23.687 The log file has been saved successfully to "C:\Documents and Settings\Luke\My Documents\aswMBR.txt"09:32:14.0187 3512 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:0509:32:14.0515 3512 ============================================================09:32:14.0515 3512 Current date / time: 2012/04/15 09:32:14.051509:32:14.0515 3512 SystemInfo:09:32:14.0515 3512 09:32:14.0515 3512 OS Version: 5.1.2600 ServicePack: 3.009:32:14.0515 3512 Product type: Workstation09:32:14.0515 3512 ComputerName: LUKES-PC09:32:14.0515 3512 UserName: Luke09:32:14.0515 3512 Windows directory: C:\WINDOWS09:32:14.0515 3512 System windows directory: C:\WINDOWS09:32:14.0515 3512 Processor architecture: Intel x8609:32:14.0515 3512 Number of processors: 109:32:14.0515 3512 Page size: 0x100009:32:14.0515 3512 Boot type: Normal boot09:32:14.0515 3512 ============================================================09:32:15.0312 3512 Drive \Device\Harddisk0\DR0 - Size: 0x4CA784000 (19.16 Gb), SectorSize: 0x200, Cylinders: 0x9C5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005409:32:15.0312 3512 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005409:32:15.0328 3512 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005409:32:15.0328 3512 \Device\Harddisk0\DR0:09:32:15.0328 3512 MBR used09:32:15.0328 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x265134609:32:15.0328 3512 \Device\Harddisk1\DR1:09:32:15.0328 3512 MBR used09:32:15.0328 3512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8ED0609:32:15.0328 3512 \Device\Harddisk2\DR2:09:32:15.0328 3512 MBR used09:32:15.0328 3512 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3EEA6D2A09:32:15.0328 3512 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3EEA7153, BlocksNum 0x1869E59609:32:15.0468 3512 Initialize success09:32:15.0468 3512 ============================================================09:32:31.0859 0616 ============================================================09:32:31.0859 0616 Scan started09:32:31.0859 0616 Mode: Manual; SigCheck; TDLFS;09:32:31.0859 0616 ============================================================09:32:32.0359 0616 Abiosdsk - ok09:32:32.0421 0616 ABIT-IO (82cd4f28228543173813475076891649) C:\Program Files\U-ABIT\abitEQ\ABIT-IO.sys09:32:32.0500 0616 ABIT-IO ( UnsignedFile.Multi.Generic ) - warning09:32:32.0500 0616 ABIT-IO - detected UnsignedFile.Multi.Generic (1)09:32:32.0515 0616 abp480n5 - ok09:32:32.0546 0616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys09:32:32.0703 0616 ACPI - ok09:32:32.0750 0616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys09:32:32.0859 0616 ACPIEC - ok09:32:32.0937 0616 AcrSch2Svc (c0c8248730ebb49bd8df2b0981fca312) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe09:32:32.0968 0616 AcrSch2Svc - ok09:32:33.0031 0616 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe09:32:33.0046 0616 AdobeFlashPlayerUpdateSvc - ok09:32:33.0062 0616 adpu160m - ok09:32:33.0093 0616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys09:32:33.0203 0616 aec - ok09:32:33.0250 0616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys09:32:33.0281 0616 AFD - ok09:32:33.0312 0616 Aha154x - ok09:32:33.0328 0616 aic78u2 - ok09:32:33.0343 0616 aic78xx - ok09:32:33.0375 0616 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll09:32:33.0484 0616 Alerter - ok09:32:33.0500 0616 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe09:32:33.0609 0616 ALG - ok09:32:33.0640 0616 AliIde - ok09:32:33.0671 0616 ampa (fe62e9711285dc2002def9b2bc2fb220) C:\WINDOWS\system32\ampa.sys09:32:33.0703 0616 ampa - ok09:32:33.0734 0616 amsint - ok09:32:33.0890 0616 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe09:32:33.0906 0616 AntiVirSchedulerService - ok09:32:33.0921 0616 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe09:32:33.0937 0616 AntiVirService - ok09:32:34.0015 0616 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll09:32:34.0125 0616 AppMgmt - ok09:32:34.0140 0616 asc - ok09:32:34.0156 0616 asc3350p - ok09:32:34.0187 0616 asc3550 - ok09:32:34.0265 0616 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe09:32:34.0281 0616 aspnet_state - ok09:32:34.0328 0616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys09:32:34.0437 0616 AsyncMac - ok09:32:34.0468 0616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys09:32:34.0578 0616 atapi - ok09:32:34.0578 0616 Atdisk - ok09:32:34.0625 0616 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys09:32:34.0656 0616 atksgt ( UnsignedFile.Multi.Generic ) - warning09:32:34.0656 0616 atksgt - detected UnsignedFile.Multi.Generic (1)09:32:34.0671 0616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys09:32:34.0781 0616 Atmarpc - ok09:32:34.0828 0616 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll09:32:34.0953 0616 AudioSrv - ok09:32:34.0984 0616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys09:32:35.0093 0616 audstub - ok09:32:35.0125 0616 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys09:32:35.0140 0616 avgntflt - ok09:32:35.0156 0616 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys09:32:35.0171 0616 avipbb - ok09:32:35.0187 0616 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys09:32:35.0203 0616 avkmgr - ok09:32:35.0250 0616 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys09:32:35.0250 0616 BANTExt ( UnsignedFile.Multi.Generic ) - warning09:32:35.0250 0616 BANTExt - detected UnsignedFile.Multi.Generic (1)09:32:35.0281 0616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys09:32:35.0406 0616 Beep - ok09:32:35.0437 0616 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll09:32:35.0562 0616 BITS - ok09:32:35.0593 0616 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll09:32:35.0703 0616 Browser - ok09:32:35.0750 0616 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys09:32:35.0781 0616 BrScnUsb - ok09:32:35.0781 0616 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys09:32:35.0812 0616 BrSerIf - ok09:32:35.0843 0616 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys09:32:35.0859 0616 BrUsbSer - ok09:32:35.0906 0616 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys09:32:36.0015 0616 BthEnum - ok09:32:36.0015 0616 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys09:32:36.0125 0616 BTHMODEM - ok09:32:36.0156 0616 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys09:32:36.0359 0616 BthPan - ok09:32:36.0406 0616 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys09:32:36.0453 0616 BTHPORT - ok09:32:36.0484 0616 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll09:32:36.0656 0616 BthServ - ok09:32:36.0687 0616 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys09:32:36.0796 0616 BTHUSB - ok09:32:36.0812 0616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys09:32:36.0937 0616 cbidf2k - ok09:32:36.0968 0616 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys09:32:37.0062 0616 CCDECODE - ok09:32:37.0078 0616 cd20xrnt - ok09:32:37.0125 0616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys09:32:37.0250 0616 Cdaudio - ok09:32:37.0312 0616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys09:32:37.0406 0616 Cdfs - ok09:32:37.0421 0616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys09:32:37.0531 0616 Cdrom - ok09:32:37.0562 0616 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys09:32:37.0578 0616 cercsr6 ( UnsignedFile.Multi.Generic ) - warning09:32:37.0578 0616 cercsr6 - detected UnsignedFile.Multi.Generic (1)09:32:37.0578 0616 Changer - ok09:32:37.0625 0616 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe09:32:37.0734 0616 CiSvc - ok09:32:37.0765 0616 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe09:32:37.0859 0616 ClipSrv - ok09:32:37.0937 0616 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe09:32:37.0953 0616 clr_optimization_v2.0.50727_32 - ok09:32:38.0000 0616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe09:32:38.0015 0616 clr_optimization_v4.0.30319_32 - ok09:32:38.0062 0616 CmdIde - ok09:32:38.0078 0616 COMSysApp - ok09:32:38.0125 0616 Cpqarray - ok09:32:38.0156 0616 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll09:32:38.0265 0616 CryptSvc - ok09:32:38.0312 0616 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys09:32:38.0343 0616 ctac32k - ok09:32:38.0390 0616 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys09:32:38.0437 0616 ctaud2k - ok09:32:38.0453 0616 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys09:32:38.0578 0616 ctljystk - ok09:32:38.0609 0616 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys09:32:38.0609 0616 ctprxy2k - ok09:32:38.0640 0616 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys09:32:38.0656 0616 ctsfm2k - ok09:32:38.0703 0616 CYUSB (56da869b46a09f57166fc86bf46d0084) C:\WINDOWS\system32\Drivers\CYUSB.sys09:32:38.0734 0616 CYUSB - ok09:32:38.0750 0616 dac2w2k - ok09:32:38.0765 0616 dac960nt - ok09:32:38.0796 0616 danewFltr (c512b618d0e19339572ad125e26b9cb5) C:\WINDOWS\system32\drivers\danew.sys09:32:38.0828 0616 danewFltr - ok09:32:38.0875 0616 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll09:32:38.0921 0616 DcomLaunch - ok09:32:38.0984 0616 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll09:32:39.0093 0616 Dhcp - ok09:32:39.0140 0616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys09:32:39.0234 0616 Disk - ok09:32:39.0250 0616 dmadmin - ok09:32:39.0296 0616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys09:32:39.0421 0616 dmboot - ok09:32:39.0468 0616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys09:32:39.0578 0616 dmio - ok09:32:39.0609 0616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys09:32:39.0734 0616 dmload - ok09:32:39.0765 0616 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll09:32:39.0859 0616 dmserver - ok09:32:39.0890 0616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys09:32:39.0984 0616 DMusic - ok09:32:40.0015 0616 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll09:32:40.0078 0616 Dnscache - ok09:32:40.0109 0616 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll09:32:40.0218 0616 Dot3svc - ok09:32:40.0234 0616 dpti2o - ok09:32:40.0265 0616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys09:32:40.0359 0616 drmkaud - ok09:32:40.0406 0616 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys09:32:40.0421 0616 dsNcAdpt - ok09:32:40.0500 0616 dsNcService (5538eed60dc1bc13e9e534d067cc0f40) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe09:32:40.0531 0616 dsNcService - ok09:32:40.0593 0616 DTSRVC (43a6fd0067bcec33d5d238ee0d87d598) C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe09:32:40.0609 0616 DTSRVC - ok09:32:40.0640 0616 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll09:32:40.0750 0616 EapHost - ok09:32:40.0796 0616 emu10k (eac137eb2c92c524cbb91b60f82db27e) C:\WINDOWS\system32\drivers\emu10k1f.sys09:32:40.0859 0616 emu10k - ok09:32:40.0890 0616 emu10k1 (aadc81e967c25dd7c90e150fec6eab74) C:\WINDOWS\system32\drivers\ctlface.sys09:32:40.0906 0616 emu10k1 - ok09:32:40.0937 0616 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys09:32:40.0953 0616 emupia - ok09:32:41.0000 0616 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll09:32:41.0109 0616 ERSvc - ok09:32:41.0156 0616 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe09:32:41.0187 0616 Eventlog - ok09:32:41.0218 0616 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll09:32:41.0250 0616 EventSystem - ok09:32:41.0296 0616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys09:32:41.0390 0616 Fastfat - ok09:32:41.0421 0616 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll09:32:41.0468 0616 FastUserSwitchingCompatibility - ok09:32:41.0484 0616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys09:32:41.0593 0616 Fdc - ok09:32:41.0609 0616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys09:32:41.0718 0616 Fips - ok09:32:41.0750 0616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys09:32:41.0843 0616 Flpydisk - ok09:32:41.0875 0616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys09:32:41.0984 0616 FltMgr - ok09:32:42.0046 0616 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe09:32:42.0062 0616 FontCache3.0.0.0 - ok09:32:42.0093 0616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys09:32:42.0218 0616 Fs_Rec - ok09:32:42.0265 0616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys09:32:42.0390 0616 Ftdisk - ok09:32:42.0421 0616 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys09:32:42.0531 0616 gameenum - ok09:32:42.0562 0616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys09:32:42.0671 0616 Gpc - ok09:32:42.0734 0616 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe09:32:42.0750 0616 gupdate - ok09:32:42.0765 0616 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe09:32:42.0781 0616 gupdatem - ok09:32:42.0843 0616 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys09:32:42.0890 0616 ha10kx2k - ok09:32:42.0921 0616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys09:32:43.0046 0616 HDAudBus - ok09:32:43.0109 0616 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll09:32:43.0203 0616 helpsvc - ok09:32:43.0234 0616 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll09:32:43.0343 0616 HidServ - ok09:32:43.0375 0616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys09:32:43.0484 0616 HidUsb - ok09:32:43.0515 0616 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll09:32:43.0625 0616 hkmsvc - ok09:32:43.0640 0616 hpn - ok09:32:43.0671 0616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys09:32:43.0718 0616 HTTP - ok09:32:43.0765 0616 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll09:32:43.0859 0616 HTTPFilter - ok09:32:43.0875 0616 i2omgmt - ok09:32:43.0890 0616 i2omp - ok09:32:43.0937 0616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys09:32:44.0031 0616 i8042prt - ok09:32:44.0109 0616 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe09:32:44.0156 0616 idsvc - ok09:32:44.0171 0616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys09:32:44.0265 0616 Imapi - ok09:32:44.0296 0616 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe09:32:44.0406 0616 ImapiService - ok09:32:44.0437 0616 ini910u - ok09:32:44.0562 0616 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys09:32:44.0828 0616 IntcAzAudAddService - ok09:32:44.0843 0616 IntelIde - ok09:32:44.0890 0616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys09:32:45.0000 0616 intelppm - ok09:32:45.0031 0616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys09:32:45.0140 0616 Ip6Fw - ok09:32:45.0187 0616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys09:32:45.0296 0616 IpFilterDriver - ok09:32:45.0328 0616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys09:32:45.0421 0616 IpInIp - ok09:32:45.0468 0616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys09:32:45.0562 0616 IpNat - ok09:32:45.0578 0616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys09:32:45.0687 0616 IPSec - ok09:32:45.0703 0616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys09:32:45.0812 0616 IRENUM - ok09:32:45.0828 0616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys09:32:45.0937 0616 isapnp - ok09:32:46.0015 0616 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe09:32:46.0031 0616 JavaQuickStarterService - ok09:32:46.0046 0616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys09:32:46.0156 0616 Kbdclass - ok09:32:46.0187 0616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys09:32:46.0296 0616 kbdhid - ok09:32:46.0328 0616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys09:32:46.0437 0616 kmixer - ok09:32:46.0468 0616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys09:32:46.0531 0616 KSecDD - ok09:32:46.0546 0616 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll09:32:46.0593 0616 lanmanserver - ok09:32:46.0609 0616 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll09:32:46.0640 0616 lanmanworkstation - ok09:32:46.0687 0616 Lavasoft Kernexplorer - ok09:32:46.0703 0616 lbrtfdc - ok09:32:46.0765 0616 LightScribeService (75ac54b996f7c8e17594ebc32b6614bd) C:\Program Files\Common Files\LightScribe\LSSrvc.exe09:32:46.0765 0616 LightScribeService - ok09:32:46.0812 0616 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys09:32:46.0828 0616 lirsgt ( UnsignedFile.Multi.Generic ) - warning09:32:46.0828 0616 lirsgt - detected UnsignedFile.Multi.Generic (1)09:32:46.0859 0616 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll09:32:46.0968 0616 LmHosts - ok09:32:47.0000 0616 McrewFolderWatcher (9a6e7c5a122cfbe6a173284a43452c72) c:\program files\mcrewserver\mcfolderwatcher.exe09:32:47.0015 0616 McrewFolderWatcher ( UnsignedFile.Multi.Generic ) - warning09:32:47.0015 0616 McrewFolderWatcher - detected UnsignedFile.Multi.Generic (1)09:32:47.0046 0616 McrewMusicStreamingServer (4887030ec4cbd1755b8616e5a2f4e0db) C:\Program Files\Sony\Mcrew Music Server\McrewHttpService.exe09:32:47.0078 0616 McrewMusicStreamingServer ( UnsignedFile.Multi.Generic ) - warning09:32:47.0078 0616 McrewMusicStreamingServer - detected UnsignedFile.Multi.Generic (1)09:32:47.0109 0616 McrewUPnPMusicServer (f1c80b35e69fccb8909df80f235ab001) C:\Program Files\Sony\Mcrew Music Server\McrewUPnPService.exe09:32:47.0140 0616 McrewUPnPMusicServer ( UnsignedFile.Multi.Generic ) - warning09:32:47.0140 0616 McrewUPnPMusicServer - detected UnsignedFile.Multi.Generic (1)09:32:47.0171 0616 McrewWebradioServer (b6f553456ac467dbc7e766158df0dbce) c:\program files\mcrewserver\mcservice.exe09:32:47.0203 0616 McrewWebradioServer ( UnsignedFile.Multi.Generic ) - warning09:32:47.0203 0616 McrewWebradioServer - detected UnsignedFile.Multi.Generic (1)09:32:47.0250 0616 Memctl (6dc926c53624755b07cfe254f3845afa) C:\Program Files\U-ABIT\FlashMenu\Memctl.sys09:32:47.0250 0616 Memctl ( UnsignedFile.Multi.Generic ) - warning09:32:47.0250 0616 Memctl - detected UnsignedFile.Multi.Generic (1)09:32:47.0312 0616 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll09:32:47.0421 0616 Messenger - ok09:32:47.0453 0616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys09:32:47.0578 0616 mnmdd - ok09:32:47.0609 0616 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe09:32:47.0703 0616 mnmsrvc - ok09:32:47.0750 0616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys09:32:47.0843 0616 Modem - ok09:32:47.0859 0616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys09:32:47.0968 0616 Mouclass - ok09:32:48.0000 0616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys09:32:48.0109 0616 mouhid - ok09:32:48.0140 0616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys09:32:48.0234 0616 MountMgr - ok09:32:48.0234 0616 mraid35x - ok09:32:48.0250 0616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys09:32:48.0359 0616 MRxDAV - ok09:32:48.0406 0616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys09:32:48.0468 0616 MRxSmb - ok09:32:48.0531 0616 MSCSPTISRV (b490bd0678cb6a4890a86020ed106c75) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe09:32:48.0546 0616 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning09:32:48.0546 0616 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)09:32:48.0593 0616 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe09:32:48.0703 0616 MSDTC - ok09:32:48.0750 0616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys09:32:48.0843 0616 Msfs - ok09:32:48.0859 0616 MSIServer - ok09:32:48.0890 0616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys09:32:48.0984 0616 MSKSSRV - ok09:32:49.0015 0616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys09:32:49.0125 0616 MSPCLOCK - ok09:32:49.0171 0616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys09:32:49.0265 0616 MSPQM - ok09:32:49.0312 0616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys09:32:49.0406 0616 mssmbios - ok09:32:49.0437 0616 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys09:32:49.0531 0616 MSTEE - ok09:32:49.0562 0616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys09:32:49.0593 0616 Mup - ok09:32:49.0625 0616 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys09:32:49.0734 0616 NABTSFEC - ok09:32:49.0765 0616 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll09:32:49.0875 0616 napagent - ok09:32:49.0906 0616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys09:32:50.0015 0616 NDIS - ok09:32:50.0031 0616 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys09:32:50.0125 0616 NdisIP - ok09:32:50.0156 0616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys09:32:50.0203 0616 NdisTapi - ok09:32:50.0218 0616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys09:32:50.0328 0616 Ndisuio - ok09:32:50.0359 0616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys09:32:50.0468 0616 NdisWan - ok09:32:50.0515 0616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys09:32:50.0531 0616 NDProxy - ok09:32:50.0546 0616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys09:32:50.0656 0616 NetBIOS - ok09:32:50.0687 0616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys09:32:50.0781 0616 NetBT - ok09:32:50.0828 0616 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe09:32:50.0937 0616 NetDDE - ok09:32:50.0937 0616 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe09:32:51.0046 0616 NetDDEdsdm - ok09:32:51.0062 0616 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe09:32:51.0156 0616 Netlogon - ok09:32:51.0203 0616 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll09:32:51.0312 0616 Netman - ok09:32:51.0390 0616 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe09:32:51.0406 0616 NetTcpPortSharing - ok09:32:51.0437 0616 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll09:32:51.0453 0616 Nla - ok09:32:51.0531 0616 NMIndexingService (d36107465e716cf2335a25c54b6d11c2) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe09:32:51.0562 0616 NMIndexingService - ok09:32:51.0671 0616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys09:32:51.0765 0616 Npfs - ok09:32:51.0796 0616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys09:32:51.0921 0616 Ntfs - ok09:32:51.0937 0616 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe09:32:52.0031 0616 NtLmSsp - ok09:32:52.0062 0616 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll09:32:52.0187 0616 NtmsSvc - ok09:32:52.0234 0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys09:32:52.0359 0616 Null - ok09:32:52.0953 0616 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys09:32:53.0781 0616 nv - ok09:32:53.0890 0616 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe09:32:53.0906 0616 NVSvc - ok09:32:54.0000 0616 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe09:32:54.0125 0616 nvUpdatusService - ok09:32:54.0171 0616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys09:32:54.0296 0616 NwlnkFlt - ok09:32:54.0312 0616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys09:32:54.0421 0616 NwlnkFwd - ok09:32:54.0468 0616 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys09:32:54.0500 0616 ossrv - ok09:32:54.0531 0616 P1131VID (b95ed663febab84752b5738b27393f7c) C:\WINDOWS\system32\DRIVERS\P1131Vid.sys09:32:54.0562 0616 P1131VID - ok09:32:54.0640 0616 PACSPTISVR (dcacc2fc7dc0a3d7a60beb81fa233822) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe09:32:54.0656 0616 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning09:32:54.0656 0616 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)09:32:54.0703 0616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys09:32:54.0796 0616 Parport - ok09:32:54.0828 0616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys09:32:54.0953 0616 PartMgr - ok09:32:54.0968 0616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys09:32:55.0093 0616 ParVdm - ok09:32:55.0109 0616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys09:32:55.0203 0616 PCI - ok09:32:55.0218 0616 PCIDump - ok09:32:55.0234 0616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys09:32:55.0343 0616 PCIIde - ok09:32:55.0390 0616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys09:32:55.0500 0616 Pcmcia - ok09:32:55.0500 0616 PDCOMP - ok09:32:55.0515 0616 PDFRAME - ok09:32:55.0546 0616 PdiPorts (22a6feab4800f16c4d3580f5c5fd8c8c) C:\WINDOWS\system32\Drivers\PdiPorts.sys09:32:55.0562 0616 PdiPorts - ok09:32:55.0640 0616 PdiService (211d143f544f10e2980ac226c905fab8) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe09:32:55.0656 0616 PdiService - ok09:32:55.0671 0616 PDRELI - ok09:32:55.0687 0616 PDRFRAME - ok09:32:55.0703 0616 perc2 - ok09:32:55.0718 0616 perc2hib - ok09:32:55.0750 0616 PfModNT (b293f05ad9120b0232c28945c1e98cd0) C:\WINDOWS\system32\PfModNT.sys09:32:55.0765 0616 PfModNT ( UnsignedFile.Multi.Generic ) - warning09:32:55.0765 0616 PfModNT - detected UnsignedFile.Multi.Generic (1)09:32:55.0781 0616 Pivot (ec4f52692b5cf116ca6b0428d84a9aba) C:\WINDOWS\system32\drivers\pivot.sys09:32:55.0796 0616 Pivot ( UnsignedFile.Multi.Generic ) - warning09:32:55.0796 0616 Pivot - detected UnsignedFile.Multi.Generic (1)09:32:55.0828 0616 pivotmou (7d72ac1abda06ff42fd57345d0d75523) C:\WINDOWS\System32\drivers\pivotmou.sys09:32:55.0828 0616 pivotmou ( UnsignedFile.Multi.Generic ) - warning09:32:55.0828 0616 pivotmou - detected UnsignedFile.Multi.Generic (1)09:32:55.0875 0616 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe09:32:55.0890 0616 PlugPlay - ok09:32:55.0921 0616 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\WINDOWS\system32\PnkBstrA.exe09:32:55.0937 0616 PnkBstrA - ok09:32:55.0953 0616 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe09:32:56.0062 0616 PolicyAgent - ok09:32:56.0078 0616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys09:32:56.0187 0616 PptpMiniport - ok09:32:56.0187 0616 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe09:32:56.0296 0616 ProtectedStorage - ok09:32:56.0312 0616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys09:32:56.0421 0616 PSched - ok09:32:56.0453 0616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys09:32:56.0578 0616 Ptilink - ok09:32:56.0609 0616 pwdrvio (681ae4f1927fe0fdeee2863f1684088d) C:\WINDOWS\system32\pwdrvio.sys09:32:56.0625 0616 pwdrvio - ok09:32:56.0671 0616 pwdspio (bc60895ce021309ebd887d2f22055654) C:\WINDOWS\system32\pwdspio.sys09:32:56.0687 0616 pwdspio - ok09:32:56.0718 0616 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys09:32:56.0734 0616 PxHelp20 - ok09:32:56.0750 0616 qfrhll - ok09:32:56.0765 0616 ql1080 - ok09:32:56.0781 0616 Ql10wnt - ok09:32:56.0796 0616 ql12160 - ok09:32:56.0812 0616 ql1240 - ok09:32:56.0828 0616 ql1280 - ok09:32:56.0875 0616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys09:32:56.0984 0616 RasAcd - ok09:32:57.0031 0616 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll09:32:57.0125 0616 RasAuto - ok09:32:57.0171 0616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys09:32:57.0281 0616 Rasl2tp - ok09:32:57.0312 0616 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll09:32:57.0421 0616 RasMan - ok09:32:57.0437 0616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys09:32:57.0578 0616 RasPppoe - ok09:32:57.0625 0616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys09:32:57.0734 0616 Raspti - ok09:32:57.0765 0616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys09:32:57.0859 0616 Rdbss - ok09:32:57.0890 0616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys09:32:58.0000 0616 RDPCDD - ok09:32:58.0031 0616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys09:32:58.0140 0616 rdpdr - ok09:32:58.0171 0616 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys09:32:58.0187 0616 RDPWD - ok09:32:58.0218 0616 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe09:32:58.0312 0616 RDSessMgr - ok09:32:58.0375 0616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys09:32:58.0468 0616 redbook - ok09:32:58.0500 0616 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll09:32:58.0609 0616 RemoteAccess - ok09:32:58.0640 0616 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll09:32:58.0734 0616 RemoteRegistry - ok09:32:58.0750 0616 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys09:32:58.0859 0616 RFCOMM - ok09:32:58.0875 0616 RimUsb - ok09:32:58.0906 0616 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys09:32:58.0921 0616 RimVSerPort - ok09:32:58.0953 0616 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys09:32:59.0062 0616 ROOTMODEM - ok09:32:59.0109 0616 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe09:32:59.0203 0616 RpcLocator - ok09:32:59.0250 0616 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll09:32:59.0265 0616 RpcSs - ok09:32:59.0281 0616 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe09:32:59.0406 0616 RSVP - ok09:32:59.0437 0616 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe09:32:59.0531 0616 SamSs - ok09:32:59.0562 0616 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe09:32:59.0671 0616 SCardSvr - ok09:32:59.0703 0616 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll09:32:59.0796 0616 Schedule - ok09:32:59.0843 0616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys09:32:59.0937 0616 Secdrv - ok09:32:59.0953 0616 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll09:33:00.0062 0616 seclogon - ok09:33:00.0078 0616 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll09:33:00.0187 0616 SENS - ok09:33:00.0218 0616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys09:33:00.0312 0616 Serial - ok09:33:00.0343 0616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys09:33:00.0453 0616 Sfloppy - ok09:33:00.0500 0616 sfman (28b740a66cb88be3d0cd93d5664d7d88) C:\WINDOWS\system32\drivers\sfman.sys09:33:00.0515 0616 sfman - ok09:33:00.0546 0616 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll09:33:00.0656 0616 SharedAccess - ok09:33:00.0703 0616 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll09:33:00.0718 0616 ShellHWDetection - ok09:33:00.0750 0616 Simbad - ok09:33:00.0781 0616 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys09:33:00.0875 0616 SLIP - ok09:33:00.0921 0616 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys09:33:00.0937 0616 snapman - ok09:33:01.0015 0616 SPAMfighter Update Service (0d3aa0e10da8a224ba97de57a442067f) C:\Program Files\SpamFighter\Fighters\SPAMfighter\sfus.exe09:33:01.0031 0616 SPAMfighter Update Service - ok09:33:01.0046 0616 Sparrow - ok09:33:01.0078 0616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys09:33:01.0171 0616 splitter - ok09:33:01.0234 0616 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe09:33:01.0265 0616 Spooler - ok09:33:01.0328 0616 SPTISRV (1b7447278005e38e464b34a7e841d628) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe09:33:01.0343 0616 SPTISRV ( UnsignedFile.Multi.Generic ) - warning09:33:01.0343 0616 SPTISRV - detected UnsignedFile.Multi.Generic (1)09:33:01.0390 0616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys09:33:01.0500 0616 sr - ok09:33:01.0531 0616 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll09:33:01.0625 0616 srservice - ok09:33:01.0671 0616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys09:33:01.0703 0616 Srv - ok09:33:01.0750 0616 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll09:33:01.0843 0616 SSDPSRV - ok09:33:01.0875 0616 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys09:33:01.0890 0616 ssmdrv - ok09:33:01.0921 0616 Steam Client Service - ok09:33:01.0968 0616 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll09:33:02.0093 0616 stisvc - ok09:33:02.0125 0616 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys09:33:02.0218 0616 streamip - ok09:33:02.0312 0616 Suite Service (6e14eb8364b9b41c363442d1168acca5) C:\Program Files\Fighters\FighterSuiteService.exe09:33:02.0390 0616 Suite Service - ok09:33:02.0421 0616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys09:33:02.0562 0616 swenum - ok09:33:02.0578 0616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys09:33:02.0703 0616 swmidi - ok09:33:02.0703 0616 SwPrv - ok09:33:02.0718 0616 symc810 - ok09:33:02.0734 0616 symc8xx - ok09:33:02.0750 0616 sym_hi - ok09:33:02.0781 0616 sym_u3 - ok09:33:02.0796 0616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys09:33:02.0906 0616 sysaudio - ok09:33:02.0937 0616 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe09:33:03.0046 0616 SysmonLog - ok09:33:03.0062 0616 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll09:33:03.0171 0616 TapiSrv - ok09:33:03.0234 0616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys09:33:03.0250 0616 Tcpip - ok09:33:03.0281 0616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys09:33:03.0390 0616 TDPIPE - ok09:33:03.0421 0616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys09:33:03.0531 0616 TDTCP - ok09:33:03.0546 0616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys09:33:03.0656 0616 TermDD - ok09:33:03.0687 0616 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll09:33:03.0796 0616 TermService - ok09:33:03.0828 0616 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll09:33:03.0843 0616 Themes - ok09:33:03.0875 0616 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys09:33:03.0875 0616 tifsfilter ( UnsignedFile.Multi.Generic ) - warning09:33:03.0875 0616 tifsfilter - detected UnsignedFile.Multi.Generic (1)09:33:03.0906 0616 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys09:33:03.0937 0616 timounter ( UnsignedFile.Multi.Generic ) - warning09:33:03.0937 0616 timounter - detected UnsignedFile.Multi.Generic (1)09:33:03.0968 0616 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe09:33:04.0078 0616 TlntSvr - ok09:33:04.0093 0616 TosIde - ok09:33:04.0125 0616 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll09:33:04.0234 0616 TrkWks - ok09:33:04.0281 0616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys09:33:04.0375 0616 Udfs - ok09:33:04.0390 0616 ultra - ok09:33:04.0421 0616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys09:33:04.0531 0616 Update - ok09:33:04.0578 0616 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll09:33:04.0671 0616 upnphost - ok09:33:04.0703 0616 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe09:33:04.0796 0616 UPS - ok09:33:04.0843 0616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys09:33:04.0937 0616 usbccgp - ok09:33:04.0968 0616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys09:33:05.0078 0616 usbehci - ok09:33:05.0109 0616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys09:33:05.0203 0616 usbhub - ok09:33:05.0234 0616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys09:33:05.0343 0616 usbprint - ok09:33:05.0375 0616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys09:33:05.0484 0616 usbscan - ok09:33:05.0500 0616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS09:33:05.0593 0616 USBSTOR - ok09:33:05.0625 0616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys09:33:05.0734 0616 usbuhci - ok09:33:05.0750 0616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys09:33:05.0843 0616 VgaSave - ok09:33:05.0875 0616 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\WINDOWS\system32\DRIVERS\vHidDev.sys09:33:05.0906 0616 vHidDev - ok09:33:05.0921 0616 ViaIde - ok09:33:05.0953 0616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys09:33:06.0062 0616 VolSnap - ok09:33:06.0109 0616 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe09:33:06.0218 0616 VSS - ok09:33:06.0234 0616 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll09:33:06.0343 0616 W32Time - ok09:33:06.0359 0616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys09:33:06.0468 0616 Wanarp - ok09:33:06.0515 0616 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys09:33:06.0531 0616 Wdf01000 - ok09:33:06.0546 0616 WDICA - ok09:33:06.0578 0616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys09:33:06.0671 0616 wdmaud - ok09:33:06.0703 0616 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll09:33:06.0812 0616 WebClient - ok09:33:06.0875 0616 WINFLASH (01f2026f3c5b9c87cf77a9d233c2d39b) C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys09:33:06.0890 0616 WINFLASH - ok09:33:06.0953 0616 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll09:33:07.0046 0616 winmgmt - ok09:33:07.0093 0616 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll09:33:07.0187 0616 WinRM - ok09:33:07.0234 0616 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll09:33:07.0265 0616 WmdmPmSN - ok09:33:07.0328 0616 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll09:33:07.0390 0616 Wmi - ok09:33:07.0437 0616 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe09:33:07.0546 0616 WmiApSrv - ok09:33:07.0671 0616 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe09:33:07.0734 0616 WMPNetworkSvc - ok09:33:07.0828 0616 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe09:33:07.0859 0616 WPFFontCache_v0400 - ok09:33:07.0906 0616 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll09:33:08.0031 0616 wscsvc - ok09:33:08.0046 0616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS09:33:08.0156 0616 WSTCODEC - ok09:33:08.0187 0616 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll09:33:08.0281 0616 wuauserv - ok09:33:08.0312 0616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys09:33:08.0343 0616 WudfPf - ok09:33:08.0375 0616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys09:33:08.0390 0616 WudfRd - ok09:33:08.0406 0616 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll09:33:08.0437 0616 WudfSvc - ok09:33:08.0468 0616 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll09:33:08.0578 0616 WZCSVC - ok09:33:08.0609 0616 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll09:33:08.0703 0616 xmlprov - ok09:33:08.0765 0616 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys09:33:08.0812 0616 yukonwxp - ok09:33:08.0843 0616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR009:33:09.0015 0616 \Device\Harddisk0\DR0 - ok09:33:09.0031 0616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR109:33:09.0343 0616 \Device\Harddisk1\DR1 - ok09:33:09.0359 0616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR209:33:09.0578 0616 \Device\Harddisk2\DR2 - ok09:33:09.0578 0616 Boot (0x1200) (b9a96eb4049ec305b8211d784b7f22cf) \Device\Harddisk0\DR0\Partition009:33:09.0578 0616 \Device\Harddisk0\DR0\Partition0 - ok09:33:09.0593 0616 Boot (0x1200) (93fc2841b09ecaa1247b9ce3d7d1d1ba) \Device\Harddisk1\DR1\Partition009:33:09.0593 0616 \Device\Harddisk1\DR1\Partition0 - ok09:33:09.0593 0616 Boot (0x1200) (d0196371a081d4879f1063796d20793e) \Device\Harddisk2\DR2\Partition009:33:09.0593 0616 \Device\Harddisk2\DR2\Partition0 - ok09:33:09.0625 0616 Boot (0x1200) (311c35363a41d84c37388112375017ba) \Device\Harddisk2\DR2\Partition109:33:09.0625 0616 \Device\Harddisk2\DR2\Partition1 - ok09:33:09.0625 0616 ============================================================09:33:09.0625 0616 Scan finished09:33:09.0625 0616 ============================================================09:33:09.0750 2252 Detected object count: 1809:33:09.0750 2252 Actual detected object count: 1809:33:44.0921 2252 C:\Program Files\U-ABIT\abitEQ\ABIT-IO.sys - copied to quarantine09:33:44.0921 2252 ABIT-IO ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0046 2252 C:\WINDOWS\system32\DRIVERS\atksgt.sys - copied to quarantine09:33:45.0046 2252 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0093 2252 C:\WINDOWS\System32\Drivers\BANTExt.sys - copied to quarantine09:33:45.0093 2252 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0156 2252 C:\WINDOWS\system32\drivers\cercsr6.sys - copied to quarantine09:33:45.0156 2252 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0187 2252 C:\WINDOWS\system32\DRIVERS\lirsgt.sys - copied to quarantine09:33:45.0187 2252 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0250 2252 c:\program files\mcrewserver\mcfolderwatcher.exe - copied to quarantine09:33:45.0250 2252 McrewFolderWatcher ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0328 2252 C:\Program Files\Sony\Mcrew Music Server\McrewHttpService.exe - copied to quarantine09:33:45.0328 2252 McrewMusicStreamingServer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0406 2252 C:\Program Files\Sony\Mcrew Music Server\McrewUPnPService.exe - copied to quarantine09:33:45.0406 2252 McrewUPnPMusicServer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0453 2252 c:\program files\mcrewserver\mcservice.exe - copied to quarantine09:33:45.0453 2252 McrewWebradioServer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0531 2252 C:\Program Files\U-ABIT\FlashMenu\Memctl.sys - copied to quarantine09:33:45.0531 2252 Memctl ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0609 2252 C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe - copied to quarantine09:33:45.0609 2252 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0625 2252 C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe - copied to quarantine09:33:45.0625 2252 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0750 2252 C:\WINDOWS\system32\PfModNT.sys - copied to quarantine09:33:45.0750 2252 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0796 2252 C:\WINDOWS\system32\drivers\pivot.sys - copied to quarantine09:33:45.0796 2252 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0843 2252 C:\WINDOWS\System32\drivers\pivotmou.sys - copied to quarantine09:33:45.0843 2252 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0890 2252 C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe - copied to quarantine09:33:45.0890 2252 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:45.0937 2252 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys - copied to quarantine09:33:45.0937 2252 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Quarantine09:33:46.0000 2252 C:\WINDOWS\system32\DRIVERS\timntr.sys - copied to quarantine09:33:46.0000 2252 timounter ( UnsignedFile.Multi.Generic ) - User select action: QuarantineGMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-04-15 19:11:04Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-1d ST3750640AS rev.3.AAERunning: gmer.exe; Driver: C:\DOCUME~1\Luke\LOCALS~1\Temp\kgdcapow.sys---- System - GMER 1.0.15 ----SSDT B873485C ZwCloseSSDT B8734816 ZwCreateKeySSDT B8734866 ZwCreateSectionSSDT B873480C ZwCreateThreadSSDT B873481B ZwDeleteKeySSDT B8734825 ZwDeleteValueKeySSDT B8734857 ZwDuplicateObjectSSDT B873482A ZwLoadKeySSDT B87347F8 ZwOpenProcessSSDT B87347FD ZwOpenThreadSSDT B873487F ZwQueryValueKeySSDT B8734834 ZwReplaceKeySSDT B8734870 ZwRequestWaitReplyPortSSDT B873482F ZwRestoreKeySSDT B873486B ZwSetContextThreadSSDT B8734875 ZwSetSecurityObjectSSDT B8734820 ZwSetValueKeySSDT B873487A ZwSystemDebugControlSSDT B8734807 ZwTerminateProcess---- Kernel code sections - GMER 1.0.15 ----.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6FCE3C0, 0x95AECA, 0xE8000020].text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB37C7300, 0x3ACC8, 0xE8000020].text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8480300, 0x1B7E, 0xE8000020]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Mozilla Firefox\firefox.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[3840] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[3840] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[3840] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation).text C:\Program Files\Mozilla Firefox\plugin-container.exe[3840] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)---- Devices - GMER 1.0.15 ----AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0015833d0a57@5c6b327c0618 0x46 0xBA 0x67 0xF8 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@5c6b327c0618 0x46 0xBA 0x67 0xF8 ...---- EOF - GMER 1.0.15 ----ListParts by Farbar Version: 12-03-2012 03Ran by Luke (administrator) on 15-04-2012 at 19:11:19Windows XP (X86)Running From: C:\Documents and Settings\Luke\DesktopLanguage: 0409************************************************************========================= Memory info ======================Percentage of memory in use: 24%Total physical RAM: 3326.42 MBAvailable physical RAM: 2505.13 MBTotal Pagefile: 5210.18 MBAvailable Pagefile: 4471.98 MBTotal Virtual: 2047.88 MBAvailable Virtual: 2001.79 MB======================= Partitions =========================2 Drive c: () (Fixed) (Total:503.33 GB) (Free:462.55 GB) NTFS ==>[Drive with boot components (Windows XP)]3 Drive d: () (Fixed) (Total:195.31 GB) (Free:171.69 GB) NTFS4 Drive e: (Music) (Fixed) (Total:38.28 GB) (Free:23.76 GB) NTFS5 Drive f: (Work stuff) (Fixed) (Total:19.16 GB) (Free:9.99 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 19 GB 0 B Disk 1 Online 38 GB 0 B Disk 2 Online 699 GB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 19 GB 32 KB======================================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 F Work stuff NTFS Partition 19 GB Healthy ======================================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 38 GB 32 KB======================================================================================================Disk: 1Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 E Music NTFS Partition 38 GB Healthy ======================================================================================================Partitions of Disk 2:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 503 GB 32 KB Partition 2 Primary 195 GB 503 GB======================================================================================================Disk: 2The disk management services could not complete the operation.======================================================================================================Disk: 2Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 D NTFS Partition 195 GB Healthy ======================================================================================================****** End Of Log ****** Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 18, 2012 ID:543887 Share Posted April 18, 2012 Close any/all open internet browsers. Save any open documents you have open & close programs you started.Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware ChameleonOn Windows 7, press Windows-key, then start typing in text box Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.61[/b] at the topPress any key to continue as it says in the window {space-bar will do}If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).Have infinite patience during this processMalwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possibleOnce the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scanA quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]If prompted to restart your computer to complete the removal process, click [b]Yes[/b] If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats Link to post Share on other sites More sharing options...
Luke56 Posted April 19, 2012 Author ID:544183 Share Posted April 19, 2012 Avira found a trojan in a system restore folder, and I am now able to load and run Malwarebytes. I'm not sure if it was the virus scan, or one of the other tools you had me run that fixed the problem. I sure do appreciate the advice though. Thank you.Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.15.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Luke :: LUKES-PC [administrator]4/15/2012 7:28:17 PMmbam-log-2012-04-15 (19-28-17).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 385661Time elapsed: 2 hour(s), 10 minute(s), 57 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 19, 2012 ID:544187 Share Posted April 19, 2012 Good deal !This log shows a slightly out of date definition set. Please take a few minutes, and Update, and do a QUICK scan.Then post the new log.Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that.When done, click the Scanner tab.Do a Quick Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Link to post Share on other sites More sharing options...
Luke56 Posted April 19, 2012 Author ID:544201 Share Posted April 19, 2012 Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.19.02Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Luke :: LUKES-PC [administrator]Protection: Enabled4/19/2012 9:26:31 AMmbam-log-2012-04-19 (09-26-31).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 257256Time elapsed: 9 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 19, 2012 ID:544212 Share Posted April 19, 2012 Check to insure your Adobe Reader is up-to-date for any patches/fixes.Start Adobe Reader. Go to the Help menu item, select the Check for Updates option, and follow the prompts.Make sure your Firefox browser is up-to-date: Start Firefox, go to Help >> About Firefox and allow it check for latest update, and allow it to update.Set Exclusions for Malwarebytes' Anti-Malware in Avira on 32 bit Windows Versions:Open Avira and click on Local Protection on the leftClick on GuardClick on Configuration on the upper rightClick the checkbox next to Expert mode on the upper left so that it is checkedUnder Guard, click the + next to Scan to expand the listClick on ExceptionsUnder Processes to be omitted by the Guard click the ... button next to the blank white boxIn the browse window that opens, navigate to C:\Program Files\Malwarebytes' Anti-MalwareDouble-click on mbam.exe then click the Add buttonRepeat steps 7-9 for the following files:C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Click on ApplyClose Avira's windowSet Exclusions for Avira in Malwarebytes' Anti-Malware:Open Malwarebytes' Anti-Malware and click on the Ignore List tabClick the Add button on the lower leftIn the small browse window that opens, navigate to C:\Program Files and click once on Avira and click OKClose Malwarebytes' Anti-MalwareThanks to exile360.I see that you are clear of your original issues.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used.Download >> OTC << to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Run Disk Cleanup with the System Restore Cleanup as outlined here by Bert Kinney, MS MVPhttp://bertk.mvps.or.../diskclean.htmlERUNT you should keep and use to periodically backup the Windows registry.Delete the following if still present:RogueKiller.exeaswMBR.exeTDSSKILLER.exeGmer.exeListparts.exeConfigure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Critical Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htmSee the FAQ page http://mvps.org/winh...02/hostsfaq.htmThat would help to keep your browser away from known spyware/malware sites.Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-s...e/download.htmlOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerPanda ActiveScanTrend Micro HousecallF-Secure Online ScannerSee Six tips to help you stay safer onlineNever, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !Consider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onWe are finished here. Best regards. Link to post Share on other sites More sharing options...
Recommended Posts