Jump to content

Google Redirect Virus.....4.12.2012


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

---------------------------

Next......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22

Run by BRIAN - NCT at 8:26:45 on 2012-04-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3838.2929 [GMT -7:00]

.

.

============== Running Processes ===============

.

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

H:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\UnsignedThemesSvc.exe

H:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

H:\WINDOWS\eHome\ehRecvr.exe

H:\WINDOWS\eHome\ehSched.exe

H:\Program Files\Java\jre6\bin\jqs.exe

H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

H:\WINDOWS\system32\nlssrv32.exe

H:\WINDOWS\system32\PRISMSVC.EXE

svchost.exe

H:\WINDOWS\system32\svchost.exe -k imgsvc

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\PRISMSVR.EXE

H:\WINDOWS\system32\dllhost.exe

H:\WINDOWS\system32\wscntfy.exe

H:\WINDOWS\ehome\ehtray.exe

H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

H:\Program Files\Creative\Mixer\CTSVolFE.exe

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

H:\WINDOWS\stsystra.exe

H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

H:\Program Files\Common Files\Java\Java Update\jusched.exe

H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

H:\WINDOWS\eHome\ehmsas.exe

H:\Program Files\Messenger\msmsgs.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe

H:\Program Files\Dell Wireless\PRISMCFG.exe

H:\Program Files\MagicDisc\MagicDisc.exe

H:\Program Files\OpenOffice.org 3\program\soffice.exe

H:\Program Files\OpenOffice.org 3\program\soffice.bin

H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Program Files\Common Files\Java\Java Update\jucheck.exe

H:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

H:\PROGRA~1\MICROS~3\Office14\OUTLOOK.EXE

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

H:\Documents and Settings\BRIAN - NCT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - h:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "h:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "h:\documents and settings\brian - nct\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe

uRun: [AdobeBridge] "h:\program files\adobe\adobe bridge cs5.1\Bridge.exe" -stealth

mRun: [ehTray] h:\windows\ehome\ehtray.exe

mRun: [startCCC] "h:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CTSVolFE] "h:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Malwarebytes' Anti-Malware] "h:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"

mRun: [GrooveMonitor] "h:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AdobeAAMUpdater-1.0] "h:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5.5ServiceManager] "h:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [bCSSync] "h:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] h:\program files\common files\adobe\switchboard\SwitchBoard.exe

StartupFolder: h:\docume~1\brian-~1\startm~1\programs\startup\magicd~1.lnk - h:\program files\magicdisc\MagicDisc.exe

StartupFolder: h:\docume~1\brian-~1\startm~1\programs\startup\openof~1.lnk - h:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - h:\program files\microsoft office\office10\OSA.EXE

StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - h:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico

StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - h:\program files\dell wireless\PRISMCFG.exe

IE: E&xport to Microsoft Excel - h:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{102FC735-F90E-4C5D-A4B2-CC7F27390C3B} : DhcpNameServer = 192.168.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - h:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - h:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: PRISMAPI.DLL - PRISMAPI.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - h:\documents and settings\brian - nct\application data\mozilla\firefox\profiles\4u1g8zb0.default\

FF - plugin: h:\documents and settings\brian - nct\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: h:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: h:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: h:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: h:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;h:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-19 654408]

R2 McrdSvc;Media Center Extender Service;h:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 nlsX86cc;Nalpeiron Licensing Service;h:\windows\system32\nlssrv32.exe [2011-1-21 64512]

R2 PRISMSVC;PRISMSVC;h:\windows\system32\PRISMSVC.exe [2011-12-18 61529]

R2 UltraMonUtility;UltraMon Utility Driver;h:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]

R2 UnsignedThemes;Unsigned Themes;h:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]

R2 uxpatch;uxpatch;h:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]

R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2011-12-19 22344]

R3 osppsvc;Office Software Protection Platform;h:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 hptsvr;hptsvr;h:\program files\g-technology\g-tech g-speed es configuration utility software\service\hptsvr.exe [2012-1-23 45056]

S3 slsusb;Edge CS/CTS Device Driver;h:\windows\system32\drivers\slsusb.sys [2012-1-20 26208]

S3 SwitchBoard;SwitchBoard;h:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-12 01:14:54 953856 -c----w- h:\windows\system32\dllcache\mfc40u.dll

2012-04-12 01:14:22 617472 -c----w- h:\windows\system32\dllcache\comctl32.dll

2012-04-12 01:09:27 40960 -c----w- h:\windows\system32\dllcache\ndproxy.sys

2012-04-12 01:04:31 105472 -c----w- h:\windows\system32\dllcache\mup.sys

2012-04-12 00:56:15 852480 -c----w- h:\windows\system32\dllcache\vgx.dll

2012-04-12 00:55:57 10496 -c----w- h:\windows\system32\dllcache\ndistapi.sys

2012-04-12 00:55:56 3072 -c----w- h:\windows\system32\dllcache\iacenc.dll

2012-04-12 00:55:56 3072 ------w- h:\windows\system32\iacenc.dll

2012-04-12 00:55:26 45568 -c----w- h:\windows\system32\dllcache\wab.exe

2012-04-12 00:55:10 139784 -c----w- h:\windows\system32\dllcache\rdpwd.sys

2012-04-11 17:52:06 -------- d-----w- h:\documents and settings\brian - nct\application data\Adobe Mini Bridge CS5.1

2012-04-11 17:52:05 -------- d-----w- h:\documents and settings\brian - nct\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2012-04-11 16:57:19 -------- d-----w- h:\windows\system32\wbem\repository\FS

2012-04-11 16:57:19 -------- d-----w- h:\windows\system32\wbem\Repository

2012-04-11 16:53:00 -------- d-----w- H:\ComboFix

2012-04-11 15:53:33 274288 ----a-w- h:\windows\system32\mucltui.dll

2012-04-11 15:53:33 215920 ----a-w- h:\windows\system32\muweb.dll

2012-04-11 15:53:33 16736 ----a-w- h:\windows\system32\mucltui.dll.mui

2012-04-11 15:43:25 -------- d-----w- h:\program files\Microsoft Synchronization Services

2012-04-11 15:42:59 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition

2012-04-11 15:42:59 -------- d-----w- h:\documents and settings\all users\Microsoft

2012-04-11 15:08:01 -------- d-----w- h:\windows\system32\scripting

2012-04-11 15:08:00 -------- d-----w- h:\windows\system32\en

2012-04-11 15:08:00 -------- d-----w- h:\windows\system32\bits

2012-04-11 15:08:00 -------- d-----w- h:\windows\l2schemas

2012-04-11 15:05:07 -------- d-----w- h:\windows\network diagnostic

2012-04-10 22:53:59 -------- d-----w- h:\documents and settings\brian - nct\local settings\application data\LogMeIn Rescue Applet

2012-04-06 20:33:39 -------- d-----w- h:\program files\Castle Creations

2012-04-06 20:33:22 -------- d-----w- h:\documents and settings\brian - nct\application data\Castle Creations

2012-04-05 19:35:57 -------- d-----w- h:\documents and settings\brian - nct\application data\ObviousIdea

2012-04-05 19:35:27 -------- d-----w- h:\program files\ObviousIdea

2012-04-05 15:08:47 116736 ----a-w- h:\windows\system32\drivers\mcdbus.sys

2012-04-05 15:08:47 -------- d-----w- h:\program files\MagicDisc

2012-03-27 20:58:53 -------- d-----w- h:\program files\Vertus Fluid Mask 3

2012-03-26 23:31:16 592824 ----a-w- h:\program files\mozilla firefox\gkmedias.dll

2012-03-26 23:31:16 44472 ----a-w- h:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-04-04 22:56:40 22344 ----a-w- h:\windows\system32\drivers\mbam.sys

2012-02-29 14:10:16 177664 ----a-w- h:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- h:\windows\system32\imagehlp.dll

2012-02-28 18:50:30 667136 ----a-w- h:\windows\system32\wininet.dll

2012-02-28 18:50:30 61952 ----a-w- h:\windows\system32\tdc.ocx

2012-02-28 18:50:29 81920 ----a-w- h:\windows\system32\ieencode.dll

2012-02-28 13:50:54 369664 ----a-w- h:\windows\system32\html.iec

2012-02-14 19:09:44 1070352 ----a-w- h:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22:18 1860096 ----a-w- h:\windows\system32\win32k.sys

.

============= FINISH: 8:27:34.69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/14/2011 7:32:01 PM

System Uptime: 4/16/2012 7:51:32 AM (25 hours ago)

.

Motherboard: Dell Inc. | | 0FJ030

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 0 GiB total, 0 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 358.935 GiB free.

F: is CDROM ()

H: is FIXED (NTFS) - 466 GiB total, 427.529 GiB free.

I: is CDROM ()

J: is CDROM ()

N: is Removable

O: is Removable

S: is Removable

T: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&28F0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&28F0

Service:

.

==== System Restore Points ===================

.

RP176: 4/15/2012 11:41:48 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5.5 Master Collection

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Widget Browser

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Castle Link

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Edge MyStyle

eSATA adapter

ESPNMotion

FileZilla Client 3.5.3

Fusion

G-Tech G-SPEED eS Configuration Utility Service

GemMaster Mystic

Google Chrome

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958655-v2)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Intel® PRO Network Connections Drivers

Java Auto Updater

Java 6 Update 22

Light Image Resizer 4.1.1.2

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Professional with FrontPage

Microsoft Outlook 2010

Microsoft Software Update for Web Folders (English) 12

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mixer

Mozilla Firefox 11.0 (x86 en-US)

MSXML 6 Service Pack 2 (KB973686)

Notepad Pro v1.4

NoteTab Pro 6 (Remove only)

OpenOffice.org 3.3

Otto

PartitionMagic

PDF Settings CS5

Photomatix Pro version 4.0.2

PowerQuest PartitionMagic 8.0

SanDisk ImageMate Reader/Writer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

SigmaTel Audio

Skins

Sonic Encoders

Sound Blaster Audigy ADVANCED MB Demo

Tuner Internet Update Application

UltraMon

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

USB 2.0 Wireless LAN Card Utility

UxStyle Core Beta

Vertus Fluid Mask 3 3.2.3

ViGlance

WebFldrs XP

Windows 7 Upgrade Advisor

Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Media Format Runtime

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

4/15/2012 3:00:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSI2cf10.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

4/14/2012 3:00:52 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSI84928.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

4/13/2012 3:00:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSI25a5.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

4/12/2012 3:01:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSI92290.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

4/11/2012 9:38:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

4/11/2012 9:38:40 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:38:40 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:38:40 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:38:40 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:37:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/11/2012 9:37:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/11/2012 7:42:57 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'Microsoft. .. C.manifest' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

4/11/2012 11:37:00 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DREOFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{102FC735-F90E-4C5D. The master browser is stopping or an election is being forced.

4/10/2012 4:28:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

.

==== End Of File ===========================

Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: BRIAN - NCT [Admin rights]

Mode: Scan -- Date: 04/17/2012 09:12:30

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] UnsignedThemesSvc.exe -- H:\WINDOWS\UnsignedThemesSvc.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "H:\Documents and Settings\BRIAN - NCT\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\yvfpemrj.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "H:\Documents and Settings\BRIAN - NCT\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\yvfpemrj.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 3dns.adobe.com

127.0.0.1 3dns-1.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-4.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com

127.0.0.1 activate.wip2.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 activate.wip4.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-1.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500820AS +++++

--- User ---

[MBR] 21b68cf6b7ffc9e38e38f4a8f0e8414e

[bSP] dc86ad1db51d492b4b55cb6874325511 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please back up the registry using ERUNT as outlined in the link below:

http://www.geekstogo...ry-using-erunt/

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

09:43:13.0367 1624 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

09:43:13.0836 1624 ============================================================

09:43:13.0836 1624 Current date / time: 2012/04/17 09:43:13.0836

09:43:13.0836 1624 SystemInfo:

09:43:13.0836 1624

09:43:13.0836 1624 OS Version: 5.1.2600 ServicePack: 3.0

09:43:13.0836 1624 Product type: Workstation

09:43:13.0836 1624 ComputerName: HOME-CFBB0C4D2C

09:43:13.0836 1624 UserName: BRIAN - NCT

09:43:13.0836 1624 Windows directory: H:\WINDOWS

09:43:13.0836 1624 System windows directory: H:\WINDOWS

09:43:13.0836 1624 Processor architecture: Intel x86

09:43:13.0836 1624 Number of processors: 2

09:43:13.0836 1624 Page size: 0x1000

09:43:13.0836 1624 Boot type: Normal boot

09:43:13.0836 1624 ============================================================

09:43:14.0273 1624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:43:14.0273 1624 Drive \Device\Harddisk1\DR15 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

09:43:14.0336 1624 \Device\Harddisk0\DR0:

09:43:14.0336 1624 MBR used

09:43:14.0336 1624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

09:43:14.0336 1624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

09:43:14.0336 1624 \Device\Harddisk1\DR15:

09:43:14.0336 1624 MBR used

09:43:14.0336 1624 \Device\Harddisk1\DR15\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

09:43:14.0445 1624 Initialize success

09:43:14.0445 1624 ============================================================

09:43:26.0789 2764 ============================================================

09:43:26.0789 2764 Scan started

09:43:26.0789 2764 Mode: Manual;

09:43:26.0789 2764 ============================================================

09:43:27.0101 2764 Abiosdsk - ok

09:43:27.0117 2764 abp480n5 - ok

09:43:27.0164 2764 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys

09:43:27.0164 2764 ACPI - ok

09:43:27.0195 2764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys

09:43:27.0195 2764 ACPIEC - ok

09:43:27.0211 2764 adpu160m - ok

09:43:27.0242 2764 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys

09:43:27.0242 2764 aec - ok

09:43:27.0289 2764 AegisP (2f7f3e8da380325866e566f5d5ec23d5) H:\WINDOWS\system32\DRIVERS\AegisP.sys

09:43:27.0289 2764 AegisP - ok

09:43:27.0336 2764 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys

09:43:27.0336 2764 AFD - ok

09:43:27.0351 2764 Aha154x - ok

09:43:27.0351 2764 aic78u2 - ok

09:43:27.0367 2764 aic78xx - ok

09:43:27.0414 2764 Alerter (a9a3daa780ca6c9671a19d52456705b4) H:\WINDOWS\system32\alrsvc.dll

09:43:27.0414 2764 Alerter - ok

09:43:27.0430 2764 ALG (8c515081584a38aa007909cd02020b3d) H:\WINDOWS\System32\alg.exe

09:43:27.0430 2764 ALG - ok

09:43:27.0445 2764 AliIde - ok

09:43:27.0461 2764 amsint - ok

09:43:27.0508 2764 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) H:\WINDOWS\System32\appmgmts.dll

09:43:27.0508 2764 AppMgmt - ok

09:43:27.0523 2764 asc - ok

09:43:27.0523 2764 asc3350p - ok

09:43:27.0539 2764 asc3550 - ok

09:43:27.0648 2764 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:43:27.0648 2764 aspnet_state - ok

09:43:27.0695 2764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:43:27.0695 2764 AsyncMac - ok

09:43:27.0726 2764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys

09:43:27.0726 2764 atapi - ok

09:43:27.0742 2764 Atdisk - ok

09:43:27.0789 2764 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) H:\WINDOWS\system32\Ati2evxx.exe

09:43:27.0789 2764 Ati HotKey Poller - ok

09:43:27.0820 2764 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) H:\WINDOWS\system32\ati2sgag.exe

09:43:27.0820 2764 ATI Smart - ok

09:43:27.0930 2764 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:43:27.0945 2764 ati2mtag - ok

09:43:28.0023 2764 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:43:28.0023 2764 Atmarpc - ok

09:43:28.0055 2764 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) H:\WINDOWS\System32\audiosrv.dll

09:43:28.0055 2764 AudioSrv - ok

09:43:28.0086 2764 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys

09:43:28.0101 2764 audstub - ok

09:43:28.0117 2764 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys

09:43:28.0117 2764 Beep - ok

09:43:28.0164 2764 BITS (574738f61fca2935f5265dc4e5691314) H:\WINDOWS\system32\qmgr.dll

09:43:28.0164 2764 BITS - ok

09:43:28.0195 2764 Browser (a06ce3399d16db864f55faeb1f1927a9) H:\WINDOWS\System32\browser.dll

09:43:28.0195 2764 Browser - ok

09:43:28.0226 2764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys

09:43:28.0226 2764 cbidf2k - ok

09:43:28.0242 2764 cd20xrnt - ok

09:43:28.0258 2764 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys

09:43:28.0258 2764 Cdaudio - ok

09:43:28.0305 2764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys

09:43:28.0305 2764 Cdfs - ok

09:43:28.0320 2764 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys

09:43:28.0320 2764 Cdrom - ok

09:43:28.0351 2764 cercsr6 (84853b3fd012251690570e9e7e43343f) H:\WINDOWS\system32\drivers\cercsr6.sys

09:43:28.0351 2764 cercsr6 - ok

09:43:28.0367 2764 Changer - ok

09:43:28.0398 2764 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) H:\WINDOWS\system32\cisvc.exe

09:43:28.0398 2764 CiSvc - ok

09:43:28.0414 2764 ClipSrv (34cbe729f38138217f9c80212a2a0c82) H:\WINDOWS\system32\clipsrv.exe

09:43:28.0414 2764 ClipSrv - ok

09:43:28.0492 2764 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:43:28.0492 2764 clr_optimization_v2.0.50727_32 - ok

09:43:28.0555 2764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:43:28.0555 2764 clr_optimization_v4.0.30319_32 - ok

09:43:28.0570 2764 CmdIde - ok

09:43:28.0586 2764 COMSysApp - ok

09:43:28.0601 2764 Cpqarray - ok

09:43:28.0664 2764 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) H:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

09:43:28.0664 2764 Creative Labs Licensing Service - ok

09:43:28.0695 2764 CryptSvc (3d4e199942e29207970e04315d02ad3b) H:\WINDOWS\System32\cryptsvc.dll

09:43:28.0695 2764 CryptSvc - ok

09:43:28.0711 2764 dac2w2k - ok

09:43:28.0726 2764 dac960nt - ok

09:43:28.0773 2764 DcomLaunch (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll

09:43:28.0773 2764 DcomLaunch - ok

09:43:28.0820 2764 Dhcp (5e38d7684a49cacfb752b046357e0589) H:\WINDOWS\System32\dhcpcsvc.dll

09:43:28.0820 2764 Dhcp - ok

09:43:28.0836 2764 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys

09:43:28.0836 2764 Disk - ok

09:43:28.0851 2764 dmadmin - ok

09:43:28.0898 2764 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys

09:43:28.0898 2764 dmboot - ok

09:43:28.0914 2764 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys

09:43:28.0914 2764 dmio - ok

09:43:28.0930 2764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys

09:43:28.0930 2764 dmload - ok

09:43:28.0961 2764 dmserver (57edec2e5f59f0335e92f35184bc8631) H:\WINDOWS\System32\dmserver.dll

09:43:28.0961 2764 dmserver - ok

09:43:29.0023 2764 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys

09:43:29.0023 2764 DMusic - ok

09:43:29.0070 2764 Dnscache (5f7e24fa9eab896051ffb87f840730d2) H:\WINDOWS\System32\dnsrslvr.dll

09:43:29.0070 2764 Dnscache - ok

09:43:29.0101 2764 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) H:\WINDOWS\System32\dot3svc.dll

09:43:29.0117 2764 Dot3svc - ok

09:43:29.0117 2764 dpti2o - ok

09:43:29.0164 2764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys

09:43:29.0164 2764 drmkaud - ok

09:43:29.0211 2764 e1express (0849eacdc01487573add86f5e470806c) H:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:43:29.0211 2764 e1express - ok

09:43:29.0258 2764 EapHost (2187855a7703adef0cef9ee4285182cc) H:\WINDOWS\System32\eapsvc.dll

09:43:29.0258 2764 EapHost - ok

09:43:29.0320 2764 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) H:\WINDOWS\eHome\ehRecvr.exe

09:43:29.0320 2764 ehRecvr - ok

09:43:29.0320 2764 ehSched (a53243709439ac2a4c216b817f8d7411) H:\WINDOWS\eHome\ehSched.exe

09:43:29.0320 2764 ehSched - ok

09:43:29.0367 2764 ERSvc (bc93b4a066477954555966d77fec9ecb) H:\WINDOWS\System32\ersvc.dll

09:43:29.0367 2764 ERSvc - ok

09:43:29.0414 2764 Eventlog (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe

09:43:29.0414 2764 Eventlog - ok

09:43:29.0445 2764 EventSystem (d4991d98f2db73c60d042f1aef79efae) H:\WINDOWS\system32\es.dll

09:43:29.0445 2764 EventSystem - ok

09:43:29.0492 2764 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys

09:43:29.0492 2764 Fastfat - ok

09:43:29.0523 2764 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:43:29.0539 2764 FastUserSwitchingCompatibility - ok

09:43:29.0555 2764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys

09:43:29.0555 2764 Fdc - ok

09:43:29.0586 2764 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys

09:43:29.0586 2764 Fips - ok

09:43:29.0617 2764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:43:29.0617 2764 Flpydisk - ok

09:43:29.0633 2764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys

09:43:29.0633 2764 FltMgr - ok

09:43:29.0742 2764 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:43:29.0742 2764 FontCache3.0.0.0 - ok

09:43:29.0773 2764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys

09:43:29.0773 2764 Fs_Rec - ok

09:43:29.0805 2764 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) H:\WINDOWS\system32\drivers\ftdibus.sys

09:43:29.0805 2764 FTDIBUS - ok

09:43:29.0836 2764 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:43:29.0836 2764 Ftdisk - ok

09:43:29.0867 2764 FTSER2K (23220a4709cc5785f9633ba71416145c) H:\WINDOWS\system32\drivers\ftser2k.sys

09:43:29.0867 2764 FTSER2K - ok

09:43:29.0883 2764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys

09:43:29.0883 2764 Gpc - ok

09:43:29.0914 2764 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:43:29.0914 2764 HDAudBus - ok

09:43:29.0945 2764 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:43:29.0945 2764 helpsvc - ok

09:43:29.0992 2764 HidServ (deb04da35cc871b6d309b77e1443c796) H:\WINDOWS\System32\hidserv.dll

09:43:29.0992 2764 HidServ - ok

09:43:30.0039 2764 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys

09:43:30.0039 2764 hidusb - ok

09:43:30.0086 2764 hkmsvc (8878bd685e490239777bfe51320b88e9) H:\WINDOWS\System32\kmsvc.dll

09:43:30.0086 2764 hkmsvc - ok

09:43:30.0101 2764 hpn - ok

09:43:30.0164 2764 hptsvr (3345606948ca8934f28bea5cda32adda) H:\Program Files\G-Technology\G-Tech G-SPEED eS Configuration Utility Software\service\hptsvr.exe

09:43:30.0164 2764 hptsvr - ok

09:43:30.0211 2764 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys

09:43:30.0211 2764 HTTP - ok

09:43:30.0242 2764 HTTPFilter (6100a808600f44d999cebdef8841c7a3) H:\WINDOWS\System32\w3ssl.dll

09:43:30.0242 2764 HTTPFilter - ok

09:43:30.0273 2764 i2omgmt - ok

09:43:30.0289 2764 i2omp - ok

09:43:30.0320 2764 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\drivers\i8042prt.sys

09:43:30.0320 2764 i8042prt - ok

09:43:30.0367 2764 iastor (294110966cedd127629c5be48367c8cf) H:\WINDOWS\system32\DRIVERS\iaStor.sys

09:43:30.0367 2764 iastor - ok

09:43:30.0523 2764 idsvc (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:43:30.0523 2764 idsvc - ok

09:43:30.0601 2764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys

09:43:30.0601 2764 Imapi - ok

09:43:30.0648 2764 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) H:\WINDOWS\system32\imapi.exe

09:43:30.0648 2764 ImapiService - ok

09:43:30.0664 2764 ini910u - ok

09:43:30.0680 2764 IntelIde - ok

09:43:30.0711 2764 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys

09:43:30.0711 2764 intelppm - ok

09:43:30.0742 2764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys

09:43:30.0742 2764 Ip6Fw - ok

09:43:30.0805 2764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:43:30.0805 2764 IpFilterDriver - ok

09:43:30.0851 2764 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys

09:43:30.0851 2764 IpInIp - ok

09:43:30.0898 2764 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys

09:43:30.0898 2764 IpNat - ok

09:43:30.0914 2764 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys

09:43:30.0914 2764 IPSec - ok

09:43:30.0930 2764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys

09:43:30.0930 2764 IRENUM - ok

09:43:30.0945 2764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys

09:43:30.0945 2764 isapnp - ok

09:43:31.0055 2764 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) H:\Program Files\Java\jre6\bin\jqs.exe

09:43:31.0055 2764 JavaQuickStarterService - ok

09:43:31.0133 2764 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:43:31.0133 2764 Kbdclass - ok

09:43:31.0148 2764 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:43:31.0148 2764 kbdhid - ok

09:43:31.0164 2764 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys

09:43:31.0164 2764 kmixer - ok

09:43:31.0195 2764 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys

09:43:31.0211 2764 KSecDD - ok

09:43:31.0242 2764 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) H:\WINDOWS\System32\srvsvc.dll

09:43:31.0242 2764 lanmanserver - ok

09:43:31.0273 2764 lanmanworkstation (a8888a5327621856c0cec4e385f69309) H:\WINDOWS\System32\wkssvc.dll

09:43:31.0273 2764 lanmanworkstation - ok

09:43:31.0289 2764 lbrtfdc - ok

09:43:31.0336 2764 LmHosts (a7db739ae99a796d91580147e919cc59) H:\WINDOWS\System32\lmhsvc.dll

09:43:31.0336 2764 LmHosts - ok

09:43:31.0367 2764 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) H:\WINDOWS\system32\drivers\mbam.sys

09:43:31.0367 2764 MBAMProtector - ok

09:43:31.0445 2764 MBAMService (ba400ed640bca1eae5c727ae17c10207) H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:43:31.0445 2764 MBAMService - ok

09:43:31.0523 2764 mcdbus (8fd868e32459ece2a1bb0169f513d31e) H:\WINDOWS\system32\DRIVERS\mcdbus.sys

09:43:31.0523 2764 mcdbus - ok

09:43:31.0555 2764 McrdSvc (df0a511f38f16016bf658fca0090cb87) H:\WINDOWS\ehome\mcrdsvc.exe

09:43:31.0555 2764 McrdSvc - ok

09:43:31.0586 2764 Messenger (986b1ff5814366d71e0ac5755c88f2d3) H:\WINDOWS\System32\msgsvc.dll

09:43:31.0586 2764 Messenger - ok

09:43:31.0617 2764 MHN (b7521f69c0a9b29d356157229376fb21) H:\WINDOWS\System32\mhn.dll

09:43:31.0617 2764 MHN - ok

09:43:31.0664 2764 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) H:\WINDOWS\system32\DRIVERS\mhndrv.sys

09:43:31.0664 2764 MHNDRV - ok

09:43:31.0742 2764 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

09:43:31.0742 2764 Microsoft Office Groove Audit Service - ok

09:43:31.0820 2764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys

09:43:31.0820 2764 mnmdd - ok

09:43:31.0867 2764 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) H:\WINDOWS\system32\mnmsrvc.exe

09:43:31.0867 2764 mnmsrvc - ok

09:43:31.0898 2764 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys

09:43:31.0898 2764 Modem - ok

09:43:31.0930 2764 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys

09:43:31.0930 2764 Mouclass - ok

09:43:31.0961 2764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys

09:43:31.0961 2764 mouhid - ok

09:43:32.0008 2764 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys

09:43:32.0008 2764 MountMgr - ok

09:43:32.0023 2764 mraid35x - ok

09:43:32.0039 2764 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:43:32.0039 2764 MRxDAV - ok

09:43:32.0070 2764 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:43:32.0070 2764 MRxSmb - ok

09:43:32.0101 2764 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) H:\WINDOWS\system32\msdtc.exe

09:43:32.0101 2764 MSDTC - ok

09:43:32.0133 2764 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys

09:43:32.0148 2764 Msfs - ok

09:43:32.0148 2764 MSIServer - ok

09:43:32.0180 2764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys

09:43:32.0180 2764 MSKSSRV - ok

09:43:32.0195 2764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:43:32.0195 2764 MSPCLOCK - ok

09:43:32.0211 2764 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys

09:43:32.0211 2764 MSPQM - ok

09:43:32.0242 2764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:43:32.0242 2764 mssmbios - ok

09:43:32.0289 2764 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys

09:43:32.0289 2764 Mup - ok

09:43:32.0336 2764 napagent (0102140028fad045756796e1c685d695) H:\WINDOWS\System32\qagentrt.dll

09:43:32.0336 2764 napagent - ok

09:43:32.0367 2764 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys

09:43:32.0383 2764 NDIS - ok

09:43:32.0414 2764 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:43:32.0414 2764 NdisTapi - ok

09:43:32.0430 2764 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:43:32.0430 2764 Ndisuio - ok

09:43:32.0445 2764 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:43:32.0445 2764 NdisWan - ok

09:43:32.0476 2764 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys

09:43:32.0476 2764 NDProxy - ok

09:43:32.0523 2764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys

09:43:32.0523 2764 NetBIOS - ok

09:43:32.0539 2764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys

09:43:32.0555 2764 NetBT - ok

09:43:32.0586 2764 NetDDE (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe

09:43:32.0601 2764 NetDDE - ok

09:43:32.0601 2764 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe

09:43:32.0601 2764 NetDDEdsdm - ok

09:43:32.0633 2764 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:43:32.0633 2764 Netlogon - ok

09:43:32.0664 2764 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) H:\WINDOWS\System32\netman.dll

09:43:32.0664 2764 Netman - ok

09:43:32.0758 2764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:43:32.0758 2764 NetTcpPortSharing - ok

09:43:32.0805 2764 Nla (943337d786a56729263071623bbb9de5) H:\WINDOWS\System32\mswsock.dll

09:43:32.0805 2764 Nla - ok

09:43:32.0867 2764 nlsX86cc (40f7172bc27a2e4197962aa0758c62d4) H:\WINDOWS\system32\nlssrv32.exe

09:43:32.0867 2764 nlsX86cc - ok

09:43:32.0914 2764 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys

09:43:32.0914 2764 Npfs - ok

09:43:32.0930 2764 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys

09:43:32.0930 2764 Ntfs - ok

09:43:32.0976 2764 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:43:32.0976 2764 NtLmSsp - ok

09:43:33.0023 2764 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) H:\WINDOWS\system32\ntmssvc.dll

09:43:33.0023 2764 NtmsSvc - ok

09:43:33.0070 2764 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys

09:43:33.0070 2764 Null - ok

09:43:33.0117 2764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:43:33.0117 2764 NwlnkFlt - ok

09:43:33.0148 2764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:43:33.0148 2764 NwlnkFwd - ok

09:43:33.0242 2764 odserv (785f487a64950f3cb8e9f16253ba3b7b) H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:43:33.0258 2764 odserv - ok

09:43:33.0305 2764 ose (9d10f99a6712e28f8acd5641e3a7ea6b) H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:43:33.0305 2764 ose - ok

09:43:33.0445 2764 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:43:33.0476 2764 osppsvc - ok

09:43:33.0555 2764 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\drivers\Parport.sys

09:43:33.0555 2764 Parport - ok

09:43:33.0570 2764 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys

09:43:33.0570 2764 PartMgr - ok

09:43:33.0601 2764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys

09:43:33.0601 2764 ParVdm - ok

09:43:33.0617 2764 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys

09:43:33.0617 2764 PCI - ok

09:43:33.0633 2764 PCIDump - ok

09:43:33.0664 2764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys

09:43:33.0664 2764 PCIIde - ok

09:43:33.0695 2764 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys

09:43:33.0695 2764 Pcmcia - ok

09:43:33.0711 2764 PDCOMP - ok

09:43:33.0711 2764 PDFRAME - ok

09:43:33.0726 2764 PDRELI - ok

09:43:33.0742 2764 PDRFRAME - ok

09:43:33.0758 2764 perc2 - ok

09:43:33.0758 2764 perc2hib - ok

09:43:33.0820 2764 PlugPlay (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe

09:43:33.0820 2764 PlugPlay - ok

09:43:33.0836 2764 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:43:33.0836 2764 PolicyAgent - ok

09:43:33.0898 2764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys

09:43:33.0898 2764 PptpMiniport - ok

09:43:33.0930 2764 PQNTDrv (4228630829c0e521c43d882a00533374) H:\WINDOWS\system32\drivers\PQNTDrv.sys

09:43:33.0930 2764 PQNTDrv - ok

09:43:33.0976 2764 PRISMSVC (d5a9221f57656c99248d0b526e077bcf) H:\WINDOWS\system32\PRISMSVC.EXE

09:43:33.0976 2764 PRISMSVC - ok

09:43:34.0023 2764 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:43:34.0023 2764 ProtectedStorage - ok

09:43:34.0070 2764 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys

09:43:34.0070 2764 PSched - ok

09:43:34.0101 2764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys

09:43:34.0101 2764 Ptilink - ok

09:43:34.0133 2764 PxHelp20 (617accada2e0a0f43ec6030bbac49513) H:\WINDOWS\system32\Drivers\PxHelp20.sys

09:43:34.0133 2764 PxHelp20 - ok

09:43:34.0148 2764 ql1080 - ok

09:43:34.0164 2764 Ql10wnt - ok

09:43:34.0164 2764 ql12160 - ok

09:43:34.0180 2764 ql1240 - ok

09:43:34.0195 2764 ql1280 - ok

09:43:34.0211 2764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys

09:43:34.0211 2764 RasAcd - ok

09:43:34.0242 2764 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) H:\WINDOWS\System32\rasauto.dll

09:43:34.0258 2764 RasAuto - ok

09:43:34.0289 2764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:43:34.0289 2764 Rasl2tp - ok

09:43:34.0336 2764 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) H:\WINDOWS\System32\rasmans.dll

09:43:34.0336 2764 RasMan - ok

09:43:34.0351 2764 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:43:34.0351 2764 RasPppoe - ok

09:43:34.0383 2764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys

09:43:34.0383 2764 Raspti - ok

09:43:34.0430 2764 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys

09:43:34.0430 2764 Rdbss - ok

09:43:34.0508 2764 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:43:34.0508 2764 RDPCDD - ok

09:43:34.0539 2764 rdpdr (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:43:34.0539 2764 rdpdr - ok

09:43:34.0570 2764 RDPWD (5b3055daa788bd688594d2f5981f2a83) H:\WINDOWS\system32\drivers\RDPWD.sys

09:43:34.0586 2764 RDPWD - ok

09:43:34.0648 2764 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) H:\WINDOWS\system32\sessmgr.exe

09:43:34.0648 2764 RDSessMgr - ok

09:43:34.0695 2764 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys

09:43:34.0695 2764 redbook - ok

09:43:34.0742 2764 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) H:\WINDOWS\System32\mprdim.dll

09:43:34.0742 2764 RemoteAccess - ok

09:43:34.0773 2764 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) H:\WINDOWS\system32\regsvc.dll

09:43:34.0773 2764 RemoteRegistry - ok

09:43:34.0820 2764 RpcLocator (aaed593f84afa419bbae8572af87cf6a) H:\WINDOWS\system32\locator.exe

09:43:34.0820 2764 RpcLocator - ok

09:43:34.0867 2764 RpcSs (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll

09:43:34.0867 2764 RpcSs - ok

09:43:34.0914 2764 RSVP (471b3f9741d762abe75e9deea4787e47) H:\WINDOWS\system32\rsvp.exe

09:43:34.0914 2764 RSVP - ok

09:43:34.0945 2764 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:43:34.0945 2764 SamSs - ok

09:43:34.0976 2764 SCardSvr (86d007e7a654b9a71d1d7d856b104353) H:\WINDOWS\System32\SCardSvr.exe

09:43:34.0976 2764 SCardSvr - ok

09:43:35.0023 2764 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) H:\WINDOWS\system32\schedsvc.dll

09:43:35.0023 2764 Schedule - ok

09:43:35.0070 2764 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys

09:43:35.0070 2764 Secdrv - ok

09:43:35.0133 2764 seclogon (cbe612e2bb6a10e3563336191eda1250) H:\WINDOWS\System32\seclogon.dll

09:43:35.0133 2764 seclogon - ok

09:43:35.0148 2764 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) H:\WINDOWS\system32\sens.dll

09:43:35.0148 2764 SENS - ok

09:43:35.0195 2764 Serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys

09:43:35.0195 2764 Serenum - ok

09:43:35.0211 2764 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys

09:43:35.0211 2764 Serial - ok

09:43:35.0242 2764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys

09:43:35.0242 2764 Sfloppy - ok

09:43:35.0289 2764 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) H:\WINDOWS\System32\ipnathlp.dll

09:43:35.0289 2764 SharedAccess - ok

09:43:35.0320 2764 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:43:35.0336 2764 ShellHWDetection - ok

09:43:35.0367 2764 Simbad - ok

09:43:35.0398 2764 slsusb (2e6b432eff53b67d06383d3f3abe23d1) H:\WINDOWS\system32\Drivers\slsusb.sys

09:43:35.0398 2764 slsusb - ok

09:43:35.0414 2764 Sparrow - ok

09:43:35.0461 2764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys

09:43:35.0461 2764 splitter - ok

09:43:35.0508 2764 Spooler (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe

09:43:35.0508 2764 Spooler - ok

09:43:35.0539 2764 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys

09:43:35.0539 2764 sr - ok

09:43:35.0586 2764 srservice (3805df0ac4296a34ba4bf93b346cc378) H:\WINDOWS\system32\srsvc.dll

09:43:35.0586 2764 srservice - ok

09:43:35.0617 2764 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys

09:43:35.0633 2764 Srv - ok

09:43:35.0664 2764 SSDPSRV (0a5679b3714edab99e357057ee88fca6) H:\WINDOWS\System32\ssdpsrv.dll

09:43:35.0680 2764 SSDPSRV - ok

09:43:35.0789 2764 STHDA (2a2dc39623adef8ab3703ab9fac4b440) H:\WINDOWS\system32\drivers\sthda.sys

09:43:35.0805 2764 STHDA - ok

09:43:35.0836 2764 stisvc (8bad69cbac032d4bbacfce0306174c30) H:\WINDOWS\system32\wiaservc.dll

09:43:35.0836 2764 stisvc - ok

09:43:35.0898 2764 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys

09:43:35.0898 2764 swenum - ok

09:43:36.0023 2764 SwitchBoard (f577910a133a592234ebaad3f3afa258) H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

09:43:36.0023 2764 SwitchBoard - ok

09:43:36.0039 2764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys

09:43:36.0039 2764 swmidi - ok

09:43:36.0055 2764 SwPrv - ok

09:43:36.0070 2764 symc810 - ok

09:43:36.0070 2764 symc8xx - ok

09:43:36.0086 2764 sym_hi - ok

09:43:36.0101 2764 sym_u3 - ok

09:43:36.0117 2764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys

09:43:36.0117 2764 sysaudio - ok

09:43:36.0164 2764 SysmonLog (c7abbc59b43274b1109df6b24d617051) H:\WINDOWS\system32\smlogsvc.exe

09:43:36.0164 2764 SysmonLog - ok

09:43:36.0195 2764 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) H:\WINDOWS\System32\tapisrv.dll

09:43:36.0211 2764 TapiSrv - ok

09:43:36.0258 2764 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys

09:43:36.0258 2764 Tcpip - ok

09:43:36.0305 2764 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys

09:43:36.0305 2764 TDPIPE - ok

09:43:36.0320 2764 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys

09:43:36.0320 2764 TDTCP - ok

09:43:36.0351 2764 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys

09:43:36.0351 2764 TermDD - ok

09:43:36.0383 2764 TermService (ff3477c03be7201c294c35f684b3479f) H:\WINDOWS\System32\termsrv.dll

09:43:36.0383 2764 TermService - ok

09:43:36.0414 2764 Themes (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:43:36.0414 2764 Themes - ok

09:43:36.0445 2764 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) H:\WINDOWS\system32\tlntsvr.exe

09:43:36.0445 2764 TlntSvr - ok

09:43:36.0476 2764 TosIde - ok

09:43:36.0508 2764 TrkWks (55bca12f7f523d35ca3cb833c725f54e) H:\WINDOWS\system32\trkwks.dll

09:43:36.0508 2764 TrkWks - ok

09:43:36.0539 2764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys

09:43:36.0539 2764 Udfs - ok

09:43:36.0555 2764 ultra - ok

09:43:36.0601 2764 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) H:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

09:43:36.0601 2764 UltraMonUtility - ok

09:43:36.0680 2764 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) H:\WINDOWS\system32\wdfmgr.exe

09:43:36.0680 2764 UMWdf - ok

09:43:36.0695 2764 UnsignedThemes (3d571a3cbf127e9555ead2f8598f425f) H:\WINDOWS\UnsignedThemesSvc.exe

09:43:36.0695 2764 UnsignedThemes - ok

09:43:36.0758 2764 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys

09:43:36.0758 2764 Update - ok

09:43:36.0805 2764 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) H:\WINDOWS\System32\upnphost.dll

09:43:36.0805 2764 upnphost - ok

09:43:36.0820 2764 UPS (05365fb38fca1e98f7a566aaaf5d1815) H:\WINDOWS\System32\ups.exe

09:43:36.0820 2764 UPS - ok

09:43:36.0867 2764 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:43:36.0867 2764 usbccgp - ok

09:43:36.0898 2764 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys

09:43:36.0898 2764 usbehci - ok

09:43:36.0914 2764 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys

09:43:36.0914 2764 usbhub - ok

09:43:36.0945 2764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys

09:43:36.0945 2764 usbscan - ok

09:43:36.0976 2764 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:43:36.0976 2764 usbstor - ok

09:43:37.0023 2764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:43:37.0023 2764 usbuhci - ok

09:43:37.0055 2764 uxpatch (628c632710ab55747cb5bcc68716be21) H:\WINDOWS\system32\drivers\uxpatch.sys

09:43:37.0055 2764 uxpatch - ok

09:43:37.0070 2764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys

09:43:37.0086 2764 VgaSave - ok

09:43:37.0086 2764 ViaIde - ok

09:43:37.0101 2764 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys

09:43:37.0101 2764 VolSnap - ok

09:43:37.0133 2764 VSS (7a9db3a67c333bf0bd42e42b8596854b) H:\WINDOWS\System32\vssvc.exe

09:43:37.0133 2764 VSS - ok

09:43:37.0180 2764 W32Time (54af4b1d5459500ef0937f6d33b1914f) H:\WINDOWS\system32\w32time.dll

09:43:37.0180 2764 W32Time - ok

09:43:37.0226 2764 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys

09:43:37.0226 2764 Wanarp - ok

09:43:37.0226 2764 WDICA - ok

09:43:37.0258 2764 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys

09:43:37.0258 2764 wdmaud - ok

09:43:37.0289 2764 WebClient (77a354e28153ad2d5e120a5a8687bc06) H:\WINDOWS\System32\webclnt.dll

09:43:37.0305 2764 WebClient - ok

09:43:37.0351 2764 winmgmt (2d0e4ed081963804ccc196a0929275b5) H:\WINDOWS\system32\wbem\WMIsvc.dll

09:43:37.0351 2764 winmgmt - ok

09:43:37.0398 2764 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) H:\WINDOWS\system32\MsPMSNSv.dll

09:43:37.0398 2764 WmdmPmSN - ok

09:43:37.0461 2764 Wmi (e76f8807070ed04e7408a86d6d3a6137) H:\WINDOWS\System32\advapi32.dll

09:43:37.0461 2764 Wmi - ok

09:43:37.0492 2764 WmiApSrv (e0673f1106e62a68d2257e376079f821) H:\WINDOWS\system32\wbem\wmiapsrv.exe

09:43:37.0492 2764 WmiApSrv - ok

09:43:37.0633 2764 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:43:37.0648 2764 WPFFontCache_v0400 - ok

09:43:37.0695 2764 wscsvc (7c278e6408d1dce642230c0585a854d5) H:\WINDOWS\system32\wscsvc.dll

09:43:37.0695 2764 wscsvc - ok

09:43:37.0726 2764 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) H:\WINDOWS\system32\wuauserv.dll

09:43:37.0742 2764 wuauserv - ok

09:43:37.0789 2764 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) H:\WINDOWS\System32\wzcsvc.dll

09:43:37.0789 2764 WZCSVC - ok

09:43:37.0820 2764 xmlprov (295d21f14c335b53cb8154e5b1f892b9) H:\WINDOWS\System32\xmlprov.dll

09:43:37.0820 2764 xmlprov - ok

09:43:37.0836 2764 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:43:37.0961 2764 \Device\Harddisk0\DR0 - ok

09:43:37.0992 2764 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR15

09:43:37.0992 2764 \Device\Harddisk1\DR15 - ok

09:43:37.0992 2764 Boot (0x1200) (083e26d9bcf9fd3fda434af9242a961c) \Device\Harddisk0\DR0\Partition0

09:43:37.0992 2764 \Device\Harddisk0\DR0\Partition0 - ok

09:43:38.0023 2764 Boot (0x1200) (96ec6af688643d3a0c6a3c0e9e67cc07) \Device\Harddisk0\DR0\Partition1

09:43:38.0023 2764 \Device\Harddisk0\DR0\Partition1 - ok

09:43:38.0023 2764 Boot (0x1200) (2305561351e553de7c502727302323e3) \Device\Harddisk1\DR15\Partition0

09:43:38.0023 2764 \Device\Harddisk1\DR15\Partition0 - ok

09:43:38.0023 2764 ============================================================

09:43:38.0023 2764 Scan finished

09:43:38.0023 2764 ============================================================

09:43:38.0039 1344 Detected object count: 0

09:43:38.0039 1344 Actual detected object count: 0

09:45:00.0851 2544 ============================================================

09:45:00.0851 2544 Scan started

09:45:00.0851 2544 Mode: Manual; SigCheck; TDLFS;

09:45:00.0851 2544 ============================================================

09:45:01.0101 2544 Abiosdsk - ok

09:45:01.0117 2544 abp480n5 - ok

09:45:01.0164 2544 ACPI (8fd99680a539792a30e97944fdaecf17) H:\WINDOWS\system32\DRIVERS\ACPI.sys

09:45:01.0539 2544 ACPI - ok

09:45:01.0617 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) H:\WINDOWS\system32\drivers\ACPIEC.sys

09:45:01.0742 2544 ACPIEC - ok

09:45:01.0789 2544 adpu160m - ok

09:45:01.0836 2544 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys

09:45:01.0976 2544 aec - ok

09:45:02.0008 2544 AegisP (2f7f3e8da380325866e566f5d5ec23d5) H:\WINDOWS\system32\DRIVERS\AegisP.sys

09:45:02.0039 2544 AegisP ( UnsignedFile.Multi.Generic ) - warning

09:45:02.0039 2544 AegisP - detected UnsignedFile.Multi.Generic (1)

09:45:02.0101 2544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys

09:45:02.0148 2544 AFD - ok

09:45:02.0148 2544 Aha154x - ok

09:45:02.0164 2544 aic78u2 - ok

09:45:02.0180 2544 aic78xx - ok

09:45:02.0226 2544 Alerter (a9a3daa780ca6c9671a19d52456705b4) H:\WINDOWS\system32\alrsvc.dll

09:45:02.0383 2544 Alerter - ok

09:45:02.0445 2544 ALG (8c515081584a38aa007909cd02020b3d) H:\WINDOWS\System32\alg.exe

09:45:02.0586 2544 ALG - ok

09:45:02.0601 2544 AliIde - ok

09:45:02.0617 2544 amsint - ok

09:45:02.0664 2544 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) H:\WINDOWS\System32\appmgmts.dll

09:45:02.0789 2544 AppMgmt - ok

09:45:02.0805 2544 asc - ok

09:45:02.0820 2544 asc3350p - ok

09:45:02.0820 2544 asc3550 - ok

09:45:02.0930 2544 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:45:02.0945 2544 aspnet_state - ok

09:45:03.0008 2544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:45:03.0133 2544 AsyncMac - ok

09:45:03.0164 2544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys

09:45:03.0305 2544 atapi - ok

09:45:03.0320 2544 Atdisk - ok

09:45:03.0367 2544 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) H:\WINDOWS\system32\Ati2evxx.exe

09:45:03.0414 2544 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning

09:45:03.0414 2544 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)

09:45:03.0445 2544 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) H:\WINDOWS\system32\ati2sgag.exe

09:45:03.0492 2544 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

09:45:03.0492 2544 ATI Smart - detected UnsignedFile.Multi.Generic (1)

09:45:03.0617 2544 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:45:03.0742 2544 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

09:45:03.0742 2544 ati2mtag - detected UnsignedFile.Multi.Generic (1)

09:45:03.0820 2544 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:45:03.0961 2544 Atmarpc - ok

09:45:03.0992 2544 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) H:\WINDOWS\System32\audiosrv.dll

09:45:04.0133 2544 AudioSrv - ok

09:45:04.0180 2544 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys

09:45:04.0336 2544 audstub - ok

09:45:04.0367 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys

09:45:04.0523 2544 Beep - ok

09:45:04.0601 2544 BITS (574738f61fca2935f5265dc4e5691314) H:\WINDOWS\system32\qmgr.dll

09:45:04.0742 2544 BITS - ok

09:45:04.0789 2544 Browser (a06ce3399d16db864f55faeb1f1927a9) H:\WINDOWS\System32\browser.dll

09:45:04.0930 2544 Browser - ok

09:45:04.0976 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys

09:45:05.0117 2544 cbidf2k - ok

09:45:05.0133 2544 cd20xrnt - ok

09:45:05.0180 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys

09:45:05.0320 2544 Cdaudio - ok

09:45:05.0351 2544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys

09:45:05.0492 2544 Cdfs - ok

09:45:05.0523 2544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys

09:45:05.0664 2544 Cdrom - ok

09:45:05.0726 2544 cercsr6 (84853b3fd012251690570e9e7e43343f) H:\WINDOWS\system32\drivers\cercsr6.sys

09:45:05.0742 2544 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

09:45:05.0742 2544 cercsr6 - detected UnsignedFile.Multi.Generic (1)

09:45:05.0758 2544 Changer - ok

09:45:05.0789 2544 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) H:\WINDOWS\system32\cisvc.exe

09:45:05.0914 2544 CiSvc - ok

09:45:05.0914 2544 ClipSrv (34cbe729f38138217f9c80212a2a0c82) H:\WINDOWS\system32\clipsrv.exe

09:45:06.0039 2544 ClipSrv - ok

09:45:06.0133 2544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:45:06.0148 2544 clr_optimization_v2.0.50727_32 - ok

09:45:06.0289 2544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:45:06.0305 2544 clr_optimization_v4.0.30319_32 - ok

09:45:06.0320 2544 CmdIde - ok

09:45:06.0336 2544 COMSysApp - ok

09:45:06.0351 2544 Cpqarray - ok

09:45:06.0414 2544 Creative Labs Licensing Service (7db5e3f44d797bd38b8e336ccc2e49d5) H:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

09:45:06.0430 2544 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning

09:45:06.0430 2544 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)

09:45:06.0508 2544 CryptSvc (3d4e199942e29207970e04315d02ad3b) H:\WINDOWS\System32\cryptsvc.dll

09:45:06.0648 2544 CryptSvc - ok

09:45:06.0680 2544 dac2w2k - ok

09:45:06.0680 2544 dac960nt - ok

09:45:06.0726 2544 DcomLaunch (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll

09:45:06.0789 2544 DcomLaunch - ok

09:45:06.0851 2544 Dhcp (5e38d7684a49cacfb752b046357e0589) H:\WINDOWS\System32\dhcpcsvc.dll

09:45:06.0992 2544 Dhcp - ok

09:45:07.0039 2544 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys

09:45:07.0180 2544 Disk - ok

09:45:07.0258 2544 dmadmin - ok

09:45:07.0289 2544 dmboot (d992fe1274bde0f84ad826acae022a41) H:\WINDOWS\system32\drivers\dmboot.sys

09:45:07.0461 2544 dmboot - ok

09:45:07.0523 2544 dmio (7c824cf7bbde77d95c08005717a95f6f) H:\WINDOWS\system32\drivers\dmio.sys

09:45:07.0664 2544 dmio - ok

09:45:07.0680 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys

09:45:07.0805 2544 dmload - ok

09:45:07.0836 2544 dmserver (57edec2e5f59f0335e92f35184bc8631) H:\WINDOWS\System32\dmserver.dll

09:45:07.0961 2544 dmserver - ok

09:45:08.0023 2544 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys

09:45:08.0164 2544 DMusic - ok

09:45:08.0195 2544 Dnscache (5f7e24fa9eab896051ffb87f840730d2) H:\WINDOWS\System32\dnsrslvr.dll

09:45:08.0258 2544 Dnscache - ok

09:45:08.0305 2544 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) H:\WINDOWS\System32\dot3svc.dll

09:45:08.0430 2544 Dot3svc - ok

09:45:08.0461 2544 dpti2o - ok

09:45:08.0492 2544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys

09:45:08.0617 2544 drmkaud - ok

09:45:08.0664 2544 e1express (0849eacdc01487573add86f5e470806c) H:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:45:08.0695 2544 e1express - ok

09:45:08.0711 2544 EapHost (2187855a7703adef0cef9ee4285182cc) H:\WINDOWS\System32\eapsvc.dll

09:45:08.0836 2544 EapHost - ok

09:45:08.0883 2544 ehRecvr (8301243bde5b6cd316d79c0191d50d9a) H:\WINDOWS\eHome\ehRecvr.exe

09:45:08.0930 2544 ehRecvr - ok

09:45:08.0930 2544 ehSched (a53243709439ac2a4c216b817f8d7411) H:\WINDOWS\eHome\ehSched.exe

09:45:08.0976 2544 ehSched - ok

09:45:09.0023 2544 ERSvc (bc93b4a066477954555966d77fec9ecb) H:\WINDOWS\System32\ersvc.dll

09:45:09.0164 2544 ERSvc - ok

09:45:09.0195 2544 Eventlog (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe

09:45:09.0258 2544 Eventlog - ok

09:45:09.0289 2544 EventSystem (d4991d98f2db73c60d042f1aef79efae) H:\WINDOWS\system32\es.dll

09:45:09.0320 2544 EventSystem - ok

09:45:09.0367 2544 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys

09:45:09.0508 2544 Fastfat - ok

09:45:09.0539 2544 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:45:09.0555 2544 FastUserSwitchingCompatibility - ok

09:45:09.0617 2544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys

09:45:09.0758 2544 Fdc - ok

09:45:09.0789 2544 Fips (d45926117eb9fa946a6af572fbe1caa3) H:\WINDOWS\system32\drivers\Fips.sys

09:45:09.0930 2544 Fips - ok

09:45:09.0961 2544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:45:10.0101 2544 Flpydisk - ok

09:45:10.0164 2544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys

09:45:10.0289 2544 FltMgr - ok

09:45:10.0383 2544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:45:10.0398 2544 FontCache3.0.0.0 - ok

09:45:10.0445 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys

09:45:10.0586 2544 Fs_Rec - ok

09:45:10.0617 2544 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) H:\WINDOWS\system32\drivers\ftdibus.sys

09:45:10.0633 2544 FTDIBUS - ok

09:45:10.0664 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) H:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:45:10.0805 2544 Ftdisk - ok

09:45:10.0820 2544 FTSER2K (23220a4709cc5785f9633ba71416145c) H:\WINDOWS\system32\drivers\ftser2k.sys

09:45:10.0836 2544 FTSER2K - ok

09:45:10.0867 2544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys

09:45:11.0008 2544 Gpc - ok

09:45:11.0055 2544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:45:11.0180 2544 HDAudBus - ok

09:45:11.0242 2544 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:45:11.0383 2544 helpsvc - ok

09:45:11.0414 2544 HidServ (deb04da35cc871b6d309b77e1443c796) H:\WINDOWS\System32\hidserv.dll

09:45:11.0555 2544 HidServ - ok

09:45:11.0601 2544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys

09:45:11.0726 2544 hidusb - ok

09:45:11.0758 2544 hkmsvc (8878bd685e490239777bfe51320b88e9) H:\WINDOWS\System32\kmsvc.dll

09:45:11.0898 2544 hkmsvc - ok

09:45:11.0930 2544 hpn - ok

09:45:11.0992 2544 hptsvr (3345606948ca8934f28bea5cda32adda) H:\Program Files\G-Technology\G-Tech G-SPEED eS Configuration Utility Software\service\hptsvr.exe

09:45:12.0023 2544 hptsvr ( UnsignedFile.Multi.Generic ) - warning

09:45:12.0023 2544 hptsvr - detected UnsignedFile.Multi.Generic (1)

09:45:12.0086 2544 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys

09:45:12.0117 2544 HTTP - ok

09:45:12.0148 2544 HTTPFilter (6100a808600f44d999cebdef8841c7a3) H:\WINDOWS\System32\w3ssl.dll

09:45:12.0273 2544 HTTPFilter - ok

09:45:12.0289 2544 i2omgmt - ok

09:45:12.0305 2544 i2omp - ok

09:45:12.0351 2544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) H:\WINDOWS\system32\drivers\i8042prt.sys

09:45:12.0476 2544 i8042prt - ok

09:45:12.0508 2544 iastor (294110966cedd127629c5be48367c8cf) H:\WINDOWS\system32\DRIVERS\iaStor.sys

09:45:12.0539 2544 iastor - ok

09:45:12.0726 2544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:45:12.0758 2544 idsvc - ok

09:45:12.0851 2544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys

09:45:12.0992 2544 Imapi - ok

09:45:13.0023 2544 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) H:\WINDOWS\system32\imapi.exe

09:45:13.0148 2544 ImapiService - ok

09:45:13.0164 2544 ini910u - ok

09:45:13.0180 2544 IntelIde - ok

09:45:13.0242 2544 intelppm (8c953733d8f36eb2133f5bb58808b66b) H:\WINDOWS\system32\DRIVERS\intelppm.sys

09:45:13.0367 2544 intelppm - ok

09:45:13.0383 2544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys

09:45:13.0539 2544 Ip6Fw - ok

09:45:13.0601 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:45:13.0742 2544 IpFilterDriver - ok

09:45:13.0789 2544 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys

09:45:13.0898 2544 IpInIp - ok

09:45:13.0914 2544 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys

09:45:14.0055 2544 IpNat - ok

09:45:14.0086 2544 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys

09:45:14.0211 2544 IPSec - ok

09:45:14.0242 2544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys

09:45:14.0383 2544 IRENUM - ok

09:45:14.0398 2544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) H:\WINDOWS\system32\DRIVERS\isapnp.sys

09:45:14.0539 2544 isapnp - ok

09:45:14.0633 2544 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) H:\Program Files\Java\jre6\bin\jqs.exe

09:45:14.0633 2544 JavaQuickStarterService - ok

09:45:14.0726 2544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) H:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:45:14.0867 2544 Kbdclass - ok

09:45:14.0883 2544 kbdhid (9ef487a186dea361aa06913a75b3fa99) H:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:45:15.0008 2544 kbdhid - ok

09:45:15.0023 2544 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys

09:45:15.0164 2544 kmixer - ok

09:45:15.0258 2544 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys

09:45:15.0289 2544 KSecDD - ok

09:45:15.0336 2544 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) H:\WINDOWS\System32\srvsvc.dll

09:45:15.0367 2544 lanmanserver - ok

09:45:15.0398 2544 lanmanworkstation (a8888a5327621856c0cec4e385f69309) H:\WINDOWS\System32\wkssvc.dll

09:45:15.0430 2544 lanmanworkstation - ok

09:45:15.0445 2544 lbrtfdc - ok

09:45:15.0492 2544 LmHosts (a7db739ae99a796d91580147e919cc59) H:\WINDOWS\System32\lmhsvc.dll

09:45:15.0633 2544 LmHosts - ok

09:45:15.0664 2544 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) H:\WINDOWS\system32\drivers\mbam.sys

09:45:15.0711 2544 MBAMProtector - ok

09:45:15.0789 2544 MBAMService (ba400ed640bca1eae5c727ae17c10207) H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:45:15.0820 2544 MBAMService - ok

09:45:15.0883 2544 mcdbus (8fd868e32459ece2a1bb0169f513d31e) H:\WINDOWS\system32\DRIVERS\mcdbus.sys

09:45:15.0898 2544 mcdbus ( UnsignedFile.Multi.Generic ) - warning

09:45:15.0898 2544 mcdbus - detected UnsignedFile.Multi.Generic (1)

09:45:15.0945 2544 McrdSvc (df0a511f38f16016bf658fca0090cb87) H:\WINDOWS\ehome\mcrdsvc.exe

09:45:15.0976 2544 McrdSvc - ok

09:45:16.0039 2544 Messenger (986b1ff5814366d71e0ac5755c88f2d3) H:\WINDOWS\System32\msgsvc.dll

09:45:16.0180 2544 Messenger - ok

09:45:16.0258 2544 MHN (b7521f69c0a9b29d356157229376fb21) H:\WINDOWS\System32\mhn.dll

09:45:16.0273 2544 MHN ( UnsignedFile.Multi.Generic ) - warning

09:45:16.0273 2544 MHN - detected UnsignedFile.Multi.Generic (1)

09:45:16.0320 2544 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) H:\WINDOWS\system32\DRIVERS\mhndrv.sys

09:45:16.0320 2544 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

09:45:16.0320 2544 MHNDRV - detected UnsignedFile.Multi.Generic (1)

09:45:16.0414 2544 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

09:45:16.0430 2544 Microsoft Office Groove Audit Service - ok

09:45:16.0508 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys

09:45:16.0633 2544 mnmdd - ok

09:45:16.0664 2544 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) H:\WINDOWS\system32\mnmsrvc.exe

09:45:16.0789 2544 mnmsrvc - ok

09:45:16.0805 2544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) H:\WINDOWS\system32\drivers\Modem.sys

09:45:16.0961 2544 Modem - ok

09:45:16.0976 2544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) H:\WINDOWS\system32\DRIVERS\mouclass.sys

09:45:17.0117 2544 Mouclass - ok

09:45:17.0148 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) H:\WINDOWS\system32\DRIVERS\mouhid.sys

09:45:17.0289 2544 mouhid - ok

09:45:17.0336 2544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys

09:45:17.0476 2544 MountMgr - ok

09:45:17.0476 2544 mraid35x - ok

09:45:17.0492 2544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:45:17.0617 2544 MRxDAV - ok

09:45:17.0664 2544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:45:17.0680 2544 MRxSmb - ok

09:45:17.0711 2544 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) H:\WINDOWS\system32\msdtc.exe

09:45:17.0851 2544 MSDTC - ok

09:45:17.0898 2544 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys

09:45:18.0039 2544 Msfs - ok

09:45:18.0039 2544 MSIServer - ok

09:45:18.0055 2544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys

09:45:18.0180 2544 MSKSSRV - ok

09:45:18.0195 2544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:45:18.0336 2544 MSPCLOCK - ok

09:45:18.0351 2544 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys

09:45:18.0476 2544 MSPQM - ok

09:45:18.0508 2544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:45:18.0633 2544 mssmbios - ok

09:45:18.0664 2544 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys

09:45:18.0695 2544 Mup - ok

09:45:18.0742 2544 napagent (0102140028fad045756796e1c685d695) H:\WINDOWS\System32\qagentrt.dll

09:45:18.0867 2544 napagent - ok

09:45:18.0930 2544 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys

09:45:19.0070 2544 NDIS - ok

09:45:19.0101 2544 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:45:19.0133 2544 NdisTapi - ok

09:45:19.0164 2544 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:45:19.0289 2544 Ndisuio - ok

09:45:19.0336 2544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:45:19.0461 2544 NdisWan - ok

09:45:19.0508 2544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys

09:45:19.0508 2544 NDProxy - ok

09:45:19.0523 2544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys

09:45:19.0664 2544 NetBIOS - ok

09:45:19.0695 2544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys

09:45:19.0836 2544 NetBT - ok

09:45:19.0867 2544 NetDDE (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe

09:45:20.0008 2544 NetDDE - ok

09:45:20.0008 2544 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) H:\WINDOWS\system32\netdde.exe

09:45:20.0133 2544 NetDDEdsdm - ok

09:45:20.0148 2544 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:45:20.0273 2544 Netlogon - ok

09:45:20.0320 2544 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) H:\WINDOWS\System32\netman.dll

09:45:20.0445 2544 Netman - ok

09:45:20.0555 2544 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:45:20.0555 2544 NetTcpPortSharing - ok

09:45:20.0601 2544 Nla (943337d786a56729263071623bbb9de5) H:\WINDOWS\System32\mswsock.dll

09:45:20.0664 2544 Nla - ok

09:45:20.0695 2544 nlsX86cc (40f7172bc27a2e4197962aa0758c62d4) H:\WINDOWS\system32\nlssrv32.exe

09:45:20.0695 2544 nlsX86cc ( UnsignedFile.Multi.Generic ) - warning

09:45:20.0695 2544 nlsX86cc - detected UnsignedFile.Multi.Generic (1)

09:45:20.0758 2544 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys

09:45:20.0898 2544 Npfs - ok

09:45:20.0914 2544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys

09:45:21.0055 2544 Ntfs - ok

09:45:21.0101 2544 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:45:21.0211 2544 NtLmSsp - ok

09:45:21.0289 2544 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) H:\WINDOWS\system32\ntmssvc.dll

09:45:21.0430 2544 NtmsSvc - ok

09:45:21.0492 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys

09:45:21.0617 2544 Null - ok

09:45:21.0648 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:45:21.0789 2544 NwlnkFlt - ok

09:45:21.0851 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:45:21.0992 2544 NwlnkFwd - ok

09:45:22.0086 2544 odserv (785f487a64950f3cb8e9f16253ba3b7b) H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:45:22.0101 2544 odserv - ok

09:45:22.0164 2544 ose (9d10f99a6712e28f8acd5641e3a7ea6b) H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:45:22.0180 2544 ose - ok

09:45:22.0336 2544 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:45:22.0476 2544 osppsvc - ok

09:45:22.0570 2544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) H:\WINDOWS\system32\drivers\Parport.sys

09:45:22.0695 2544 Parport - ok

09:45:22.0726 2544 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys

09:45:22.0851 2544 PartMgr - ok

09:45:22.0883 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) H:\WINDOWS\system32\drivers\ParVdm.sys

09:45:23.0008 2544 ParVdm - ok

09:45:23.0070 2544 PCI (a219903ccf74233761d92bef471a07b1) H:\WINDOWS\system32\DRIVERS\pci.sys

09:45:23.0195 2544 PCI - ok

09:45:23.0211 2544 PCIDump - ok

09:45:23.0226 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) H:\WINDOWS\system32\DRIVERS\pciide.sys

09:45:23.0367 2544 PCIIde - ok

09:45:23.0383 2544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) H:\WINDOWS\system32\drivers\Pcmcia.sys

09:45:23.0523 2544 Pcmcia - ok

09:45:23.0523 2544 PDCOMP - ok

09:45:23.0539 2544 PDFRAME - ok

09:45:23.0555 2544 PDRELI - ok

09:45:23.0570 2544 PDRFRAME - ok

09:45:23.0570 2544 perc2 - ok

09:45:23.0586 2544 perc2hib - ok

09:45:23.0633 2544 PlugPlay (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe

09:45:23.0664 2544 PlugPlay - ok

09:45:23.0695 2544 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:45:23.0820 2544 PolicyAgent - ok

09:45:23.0867 2544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys

09:45:23.0992 2544 PptpMiniport - ok

09:45:24.0023 2544 PQNTDrv (4228630829c0e521c43d882a00533374) H:\WINDOWS\system32\drivers\PQNTDrv.sys

09:45:24.0039 2544 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning

09:45:24.0039 2544 PQNTDrv - detected UnsignedFile.Multi.Generic (1)

09:45:24.0070 2544 PRISMSVC (d5a9221f57656c99248d0b526e077bcf) H:\WINDOWS\system32\PRISMSVC.EXE

09:45:24.0086 2544 PRISMSVC ( UnsignedFile.Multi.Generic ) - warning

09:45:24.0086 2544 PRISMSVC - detected UnsignedFile.Multi.Generic (1)

09:45:24.0133 2544 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:45:24.0242 2544 ProtectedStorage - ok

09:45:24.0289 2544 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys

09:45:24.0430 2544 PSched - ok

09:45:24.0445 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys

09:45:24.0570 2544 Ptilink - ok

09:45:24.0601 2544 PxHelp20 (617accada2e0a0f43ec6030bbac49513) H:\WINDOWS\system32\Drivers\PxHelp20.sys

09:45:24.0633 2544 PxHelp20 - ok

09:45:24.0648 2544 ql1080 - ok

09:45:24.0648 2544 Ql10wnt - ok

09:45:24.0664 2544 ql12160 - ok

09:45:24.0680 2544 ql1240 - ok

09:45:24.0695 2544 ql1280 - ok

09:45:24.0711 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys

09:45:24.0836 2544 RasAcd - ok

09:45:24.0883 2544 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) H:\WINDOWS\System32\rasauto.dll

09:45:25.0008 2544 RasAuto - ok

09:45:25.0070 2544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:45:25.0195 2544 Rasl2tp - ok

09:45:25.0242 2544 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) H:\WINDOWS\System32\rasmans.dll

09:45:25.0383 2544 RasMan - ok

09:45:25.0430 2544 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:45:25.0570 2544 RasPppoe - ok

09:45:25.0586 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys

09:45:25.0711 2544 Raspti - ok

09:45:25.0726 2544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys

09:45:25.0867 2544 Rdbss - ok

09:45:25.0883 2544 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:45:26.0039 2544 RDPCDD - ok

09:45:26.0070 2544 rdpdr (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:45:26.0195 2544 rdpdr - ok

09:45:26.0258 2544 RDPWD (5b3055daa788bd688594d2f5981f2a83) H:\WINDOWS\system32\drivers\RDPWD.sys

09:45:26.0273 2544 RDPWD - ok

09:45:26.0320 2544 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) H:\WINDOWS\system32\sessmgr.exe

09:45:26.0445 2544 RDSessMgr - ok

09:45:26.0476 2544 redbook (f828dd7e1419b6653894a8f97a0094c5) H:\WINDOWS\system32\DRIVERS\redbook.sys

09:45:26.0617 2544 redbook - ok

09:45:26.0648 2544 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) H:\WINDOWS\System32\mprdim.dll

09:45:26.0789 2544 RemoteAccess - ok

09:45:26.0805 2544 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) H:\WINDOWS\system32\regsvc.dll

09:45:26.0945 2544 RemoteRegistry - ok

09:45:26.0976 2544 RpcLocator (aaed593f84afa419bbae8572af87cf6a) H:\WINDOWS\system32\locator.exe

09:45:27.0101 2544 RpcLocator - ok

09:45:27.0148 2544 RpcSs (6b27a5c03dfb94b4245739065431322c) H:\WINDOWS\system32\rpcss.dll

09:45:27.0195 2544 RpcSs - ok

09:45:27.0258 2544 RSVP (471b3f9741d762abe75e9deea4787e47) H:\WINDOWS\system32\rsvp.exe

09:45:27.0383 2544 RSVP - ok

09:45:27.0430 2544 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) H:\WINDOWS\system32\lsass.exe

09:45:27.0539 2544 SamSs - ok

09:45:27.0570 2544 SCardSvr (86d007e7a654b9a71d1d7d856b104353) H:\WINDOWS\System32\SCardSvr.exe

09:45:27.0711 2544 SCardSvr - ok

09:45:27.0742 2544 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) H:\WINDOWS\system32\schedsvc.dll

09:45:27.0883 2544 Schedule - ok

09:45:27.0930 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys

09:45:28.0055 2544 Secdrv - ok

09:45:28.0070 2544 seclogon (cbe612e2bb6a10e3563336191eda1250) H:\WINDOWS\System32\seclogon.dll

09:45:28.0211 2544 seclogon - ok

09:45:28.0242 2544 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) H:\WINDOWS\system32\sens.dll

09:45:28.0383 2544 SENS - ok

09:45:28.0430 2544 Serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys

09:45:28.0555 2544 Serenum - ok

09:45:28.0586 2544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) H:\WINDOWS\system32\drivers\Serial.sys

09:45:28.0695 2544 Serial - ok

09:45:28.0742 2544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys

09:45:28.0851 2544 Sfloppy - ok

09:45:28.0898 2544 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) H:\WINDOWS\System32\ipnathlp.dll

09:45:29.0039 2544 SharedAccess - ok

09:45:29.0117 2544 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:45:29.0133 2544 ShellHWDetection - ok

09:45:29.0148 2544 Simbad - ok

09:45:29.0211 2544 slsusb (2e6b432eff53b67d06383d3f3abe23d1) H:\WINDOWS\system32\Drivers\slsusb.sys

09:45:29.0226 2544 slsusb - ok

09:45:29.0242 2544 Sparrow - ok

09:45:29.0273 2544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys

09:45:29.0398 2544 splitter - ok

09:45:29.0461 2544 Spooler (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe

09:45:29.0476 2544 Spooler - ok

09:45:29.0523 2544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) H:\WINDOWS\system32\DRIVERS\sr.sys

09:45:29.0664 2544 sr - ok

09:45:29.0726 2544 srservice (3805df0ac4296a34ba4bf93b346cc378) H:\WINDOWS\system32\srsvc.dll

09:45:29.0851 2544 srservice - ok

09:45:29.0914 2544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys

09:45:29.0930 2544 Srv - ok

09:45:30.0023 2544 SSDPSRV (0a5679b3714edab99e357057ee88fca6) H:\WINDOWS\System32\ssdpsrv.dll

09:45:30.0148 2544 SSDPSRV - ok

09:45:30.0289 2544 STHDA (2a2dc39623adef8ab3703ab9fac4b440) H:\WINDOWS\system32\drivers\sthda.sys

09:45:30.0367 2544 STHDA - ok

09:45:30.0430 2544 stisvc (8bad69cbac032d4bbacfce0306174c30) H:\WINDOWS\system32\wiaservc.dll

09:45:30.0555 2544 stisvc - ok

09:45:30.0601 2544 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys

09:45:30.0742 2544 swenum - ok

09:45:30.0820 2544 SwitchBoard (f577910a133a592234ebaad3f3afa258) H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

09:45:30.0867 2544 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

09:45:30.0867 2544 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

09:45:30.0945 2544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys

09:45:31.0070 2544 swmidi - ok

09:45:31.0086 2544 SwPrv - ok

09:45:31.0101 2544 symc810 - ok

09:45:31.0101 2544 symc8xx - ok

09:45:31.0117 2544 sym_hi - ok

09:45:31.0133 2544 sym_u3 - ok

09:45:31.0164 2544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys

09:45:31.0305 2544 sysaudio - ok

09:45:31.0320 2544 SysmonLog (c7abbc59b43274b1109df6b24d617051) H:\WINDOWS\system32\smlogsvc.exe

09:45:31.0461 2544 SysmonLog - ok

09:45:31.0492 2544 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) H:\WINDOWS\System32\tapisrv.dll

09:45:31.0633 2544 TapiSrv - ok

09:45:31.0695 2544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys

09:45:31.0742 2544 Tcpip - ok

09:45:31.0773 2544 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys

09:45:31.0914 2544 TDPIPE - ok

09:45:31.0930 2544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys

09:45:32.0070 2544 TDTCP - ok

09:45:32.0101 2544 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys

09:45:32.0226 2544 TermDD - ok

09:45:32.0258 2544 TermService (ff3477c03be7201c294c35f684b3479f) H:\WINDOWS\System32\termsrv.dll

09:45:32.0398 2544 TermService - ok

09:45:32.0430 2544 Themes (99bc0b50f511924348be19c7c7313bbf) H:\WINDOWS\System32\shsvcs.dll

09:45:32.0445 2544 Themes - ok

09:45:32.0476 2544 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) H:\WINDOWS\system32\tlntsvr.exe

09:45:32.0601 2544 TlntSvr - ok

09:45:32.0633 2544 TosIde - ok

09:45:32.0664 2544 TrkWks (55bca12f7f523d35ca3cb833c725f54e) H:\WINDOWS\system32\trkwks.dll

09:45:32.0805 2544 TrkWks - ok

09:45:32.0836 2544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys

09:45:32.0961 2544 Udfs - ok

09:45:33.0008 2544 ultra - ok

09:45:33.0070 2544 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) H:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

09:45:33.0070 2544 UltraMonUtility - ok

09:45:33.0117 2544 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) H:\WINDOWS\system32\wdfmgr.exe

09:45:33.0164 2544 UMWdf - ok

09:45:33.0180 2544 UnsignedThemes (3d571a3cbf127e9555ead2f8598f425f) H:\WINDOWS\UnsignedThemesSvc.exe

09:45:33.0195 2544 UnsignedThemes - ok

09:45:33.0305 2544 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys

09:45:33.0445 2544 Update - ok

09:45:33.0508 2544 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) H:\WINDOWS\System32\upnphost.dll

09:45:33.0633 2544 upnphost - ok

09:45:33.0664 2544 UPS (05365fb38fca1e98f7a566aaaf5d1815) H:\WINDOWS\System32\ups.exe

09:45:33.0805 2544 UPS - ok

09:45:33.0851 2544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:45:33.0976 2544 usbccgp - ok

09:45:34.0055 2544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys

09:45:34.0180 2544 usbehci - ok

09:45:34.0211 2544 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys

09:45:34.0351 2544 usbhub - ok

09:45:34.0383 2544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys

09:45:34.0508 2544 usbscan - ok

09:45:34.0539 2544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:45:34.0664 2544 usbstor - ok

09:45:34.0695 2544 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) H:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:45:34.0836 2544 usbuhci - ok

09:45:34.0867 2544 uxpatch (628c632710ab55747cb5bcc68716be21) H:\WINDOWS\system32\drivers\uxpatch.sys

09:45:34.0883 2544 uxpatch - ok

09:45:34.0914 2544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys

09:45:35.0055 2544 VgaSave - ok

09:45:35.0070 2544 ViaIde - ok

09:45:35.0101 2544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) H:\WINDOWS\system32\drivers\VolSnap.sys

09:45:35.0226 2544 VolSnap - ok

09:45:35.0273 2544 VSS (7a9db3a67c333bf0bd42e42b8596854b) H:\WINDOWS\System32\vssvc.exe

09:45:35.0398 2544 VSS - ok

09:45:35.0430 2544 W32Time (54af4b1d5459500ef0937f6d33b1914f) H:\WINDOWS\system32\w32time.dll

09:45:35.0555 2544 W32Time - ok

09:45:35.0617 2544 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys

09:45:35.0742 2544 Wanarp - ok

09:45:35.0758 2544 WDICA - ok

09:45:35.0789 2544 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys

09:45:35.0914 2544 wdmaud - ok

09:45:35.0945 2544 WebClient (77a354e28153ad2d5e120a5a8687bc06) H:\WINDOWS\System32\webclnt.dll

09:45:36.0086 2544 WebClient - ok

09:45:36.0133 2544 winmgmt (2d0e4ed081963804ccc196a0929275b5) H:\WINDOWS\system32\wbem\WMIsvc.dll

09:45:36.0242 2544 winmgmt - ok

09:45:36.0289 2544 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) H:\WINDOWS\system32\MsPMSNSv.dll

09:45:36.0336 2544 WmdmPmSN - ok

09:45:36.0383 2544 Wmi (e76f8807070ed04e7408a86d6d3a6137) H:\WINDOWS\System32\advapi32.dll

09:45:36.0461 2544 Wmi - ok

09:45:36.0539 2544 WmiApSrv (e0673f1106e62a68d2257e376079f821) H:\WINDOWS\system32\wbem\wmiapsrv.exe

09:45:36.0664 2544 WmiApSrv - ok

09:45:36.0805 2544 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:45:36.0836 2544 WPFFontCache_v0400 - ok

09:45:36.0898 2544 wscsvc (7c278e6408d1dce642230c0585a854d5) H:\WINDOWS\system32\wscsvc.dll

09:45:37.0039 2544 wscsvc - ok

09:45:37.0070 2544 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) H:\WINDOWS\system32\wuauserv.dll

09:45:37.0211 2544 wuauserv - ok

09:45:37.0258 2544 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) H:\WINDOWS\System32\wzcsvc.dll

09:45:37.0398 2544 WZCSVC - ok

09:45:37.0430 2544 xmlprov (295d21f14c335b53cb8154e5b1f892b9) H:\WINDOWS\System32\xmlprov.dll

09:45:37.0555 2544 xmlprov - ok

09:45:37.0570 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:45:37.0773 2544 \Device\Harddisk0\DR0 - ok

09:45:37.0805 2544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR15

09:45:37.0930 2544 \Device\Harddisk1\DR15 - ok

09:45:37.0930 2544 Boot (0x1200) (083e26d9bcf9fd3fda434af9242a961c) \Device\Harddisk0\DR0\Partition0

09:45:37.0930 2544 \Device\Harddisk0\DR0\Partition0 - ok

09:45:37.0945 2544 Boot (0x1200) (96ec6af688643d3a0c6a3c0e9e67cc07) \Device\Harddisk0\DR0\Partition1

09:45:37.0945 2544 \Device\Harddisk0\DR0\Partition1 - ok

09:45:37.0961 2544 Boot (0x1200) (2305561351e553de7c502727302323e3) \Device\Harddisk1\DR15\Partition0

09:45:37.0961 2544 \Device\Harddisk1\DR15\Partition0 - ok

09:45:37.0961 2544 ============================================================

09:45:37.0961 2544 Scan finished

09:45:37.0961 2544 ============================================================

09:45:38.0070 2688 Detected object count: 14

09:45:38.0070 2688 Actual detected object count: 14

09:47:21.0648 2688 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0648 2688 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0648 2688 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0648 2688 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0648 2688 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0648 2688 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 hptsvr ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 hptsvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0664 2688 nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0664 2688 nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0680 2688 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0680 2688 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0680 2688 PRISMSVC ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0680 2688 PRISMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:47:21.0680 2688 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

09:47:21.0680 2688 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-04-16.03 - BRIAN - NCT 04/17/2012 10:26:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3838.3099 [GMT -7:00]

Running from: h:\documents and settings\BRIAN - NCT\Desktop\ComboFix.exe

Command switches used :: h:\documents and settings\BRIAN - NCT\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

h:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK

h:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK

.

.

((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))

.

.

2012-04-17 16:33 . 2012-04-17 16:34 -------- d-----w- h:\program files\ERUNT

2012-04-16 23:20 . 2012-04-16 23:20 -------- d-----w- h:\program files\FileZilla FTP Client

2012-04-12 10:15 . 2012-04-12 10:15 -------- d-----w- h:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help

2012-04-12 01:14 . 2010-09-18 06:53 953856 -c----w- h:\windows\system32\dllcache\mfc40u.dll

2012-04-12 01:14 . 2010-08-23 16:12 617472 -c----w- h:\windows\system32\dllcache\comctl32.dll

2012-04-12 01:09 . 2010-11-02 15:17 40960 -c----w- h:\windows\system32\dllcache\ndproxy.sys

2012-04-12 01:04 . 2011-04-21 13:37 105472 -c----w- h:\windows\system32\dllcache\mup.sys

2012-04-12 00:56 . 2011-04-29 19:07 852480 -c----w- h:\windows\system32\dllcache\vgx.dll

2012-04-12 00:55 . 2011-07-08 14:02 10496 -c----w- h:\windows\system32\dllcache\ndistapi.sys

2012-04-12 00:55 . 2012-01-11 19:06 3072 -c----w- h:\windows\system32\dllcache\iacenc.dll

2012-04-12 00:55 . 2012-01-11 19:06 3072 ------w- h:\windows\system32\iacenc.dll

2012-04-12 00:55 . 2010-10-11 14:59 45568 -c----w- h:\windows\system32\dllcache\wab.exe

2012-04-12 00:55 . 2012-01-09 16:20 139784 -c----w- h:\windows\system32\dllcache\rdpwd.sys

2012-04-11 17:52 . 2012-04-11 17:52 -------- d-----w- h:\documents and settings\BRIAN - NCT\Application Data\Adobe Mini Bridge CS5.1

2012-04-11 17:52 . 2012-04-11 17:52 -------- d-----w- h:\documents and settings\BRIAN - NCT\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2012-04-11 16:57 . 2012-04-11 16:57 -------- d-----w- h:\windows\system32\wbem\Repository

2012-04-11 15:53 . 2009-08-07 02:23 274288 ----a-w- h:\windows\system32\mucltui.dll

2012-04-11 15:53 . 2009-08-07 02:23 215920 ----a-w- h:\windows\system32\muweb.dll

2012-04-11 15:43 . 2012-04-11 15:43 -------- d-----w- h:\program files\Microsoft Synchronization Services

2012-04-11 15:42 . 2012-04-11 15:42 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition

2012-04-11 15:42 . 2012-04-11 15:42 -------- d-----w- h:\documents and settings\All Users\Microsoft

2012-04-11 15:08 . 2012-04-11 15:08 -------- d-----w- h:\windows\system32\scripting

2012-04-11 15:08 . 2012-04-11 15:08 -------- d-----w- h:\windows\l2schemas

2012-04-11 15:08 . 2012-04-11 15:08 -------- d-----w- h:\windows\system32\en

2012-04-11 15:08 . 2012-04-11 15:08 -------- d-----w- h:\windows\system32\bits

2012-04-10 22:53 . 2012-04-11 15:20 -------- d-----w- h:\documents and settings\BRIAN - NCT\Local Settings\Application Data\LogMeIn Rescue Applet

2012-04-06 20:33 . 2012-04-06 20:33 -------- d-----w- h:\program files\Castle Creations

2012-04-06 20:33 . 2012-04-06 20:33 -------- d-----w- h:\documents and settings\BRIAN - NCT\Application Data\Castle Creations

2012-04-05 19:35 . 2012-04-11 18:26 -------- d-----w- h:\documents and settings\BRIAN - NCT\Application Data\ObviousIdea

2012-04-05 19:35 . 2012-04-05 19:35 -------- d-----w- h:\program files\ObviousIdea

2012-04-05 15:08 . 2012-04-05 15:08 -------- d-----w- h:\program files\MagicDisc

2012-04-05 15:08 . 2009-02-25 01:42 116736 ----a-w- h:\windows\system32\drivers\mcdbus.sys

2012-03-27 20:58 . 2012-03-27 20:59 -------- d-----w- h:\program files\Vertus Fluid Mask 3

2012-03-26 23:31 . 2012-03-26 23:31 592824 ----a-w- h:\program files\Mozilla Firefox\gkmedias.dll

2012-03-26 23:31 . 2012-03-26 23:31 44472 ----a-w- h:\program files\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 22:56 . 2011-12-19 17:39 22344 ----a-w- h:\windows\system32\drivers\mbam.sys

2012-02-29 14:10 . 2004-08-10 11:00 177664 ----a-w- h:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-10 11:00 148480 ----a-w- h:\windows\system32\imagehlp.dll

2012-02-28 18:50 . 2006-03-04 03:33 667136 ----a-w- h:\windows\system32\wininet.dll

2012-02-28 18:50 . 2004-08-10 11:00 61952 ----a-w- h:\windows\system32\tdc.ocx

2012-02-28 18:50 . 2004-08-10 11:00 81920 ----a-w- h:\windows\system32\ieencode.dll

2012-02-28 13:50 . 2004-08-10 11:00 369664 ----a-w- h:\windows\system32\html.iec

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- h:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22 . 2004-08-10 11:00 1860096 ----a-w- h:\windows\system32\win32k.sys

2012-03-26 23:31 . 2011-12-27 18:37 97208 ----a-w- h:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeBridge"="h:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="h:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"CTSVolFE"="h:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"Malwarebytes' Anti-Malware"="h:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"GrooveMonitor"="h:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"AdobeAAMUpdater-1.0"="h:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"AdobeCS5.5ServiceManager"="h:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"BCSSync"="h:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SwitchBoard"="h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

.

h:\documents and settings\BRIAN - NCT\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - h:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [2012-4-5 576000]

OpenOffice.org 3.3.lnk - h:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

h:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - h:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

UltraMon.lnk - h:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2011-12-19 29310]

Wireless USB 2.0 WLAN Card Utility.lnk - h:\program files\Dell Wireless\PRISMCFG.exe [2011-12-18 921707]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]

2006-10-12 17:42 450649 ----a-r- h:\windows\system32\PRISMAPI.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Program Files\\Messenger\\msmsgs.exe"=

"h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

.

R2 MBAMService;MBAMService;h:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/19/2011 10:39 AM 654408]

R2 nlsX86cc;Nalpeiron Licensing Service;h:\windows\system32\nlssrv32.exe [1/21/2011 10:05 AM 64512]

R2 PRISMSVC;PRISMSVC;h:\windows\system32\PRISMSVC.exe [12/18/2011 11:45 AM 61529]

R2 UltraMonUtility;UltraMon Utility Driver;h:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 3:11 AM 17184]

R2 UnsignedThemes;Unsigned Themes;h:\windows\UnsignedThemesSvc.exe [7/13/2009 2:07 AM 21096]

R2 uxpatch;uxpatch;h:\windows\system32\drivers\uxpatch.sys [7/13/2009 2:07 AM 25448]

R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [12/19/2011 10:39 AM 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 hptsvr;hptsvr;h:\program files\G-Technology\G-Tech G-SPEED eS Configuration Utility Software\Service\hptsvr.exe [1/23/2012 5:20 PM 45056]

S3 osppsvc;Office Software Protection Platform;h:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 slsusb;Edge CS/CTS Device Driver;h:\windows\system32\drivers\slsusb.sys [1/20/2012 4:32 PM 26208]

S3 SwitchBoard;SwitchBoard;h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1644491937-725345543-1003Core.job

- h:\documents and settings\BRIAN - NCT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-19 16:10]

.

2012-04-17 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1644491937-725345543-1003UA.job

- h:\documents and settings\BRIAN - NCT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-19 16:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - h:\documents and settings\BRIAN - NCT\Application Data\Mozilla\Firefox\Profiles\4u1g8zb0.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-17 10:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(708)

h:\windows\system32\Ati2evxx.dll

h:\windows\system32\PRISMAPI.DLL

.

Completion time: 2012-04-17 10:37:23

ComboFix-quarantined-files.txt 2012-04-17 17:37

.

Pre-Run: 459,010,482,176 bytes free

Post-Run: 459,152,949,248 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

.

- - End Of File - - 4A9A1CD67B5EA71475CE653D5FF4F69A

Link to post
Share on other sites

Run RogueKiller again and click scan, when the scan completes.....

Click on the Registry Entries tab and put a check next to these and uncheck the rest:

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "H:\Documents and Settings\BRIAN - NCT\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\yvfpemrj.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "H:\Documents and Settings\BRIAN - NCT\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1\yvfpemrj.dll",DllRegisterServer) -> FOUND

Now click Delete in the right hand column.

-----------------------------

Next.......

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

------------------------------

Last.......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.17.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

BRIAN - NCT :: HOME-CFBB0C4D2C [administrator]

Protection: Enabled

4/17/2012 11:21:27 AM

mbam-log-2012-04-17 (11-21-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200810

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OK, if you think it's OK now......a little clean up to do:

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 22

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.