Jump to content

Recommended Posts

  • Replies 135
  • Created
  • Last Reply

Top Posters In This Topic

dds.scr keeps locking up but rsit.exe finaly posted the list below

Logfile of random's system information tool 1.09 (written by random/random)

Run by bobby at 2012-05-19 05:09:05

Microsoft Windows XP Professional Service Pack 3

System drive C: has 10 GB (10%) free of 94 GB

Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:09:24 AM, on 5/19/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Documents and Settings\bobby\Desktop\RSIT.exe

C:\Program Files\trend micro\bobby.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=f8a4ec2100000000000000502c09e114

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O1 - Hosts: 64.46.38.57 www.google-analytics.com.

O1 - Hosts: 64.46.38.57 ad-emea.doubleclick.net.

O1 - Hosts: 64.46.38.57 www.statcounter.com.

O1 - Hosts: 178.250.45.15 www.google-analytics.com.

O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.

O1 - Hosts: 178.250.45.15 www.statcounter.com.

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Unknown owner - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 8707 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At10.job

C:\WINDOWS\tasks\At11.job

C:\WINDOWS\tasks\At12.job

C:\WINDOWS\tasks\At13.job

C:\WINDOWS\tasks\At14.job

C:\WINDOWS\tasks\At15.job

C:\WINDOWS\tasks\At16.job

C:\WINDOWS\tasks\At17.job

C:\WINDOWS\tasks\At18.job

C:\WINDOWS\tasks\At19.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At20.job

C:\WINDOWS\tasks\At21.job

C:\WINDOWS\tasks\At22.job

C:\WINDOWS\tasks\At23.job

C:\WINDOWS\tasks\At24.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\At5.job

C:\WINDOWS\tasks\At6.job

C:\WINDOWS\tasks\At7.job

C:\WINDOWS\tasks\At8.job

C:\WINDOWS\tasks\At9.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

C:\WINDOWS\tasks\Uxgveksgfo.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, avg@igeared:6.103.018.001, searchtoolbar@zugo.com:1.2, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="

"avg@igeared"=C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"fmconverter@gmail.com"=C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

"fmdownloader@gmail.com"=C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\

"{8FF5ADEC-B7B1-4948-B8F4-11CBE0DBDF79}"=C:\Documents and Settings\bobby\Local Settings\Application Data\{8FF5ADEC-B7B1-4948-B8F4-11CBE0DBDF79}

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/MycameraPlugin]

"Description"=Canon MycameraPlugin

"Path"=C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]

"Description"=Yahoo Messenger State Plugin

"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin]

"Description"=PDFlite Browser Plugin

"Path"=C:\Program Files\PDFlite\npPdfViewer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsILegitCheckPlugin.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

np32dsw.dll

npdeployJava1.dll

npEModelPlugin.dll

npLegitCheckPlugin.dll

npMozCouponPrinter.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

nsEModelPlugin.xpt

QuickTimePlugin.class

ShockwavePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg_igeared.xml

babylon.xml

bing.xml

eBay.xml

fcmdSrch.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default\extensions\

searchtoolbar@zugo.com

{635abd67-4fe9-1b23-4f01-e679fa7484c1}

C:\Documents and Settings\bobby\Application Data\Mozilla\Firefox\Profiles\0rfsbnp3.default\searchplugins\

bing-zugo.xml

googlecom-in-english.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-15 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-12 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-15 192112]

{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"CM-SmWizard"=C:\WINDOWS\System\SmWizard.exe [2003-09-25 1454080]

"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]

""= []

"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe []

"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-27 39408]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Akamai NetSession Interface"=C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe [2012-03-13 3331872]

"Internet Security"=C:\Documents and Settings\All Users\Application Data\isecurity.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79279868.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\79279868.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\ATCS Monitor\atcsmon.exe"="C:\Program Files\ATCS Monitor\atcsmon.exe:*:Enabled:ATCS Monitor for Windows"

"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2"

"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"

"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"

"C:\Documents and Settings\bobby\Desktop\Battlefield 2\BF2.exe"="C:\Documents and Settings\bobby\Desktop\Battlefield 2\BF2.exe:*:Disabled:BF2"

"C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\BF2.exe"="C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\BF2.exe:*:Disabled:BF2"

"C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\Bf2_w32ded.exe"="C:\Documents and Settings\bobby\My Documents\games old\Battlefield 2\Bf2_w32ded.exe:*:Disabled:Bf2_w32ded"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary"

"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java Platform SE binary"

"C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe"="C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"VIDC.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"VIDC.YVYU"=msyuv.dll

"wavemapper"=msacm32.drv

"midi"=wdmaud.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"VIDC.wmv3"=wmv9vcm.dll

"vidc.MPG4"=mpg4c32.dll

"vidc.MP42"=mpg4c32.dll

"vidc.MP43"=mpg4c32.dll

"vidc.dvsd"=dvc.dll

"msacm.avis"=ff_acm.acm

"VIDC.JPEG"=jpegCode.dll

"VIDC.MJPG"=jpegCode.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer"=wdmaud.drv

"vidc.DIVX"=DivX.dll

"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-05-19 04:33:32 ----ASH---- C:\hiberfil.sys

2012-05-19 03:35:34 ----D---- C:\rsit

2012-05-19 03:35:34 ----D---- C:\Program Files\trend micro

2012-05-10 23:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$

2012-05-10 23:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$

2012-05-10 23:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$

2012-05-10 23:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$

2012-05-08 15:54:21 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla

2012-05-08 15:54:20 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of files/folders modified in the last 1 month======

2012-05-19 05:08:26 ----D---- C:\WINDOWS\system32\drivers\etc

2012-05-19 05:06:01 ----D---- C:\WINDOWS\Temp

2012-05-19 05:05:55 ----D---- C:\WINDOWS\system32\CatRoot2

2012-05-19 05:05:22 ----D---- C:\WINDOWS\system32\drivers

2012-05-19 05:03:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-05-19 04:57:54 ----SD---- C:\WINDOWS\Tasks

2012-05-19 04:45:45 ----D---- C:\WINDOWS\Prefetch

2012-05-19 04:26:59 ----A---- C:\WINDOWS\ntbtlog.txt

2012-05-19 03:35:34 ----RD---- C:\Program Files

2012-05-18 13:32:07 ----D---- C:\WINDOWS\system32\config

2012-05-17 17:38:24 ----D---- C:\Program Files\ATCS Monitor

2012-05-15 12:52:42 ----D---- C:\Program Files\Mozilla Firefox

2012-05-13 22:21:06 ----D---- C:\Documents and Settings\bobby\Application Data\PhotoScape

2012-05-13 03:37:06 ----A---- C:\WINDOWS\ROCKSIM.INI

2012-05-13 02:12:46 ----D---- C:\Program Files\Windows Media Connect 2

2012-05-13 01:56:38 ----D---- C:\Program Files\Zero G Registry

2012-05-11 23:58:52 ----D---- C:\Program Files\Free CraigsList Reader Pro from CraigsPal

2012-05-11 21:06:03 ----SHD---- C:\WINDOWS\Installer

2012-05-11 21:06:03 ----D---- C:\Config.Msi

2012-05-11 00:17:29 ----AD---- C:\WINDOWS

2012-05-11 00:16:32 ----D---- C:\WINDOWS\system32

2012-05-10 23:56:17 ----RSD---- C:\WINDOWS\assembly

2012-05-10 23:56:17 ----D---- C:\WINDOWS\Microsoft.NET

2012-05-10 23:34:13 ----D---- C:\WINDOWS\inf

2012-05-10 23:33:59 ----D---- C:\WINDOWS\WinSxS

2012-05-10 23:33:14 ----D---- C:\WINDOWS\system32\XPSViewer

2012-05-10 23:27:43 ----A---- C:\WINDOWS\system32\MRT.exe

2012-05-10 23:26:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-05-10 23:19:14 ----A---- C:\WINDOWS\imsins.BAK

2012-05-10 23:19:10 ----D---- C:\WINDOWS\$hf_mig$

2012-05-10 23:11:51 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-05-05 14:52:47 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-05-03 01:03:04 ----D---- C:\Program Files\vReveal

2012-05-03 01:03:02 ----D---- C:\Program Files\Search Toolbar

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime(3)

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime(2)(2)

2012-05-03 01:03:02 ----D---- C:\Program Files\QuickTime

2012-05-03 01:03:00 ----D---- C:\Program Files\eVGADrv

2012-05-03 01:02:59 ----D---- C:\Program Files\Messenger

2012-05-02 23:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Freemake

2012-04-30 21:27:25 ----D---- C:\Program Files\Microsoft Security Client

2012-04-28 11:16:47 ----D---- C:\Program Files\SUPERAntiSpyware

2012-04-27 23:09:37 ----D---- C:\Documents and Settings\bobby\Application Data\playitall

2012-04-27 14:19:55 ----D---- C:\Documents and Settings\bobby\Application Data\vlc

2012-04-23 02:13:46 ----D---- C:\Documents and Settings\bobby\Application Data\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 49653952;49653952 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\49653952.sys [2009-10-22 37392]

R0 85656582;85656582 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\85656582.sys [2009-10-22 37392]

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]

R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2003-09-02 54656]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]

R1 49653951;49653951; C:\WINDOWS\system32\DRIVERS\49653951.sys [2009-09-25 128016]

R1 85656581;85656581; C:\WINDOWS\system32\DRIVERS\85656581.sys [2009-09-25 128016]

R1 MpKsl8552c549;MpKsl8552c549; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6B524B2-F0EE-4E4D-BD65-06B168DBECB7}\MpKsl8552c549.sys []

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R1 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBREDrv.sys [2010-11-09 98392]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-09-29 754496]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-06-06 70656]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2003-07-03 41184]

S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-07-03 45664]

S3 iteio;iteio; \??\C:\WINDOWS\system32\drivers\iteio.sys []

S3 itsernum;itsernum Filter ÅX°Êµ{¦¡; C:\WINDOWS\system32\DRIVERS\itsernum.sys [2001-08-21 20133]

S3 KMWDKUSB;KM-WDK USB; C:\WINDOWS\System32\Drivers\KMWDKUSB.sys [2003-02-24 41667]

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\6.tmp []

S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]

S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]

S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-30 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]

R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-03-21 68928]

R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2010-09-13 399872]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe []

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-27 182768]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]

S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-12-09 79360]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

roguekiller scan report

RogueKiller V7.4.5 [05/18/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: bobby [Admin rights]

Mode: Scan -- Date: 05/19/2012 15:01:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1935655697-412668190-682003330-1003[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HIDDEN VAL] HKLM\[...]\Run : @ () -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\documents and settings\bobby\application data\adobe\plugs --> FOUND

[FOLDER] shed : c:\documents and settings\bobby\application data\adobe\shed --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

64.46.38.57 www.google-analytics.com.

64.46.38.57 ad-emea.doubleclick.net.

64.46.38.57 www.statcounter.com.

178.250.45.15 www.google-analytics.com.

178.250.45.15 ad-emea.doubleclick.net.

178.250.45.15 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6L200M0 +++++

--- User ---

[MBR] 3f1ffece4e8133efce6b110922446a17

[bSP] ebac06f2b83d96fb525c7818499228dd : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 94468 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 193470795 | Size: 100006 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes > click on the Registry Entries tab

Put a check next to all of these and uncheck the rest:

[sUSP PATH] HKCU\[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1935655697-412668190-682003330-1003[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HIDDEN VAL] HKLM\[...]\Run : @ () -> FOUND

Now click Delete on the right hand column.

Repeat the process for these

Click on the Particular Files / Folders > put a check next to these and uncheck the rest

[FOLDER] plugs : c:\documents and settings\bobby\application data\adobe\plugs --> FOUND

[FOLDER] shed : c:\documents and settings\bobby\application data\adobe\shed --> FOUND

Click on Delete

Next click on the HostFix on the right hand column.

---------------------------------------

Last.......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

sorry for all of the questions but I want to be shure I delete the correct ones as i dont see these files below

[sUSP PATH] HKCU\[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1935655697-412668190-682003330-1003[...]\Run : Internet Security (C:\Documents and Settings\All Users\Application Data\isecurity.exe) -> FOUND

[bLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HIDDEN VAL] HKLM\[...]\Run : @ () -> FOUND

do I delete all 5 files that have chcek marks by them ?

I have already backed up registry and created a restore point

Link to post
Share on other sites

tdssKiller scan results

17:55:05.0796 0608 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

17:55:06.0218 0608 ============================================================

17:55:06.0218 0608 Current date / time: 2012/05/19 17:55:06.0218

17:55:06.0218 0608 SystemInfo:

17:55:06.0218 0608

17:55:06.0218 0608 OS Version: 5.1.2600 ServicePack: 3.0

17:55:06.0218 0608 Product type: Workstation

17:55:06.0218 0608 ComputerName: HOTROD

17:55:06.0218 0608 UserName: bobby

17:55:06.0218 0608 Windows directory: C:\WINDOWS

17:55:06.0218 0608 System windows directory: C:\WINDOWS

17:55:06.0218 0608 Processor architecture: Intel x86

17:55:06.0218 0608 Number of processors: 1

17:55:06.0218 0608 Page size: 0x1000

17:55:06.0218 0608 Boot type: Normal boot

17:55:06.0218 0608 ============================================================

17:55:07.0234 0608 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:55:07.0234 0608 ============================================================

17:55:07.0234 0608 \Device\Harddisk0\DR0:

17:55:07.0234 0608 MBR partitions:

17:55:07.0234 0608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB88210C

17:55:07.0234 0608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB88214B, BlocksNum 0xC35318D

17:55:07.0234 0608 ============================================================

17:55:07.0328 0608 C: <-> \Device\Harddisk0\DR0\Partition0

17:55:07.0437 0608 D: <-> \Device\Harddisk0\DR0\Partition1

17:55:07.0437 0608 ============================================================

17:55:07.0437 0608 Initialize success

17:55:07.0437 0608 ============================================================

17:55:53.0046 2820 ============================================================

17:55:53.0046 2820 Scan started

17:55:53.0046 2820 Mode: Manual; SigCheck; TDLFS;

17:55:53.0046 2820 ============================================================

17:55:53.0328 2820 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

17:55:53.0421 2820 !SASCORE - ok

17:55:53.0625 2820 49653951 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\49653951.sys

17:55:53.0937 2820 49653951 - ok

17:55:53.0984 2820 49653952 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\49653952.sys

17:55:54.0000 2820 49653952 - ok

17:55:54.0046 2820 85656581 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\85656581.sys

17:55:54.0062 2820 85656581 - ok

17:55:54.0078 2820 85656582 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\85656582.sys

17:55:54.0078 2820 85656582 - ok

17:55:54.0093 2820 Abiosdsk - ok

17:55:54.0109 2820 abp480n5 - ok

17:55:54.0156 2820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:55:55.0125 2820 ACPI - ok

17:55:55.0171 2820 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:55:55.0312 2820 ACPIEC - ok

17:55:55.0406 2820 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:55:55.0437 2820 AdobeFlashPlayerUpdateSvc - ok

17:55:55.0453 2820 adpu160m - ok

17:55:55.0500 2820 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:55:55.0640 2820 aec - ok

17:55:55.0687 2820 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:55:55.0734 2820 AFD - ok

17:55:55.0750 2820 Aha154x - ok

17:55:55.0765 2820 aic78u2 - ok

17:55:55.0765 2820 aic78xx - ok

17:55:55.0812 2820 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:55:56.0000 2820 Alerter - ok

17:55:56.0015 2820 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:55:56.0078 2820 ALG - ok

17:55:56.0093 2820 AliIde - ok

17:55:56.0109 2820 amsint - ok

17:55:56.0156 2820 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

17:55:56.0218 2820 AppMgmt - ok

17:55:56.0234 2820 asc - ok

17:55:56.0250 2820 asc3350p - ok

17:55:56.0265 2820 asc3550 - ok

17:55:56.0375 2820 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

17:55:56.0453 2820 aspnet_state - ok

17:55:56.0484 2820 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:55:56.0625 2820 AsyncMac - ok

17:55:56.0656 2820 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:55:56.0812 2820 atapi - ok

17:55:56.0828 2820 Atdisk - ok

17:55:56.0890 2820 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe

17:55:57.0312 2820 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning

17:55:57.0312 2820 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)

17:55:57.0406 2820 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe

17:55:57.0437 2820 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

17:55:57.0437 2820 ATI Smart - detected UnsignedFile.Multi.Generic (1)

17:55:57.0578 2820 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:55:57.0734 2820 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

17:55:57.0734 2820 ati2mtag - detected UnsignedFile.Multi.Generic (1)

17:55:57.0843 2820 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:55:58.0000 2820 Atmarpc - ok

17:55:58.0031 2820 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:55:58.0218 2820 AudioSrv - ok

17:55:58.0234 2820 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:55:58.0390 2820 audstub - ok

17:55:58.0437 2820 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:55:58.0593 2820 Beep - ok

17:55:58.0656 2820 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:55:58.0859 2820 BITS - ok

17:55:58.0906 2820 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:55:59.0078 2820 Browser - ok

17:55:59.0125 2820 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:55:59.0281 2820 cbidf2k - ok

17:55:59.0296 2820 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:55:59.0468 2820 CCDECODE - ok

17:55:59.0484 2820 cd20xrnt - ok

17:55:59.0515 2820 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:55:59.0687 2820 Cdaudio - ok

17:55:59.0718 2820 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:55:59.0890 2820 Cdfs - ok

17:55:59.0906 2820 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:56:00.0078 2820 Cdrom - ok

17:56:00.0078 2820 Changer - ok

17:56:00.0125 2820 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

17:56:00.0281 2820 CiSvc - ok

17:56:00.0296 2820 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:56:00.0484 2820 ClipSrv - ok

17:56:00.0562 2820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:56:00.0656 2820 clr_optimization_v2.0.50727_32 - ok

17:56:00.0703 2820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:56:00.0812 2820 clr_optimization_v4.0.30319_32 - ok

17:56:00.0828 2820 CmdIde - ok

17:56:00.0890 2820 cmuda (f262b92cd7e2f19a1bcb04f385c9d7be) C:\WINDOWS\system32\drivers\cmuda.sys

17:56:00.0953 2820 cmuda ( UnsignedFile.Multi.Generic ) - warning

17:56:00.0953 2820 cmuda - detected UnsignedFile.Multi.Generic (1)

17:56:00.0984 2820 CoachUsb (38d7513e99497eb26d3424ab1eea61cd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys

17:56:01.0015 2820 CoachUsb - ok

17:56:01.0046 2820 CoachVc (4c38e9d104e3e79073e6f27647994d3c) C:\WINDOWS\system32\DRIVERS\CoachVc.sys

17:56:01.0078 2820 CoachVc - ok

17:56:01.0078 2820 COMSysApp - ok

17:56:01.0125 2820 CoordinatorServiceHost - ok

17:56:01.0125 2820 Cpqarray - ok

17:56:01.0187 2820 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:56:01.0375 2820 CryptSvc - ok

17:56:01.0375 2820 dac2w2k - ok

17:56:01.0390 2820 dac960nt - ok

17:56:01.0437 2820 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:56:01.0531 2820 DcomLaunch - ok

17:56:01.0578 2820 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:56:01.0750 2820 Dhcp - ok

17:56:01.0781 2820 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:56:01.0953 2820 Disk - ok

17:56:01.0968 2820 dmadmin - ok

17:56:02.0031 2820 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:56:02.0203 2820 dmboot - ok

17:56:02.0250 2820 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:56:02.0406 2820 dmio - ok

17:56:02.0406 2820 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:56:02.0593 2820 dmload - ok

17:56:02.0640 2820 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:56:02.0828 2820 dmserver - ok

17:56:02.0843 2820 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:56:03.0015 2820 DMusic - ok

17:56:03.0062 2820 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

17:56:03.0140 2820 Dnscache - ok

17:56:03.0203 2820 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:56:03.0359 2820 Dot3svc - ok

17:56:03.0359 2820 dpti2o - ok

17:56:03.0375 2820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:56:03.0531 2820 drmkaud - ok

17:56:03.0562 2820 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:56:03.0734 2820 EapHost - ok

17:56:03.0765 2820 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:56:03.0921 2820 ERSvc - ok

17:56:03.0968 2820 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:56:03.0984 2820 Eventlog - ok

17:56:04.0031 2820 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

17:56:04.0109 2820 EventSystem - ok

17:56:04.0156 2820 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:56:04.0312 2820 Fastfat - ok

17:56:04.0375 2820 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:56:04.0421 2820 FastUserSwitchingCompatibility - ok

17:56:04.0453 2820 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:56:04.0640 2820 Fdc - ok

17:56:04.0671 2820 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:56:04.0843 2820 Fips - ok

17:56:04.0875 2820 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:56:05.0046 2820 Flpydisk - ok

17:56:05.0078 2820 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:56:05.0218 2820 FltMgr - ok

17:56:05.0328 2820 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:56:05.0359 2820 FontCache3.0.0.0 - ok

17:56:05.0390 2820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:56:05.0546 2820 Fs_Rec - ok

17:56:05.0562 2820 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:56:05.0703 2820 Ftdisk - ok

17:56:05.0734 2820 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

17:56:05.0875 2820 gameenum - ok

17:56:05.0906 2820 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:56:06.0046 2820 Gpc - ok

17:56:06.0156 2820 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:56:06.0171 2820 gupdate - ok

17:56:06.0187 2820 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:56:06.0203 2820 gupdatem - ok

17:56:06.0250 2820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

17:56:06.0265 2820 gusvc - ok

17:56:06.0343 2820 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:56:06.0531 2820 helpsvc - ok

17:56:06.0546 2820 HidServ - ok

17:56:06.0578 2820 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:56:06.0750 2820 hidusb - ok

17:56:06.0781 2820 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:56:06.0953 2820 hkmsvc - ok

17:56:06.0968 2820 hpn - ok

17:56:07.0015 2820 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:56:07.0046 2820 HTTP - ok

17:56:07.0078 2820 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:56:07.0265 2820 HTTPFilter - ok

17:56:07.0281 2820 i2omgmt - ok

17:56:07.0296 2820 i2omp - ok

17:56:07.0312 2820 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:56:07.0468 2820 i8042prt - ok

17:56:07.0531 2820 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:56:07.0609 2820 idsvc - ok

17:56:07.0625 2820 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:56:07.0781 2820 Imapi - ok

17:56:07.0828 2820 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:56:08.0000 2820 ImapiService - ok

17:56:08.0031 2820 ini910u - ok

17:56:08.0046 2820 IntelIde - ok

17:56:08.0093 2820 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:56:08.0265 2820 Ip6Fw - ok

17:56:08.0296 2820 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:56:08.0437 2820 IpFilterDriver - ok

17:56:08.0453 2820 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:56:08.0625 2820 IpInIp - ok

17:56:08.0656 2820 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:56:08.0812 2820 IpNat - ok

17:56:08.0828 2820 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:56:09.0000 2820 IPSec - ok

17:56:09.0031 2820 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:56:09.0093 2820 IRENUM - ok

17:56:09.0125 2820 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:56:09.0265 2820 isapnp - ok

17:56:09.0296 2820 iteio (3a495271ce703ebff717c66b6fcdd16a) C:\WINDOWS\system32\drivers\iteio.sys

17:56:09.0296 2820 iteio ( UnsignedFile.Multi.Generic ) - warning

17:56:09.0296 2820 iteio - detected UnsignedFile.Multi.Generic (1)

17:56:09.0328 2820 itsernum (d944c1cb1791f6032b576ffbeccce978) C:\WINDOWS\system32\DRIVERS\itsernum.sys

17:56:09.0359 2820 itsernum - ok

17:56:09.0468 2820 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

17:56:09.0484 2820 JavaQuickStarterService - ok

17:56:09.0515 2820 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:56:09.0671 2820 Kbdclass - ok

17:56:09.0703 2820 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:56:09.0875 2820 kmixer - ok

17:56:09.0906 2820 KMWDKUSB (9a77cdad654c01aa7780f6c52060b1e6) C:\WINDOWS\system32\Drivers\KMWDKUSB.sys

17:56:09.0906 2820 KMWDKUSB ( UnsignedFile.Multi.Generic ) - warning

17:56:09.0906 2820 KMWDKUSB - detected UnsignedFile.Multi.Generic (1)

17:56:09.0953 2820 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:56:10.0015 2820 KSecDD - ok

17:56:10.0062 2820 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

17:56:10.0109 2820 lanmanserver - ok

17:56:10.0125 2820 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

17:56:10.0171 2820 lanmanworkstation - ok

17:56:10.0187 2820 lbrtfdc - ok

17:56:10.0234 2820 LexBceS (027d03d9d8ab95194a115a999e960ac0) C:\WINDOWS\system32\LEXBCES.EXE

17:56:10.0312 2820 LexBceS - ok

17:56:10.0343 2820 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:56:10.0593 2820 LmHosts - ok

17:56:10.0640 2820 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

17:56:10.0828 2820 ltmodem5 - ok

17:56:10.0875 2820 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\6.tmp

17:56:10.0890 2820 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning

17:56:10.0890 2820 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)

17:56:10.0906 2820 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:56:11.0093 2820 Messenger - ok

17:56:11.0125 2820 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:56:11.0265 2820 mnmdd - ok

17:56:11.0296 2820 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

17:56:11.0468 2820 mnmsrvc - ok

17:56:11.0515 2820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:56:11.0671 2820 Modem - ok

17:56:11.0703 2820 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

17:56:11.0765 2820 motccgp - ok

17:56:11.0796 2820 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

17:56:11.0828 2820 motccgpfl - ok

17:56:11.0859 2820 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

17:56:11.0890 2820 motmodem - ok

17:56:11.0906 2820 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

17:56:11.0937 2820 motport - ok

17:56:11.0984 2820 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:56:12.0140 2820 Mouclass - ok

17:56:12.0171 2820 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:56:12.0312 2820 mouhid - ok

17:56:12.0328 2820 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:56:12.0500 2820 MountMgr - ok

17:56:12.0562 2820 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:56:12.0609 2820 MozillaMaintenance - ok

17:56:12.0656 2820 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

17:56:12.0671 2820 MpFilter - ok

17:56:12.0765 2820 MpKslad4c8342 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03AA7791-8914-4D08-BE58-017E1D2EEDD8}\MpKslad4c8342.sys

17:56:12.0781 2820 MpKslad4c8342 - ok

17:56:12.0781 2820 mraid35x - ok

17:56:12.0828 2820 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:56:12.0968 2820 MRxDAV - ok

17:56:13.0031 2820 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:56:13.0125 2820 MRxSmb - ok

17:56:13.0187 2820 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

17:56:13.0328 2820 MSDTC - ok

17:56:13.0406 2820 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:56:13.0656 2820 Msfs - ok

17:56:13.0671 2820 MSIServer - ok

17:56:13.0703 2820 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:56:13.0859 2820 MSKSSRV - ok

17:56:13.0937 2820 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

17:56:13.0984 2820 MsMpSvc - ok

17:56:14.0015 2820 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:56:14.0156 2820 MSPCLOCK - ok

17:56:14.0187 2820 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:56:14.0328 2820 MSPQM - ok

17:56:14.0343 2820 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:56:14.0500 2820 mssmbios - ok

17:56:14.0531 2820 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:56:14.0656 2820 MSTEE - ok

17:56:14.0812 2820 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

17:56:14.0984 2820 msvsmon80 - ok

17:56:15.0093 2820 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

17:56:15.0265 2820 ms_mpu401 - ok

17:56:15.0312 2820 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:56:15.0359 2820 Mup - ok

17:56:15.0421 2820 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:56:15.0562 2820 NABTSFEC - ok

17:56:15.0609 2820 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:56:15.0750 2820 napagent - ok

17:56:15.0796 2820 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:56:15.0937 2820 NDIS - ok

17:56:15.0968 2820 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:56:16.0109 2820 NdisIP - ok

17:56:16.0156 2820 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:56:16.0171 2820 NdisTapi - ok

17:56:16.0218 2820 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:56:16.0375 2820 Ndisuio - ok

17:56:16.0390 2820 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:56:16.0546 2820 NdisWan - ok

17:56:16.0578 2820 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:56:16.0625 2820 NDProxy - ok

17:56:16.0640 2820 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:56:16.0796 2820 NetBIOS - ok

17:56:16.0843 2820 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:56:17.0000 2820 NetBT - ok

17:56:17.0031 2820 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:56:17.0171 2820 NetDDE - ok

17:56:17.0171 2820 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:56:17.0328 2820 NetDDEdsdm - ok

17:56:17.0359 2820 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:56:17.0531 2820 Netlogon - ok

17:56:17.0578 2820 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:56:17.0718 2820 Netman - ok

17:56:17.0812 2820 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:56:17.0843 2820 NetTcpPortSharing - ok

17:56:17.0890 2820 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

17:56:17.0921 2820 Nla - ok

17:56:17.0968 2820 nlsX86cc (23688f610a5a16dd8b4d93d2f7bd44f6) C:\WINDOWS\system32\NLSSRV32.EXE

17:56:17.0984 2820 nlsX86cc - ok

17:56:18.0015 2820 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:56:18.0171 2820 Npfs - ok

17:56:18.0218 2820 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:56:18.0359 2820 Ntfs - ok

17:56:18.0390 2820 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:56:18.0515 2820 NtLmSsp - ok

17:56:18.0562 2820 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:56:18.0734 2820 NtmsSvc - ok

17:56:18.0765 2820 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:56:18.0906 2820 Null - ok

17:56:18.0937 2820 nvatabus (04ef5690ac54924cf745a4a2d1fbf9c1) C:\WINDOWS\system32\DRIVERS\nvatabus.sys

17:56:18.0953 2820 nvatabus ( UnsignedFile.Multi.Generic ) - warning

17:56:18.0953 2820 nvatabus - detected UnsignedFile.Multi.Generic (1)

17:56:18.0984 2820 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys

17:56:19.0015 2820 NVENET - ok

17:56:19.0046 2820 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

17:56:19.0078 2820 nv_agp - ok

17:56:19.0109 2820 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:56:19.0250 2820 NwlnkFlt - ok

17:56:19.0281 2820 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:56:19.0437 2820 NwlnkFwd - ok

17:56:19.0453 2820 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:56:19.0578 2820 Parport - ok

17:56:19.0609 2820 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:56:19.0750 2820 PartMgr - ok

17:56:19.0796 2820 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:56:19.0937 2820 ParVdm - ok

17:56:19.0953 2820 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:56:20.0093 2820 PCI - ok

17:56:20.0109 2820 PCIDump - ok

17:56:20.0125 2820 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:56:20.0250 2820 PCIIde - ok

17:56:20.0296 2820 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:56:20.0437 2820 Pcmcia - ok

17:56:20.0453 2820 PDCOMP - ok

17:56:20.0468 2820 PDFRAME - ok

17:56:20.0468 2820 PDRELI - ok

17:56:20.0484 2820 PDRFRAME - ok

17:56:20.0500 2820 perc2 - ok

17:56:20.0515 2820 perc2hib - ok

17:56:20.0578 2820 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:56:20.0609 2820 PlugPlay - ok

17:56:20.0625 2820 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:56:20.0765 2820 PolicyAgent - ok

17:56:20.0796 2820 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:56:20.0968 2820 PptpMiniport - ok

17:56:20.0984 2820 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:56:21.0109 2820 Processor - ok

17:56:21.0125 2820 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:56:21.0281 2820 ProtectedStorage - ok

17:56:21.0296 2820 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:56:21.0437 2820 PSched - ok

17:56:21.0468 2820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:56:21.0609 2820 Ptilink - ok

17:56:21.0640 2820 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:56:21.0656 2820 PxHelp20 - ok

17:56:21.0671 2820 ql1080 - ok

17:56:21.0687 2820 Ql10wnt - ok

17:56:21.0703 2820 ql12160 - ok

17:56:21.0703 2820 ql1240 - ok

17:56:21.0718 2820 ql1280 - ok

17:56:21.0750 2820 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:56:21.0890 2820 RasAcd - ok

17:56:21.0921 2820 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:56:22.0062 2820 RasAuto - ok

17:56:22.0093 2820 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:56:22.0218 2820 Rasl2tp - ok

17:56:22.0265 2820 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:56:22.0421 2820 RasMan - ok

17:56:22.0437 2820 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:56:22.0578 2820 RasPppoe - ok

17:56:22.0593 2820 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:56:22.0734 2820 Raspti - ok

17:56:22.0781 2820 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:56:22.0921 2820 Rdbss - ok

17:56:22.0921 2820 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:56:23.0078 2820 RDPCDD - ok

17:56:23.0093 2820 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:56:23.0234 2820 rdpdr - ok

17:56:23.0281 2820 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:56:23.0328 2820 RDPWD - ok

17:56:23.0375 2820 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:56:23.0531 2820 RDSessMgr - ok

17:56:23.0546 2820 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:56:23.0703 2820 redbook - ok

17:56:23.0734 2820 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:56:23.0875 2820 RemoteAccess - ok

17:56:23.0921 2820 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

17:56:24.0078 2820 RemoteRegistry - ok

17:56:24.0109 2820 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

17:56:24.0250 2820 RpcLocator - ok

17:56:24.0296 2820 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:56:24.0343 2820 RpcSs - ok

17:56:24.0421 2820 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

17:56:24.0562 2820 RSVP - ok

17:56:24.0609 2820 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:56:24.0750 2820 SamSs - ok

17:56:24.0843 2820 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

17:56:24.0875 2820 SASDIFSV - ok

17:56:24.0890 2820 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

17:56:24.0906 2820 SASKUTIL - ok

17:56:24.0937 2820 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREDrv.sys

17:56:24.0953 2820 SBRE - ok

17:56:24.0984 2820 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:56:25.0140 2820 SCardSvr - ok

17:56:25.0171 2820 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:56:25.0328 2820 Schedule - ok

17:56:25.0375 2820 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:56:25.0437 2820 Secdrv - ok

17:56:25.0437 2820 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:56:25.0609 2820 seclogon - ok

17:56:25.0640 2820 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:56:25.0796 2820 SENS - ok

17:56:25.0843 2820 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:56:25.0968 2820 serenum - ok

17:56:25.0984 2820 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:56:26.0109 2820 Serial - ok

17:56:26.0171 2820 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

17:56:26.0312 2820 Sfloppy - ok

17:56:26.0359 2820 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:56:26.0531 2820 SharedAccess - ok

17:56:26.0562 2820 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:56:26.0578 2820 ShellHWDetection - ok

17:56:26.0593 2820 Simbad - ok

17:56:26.0625 2820 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:56:26.0765 2820 SLIP - ok

17:56:26.0859 2820 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

17:56:32.0781 2820 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning

17:56:32.0781 2820 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)

17:56:32.0796 2820 Sparrow - ok

17:56:32.0828 2820 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:56:32.0984 2820 splitter - ok

17:56:33.0015 2820 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:56:33.0046 2820 Spooler - ok

17:56:33.0062 2820 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:56:33.0125 2820 sr - ok

17:56:33.0140 2820 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:56:33.0218 2820 srservice - ok

17:56:33.0265 2820 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:56:33.0328 2820 Srv - ok

17:56:33.0484 2820 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:56:33.0562 2820 SSDPSRV - ok

17:56:33.0593 2820 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:56:33.0765 2820 stisvc - ok

17:56:33.0796 2820 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:56:33.0921 2820 streamip - ok

17:56:33.0953 2820 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:56:34.0093 2820 swenum - ok

17:56:34.0125 2820 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:56:34.0265 2820 swmidi - ok

17:56:34.0281 2820 SwPrv - ok

17:56:34.0296 2820 symc810 - ok

17:56:34.0312 2820 symc8xx - ok

17:56:34.0328 2820 sym_hi - ok

17:56:34.0343 2820 sym_u3 - ok

17:56:34.0375 2820 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:56:34.0515 2820 sysaudio - ok

17:56:34.0546 2820 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:56:34.0687 2820 SysmonLog - ok

17:56:34.0718 2820 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:56:34.0843 2820 TapiSrv - ok

17:56:34.0906 2820 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:56:34.0953 2820 Tcpip - ok

17:56:34.0984 2820 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:56:35.0125 2820 TDPIPE - ok

17:56:35.0156 2820 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:56:35.0281 2820 TDTCP - ok

17:56:35.0312 2820 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:56:35.0453 2820 TermDD - ok

17:56:35.0500 2820 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:56:35.0656 2820 TermService - ok

17:56:35.0687 2820 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:56:35.0703 2820 Themes - ok

17:56:35.0734 2820 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

17:56:35.0828 2820 TlntSvr - ok

17:56:35.0843 2820 TosIde - ok

17:56:35.0875 2820 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:56:36.0031 2820 TrkWks - ok

17:56:36.0062 2820 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys

17:56:36.0062 2820 TrueSight ( UnsignedFile.Multi.Generic ) - warning

17:56:36.0062 2820 TrueSight - detected UnsignedFile.Multi.Generic (1)

17:56:36.0093 2820 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:56:36.0234 2820 Udfs - ok

17:56:36.0234 2820 ultra - ok

17:56:36.0296 2820 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:56:36.0453 2820 Update - ok

17:56:36.0515 2820 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe

17:56:36.0546 2820 UPHClean ( UnsignedFile.Multi.Generic ) - warning

17:56:36.0546 2820 UPHClean - detected UnsignedFile.Multi.Generic (1)

17:56:36.0593 2820 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:56:36.0671 2820 upnphost - ok

17:56:36.0703 2820 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:56:36.0843 2820 UPS - ok

17:56:36.0890 2820 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:56:37.0015 2820 usbehci - ok

17:56:37.0062 2820 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:56:37.0187 2820 usbhub - ok

17:56:37.0203 2820 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:56:37.0343 2820 usbohci - ok

17:56:37.0359 2820 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:56:37.0531 2820 usbprint - ok

17:56:37.0578 2820 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:56:37.0734 2820 usbscan - ok

17:56:37.0765 2820 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:56:37.0890 2820 USBSTOR - ok

17:56:37.0937 2820 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:56:38.0078 2820 VgaSave - ok

17:56:38.0093 2820 ViaIde - ok

17:56:38.0125 2820 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:56:38.0250 2820 VolSnap - ok

17:56:38.0312 2820 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:56:38.0390 2820 VSS - ok

17:56:38.0421 2820 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:56:38.0562 2820 W32Time - ok

17:56:38.0609 2820 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:56:38.0781 2820 Wanarp - ok

17:56:38.0859 2820 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

17:56:38.0890 2820 Wdf01000 - ok

17:56:38.0890 2820 WDICA - ok

17:56:38.0921 2820 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:56:39.0062 2820 wdmaud - ok

17:56:39.0093 2820 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:56:39.0265 2820 WebClient - ok

17:56:39.0359 2820 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:56:39.0687 2820 winmgmt - ok

17:56:39.0734 2820 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

17:56:39.0781 2820 WmdmPmSN - ok

17:56:39.0828 2820 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

17:56:39.0906 2820 Wmi - ok

17:56:39.0937 2820 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:56:40.0093 2820 WmiApSrv - ok

17:56:40.0218 2820 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

17:56:40.0265 2820 WMPNetworkSvc - ok

17:56:40.0515 2820 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:56:40.0593 2820 WPFFontCache_v0400 - ok

17:56:40.0687 2820 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

17:56:40.0843 2820 wscsvc - ok

17:56:40.0890 2820 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:56:41.0031 2820 WSTCODEC - ok

17:56:41.0062 2820 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:56:41.0187 2820 wuauserv - ok

17:56:41.0218 2820 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:56:41.0250 2820 WudfPf - ok

17:56:41.0281 2820 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:56:41.0312 2820 WudfRd - ok

17:56:41.0343 2820 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

17:56:41.0390 2820 WudfSvc - ok

17:56:41.0453 2820 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:56:41.0609 2820 WZCSVC - ok

17:56:41.0640 2820 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:56:41.0828 2820 xmlprov - ok

17:56:41.0937 2820 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

17:56:41.0984 2820 YahooAUService - ok

17:56:42.0015 2820 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:56:42.0390 2820 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:56:42.0390 2820 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:56:42.0421 2820 Boot (0x1200) (c11d370388720dfeda1b6e8759995e0a) \Device\Harddisk0\DR0\Partition0

17:56:42.0421 2820 \Device\Harddisk0\DR0\Partition0 - ok

17:56:42.0437 2820 Boot (0x1200) (e068d14c3685bb0bf5676fc159b0ac0b) \Device\Harddisk0\DR0\Partition1

17:56:42.0437 2820 \Device\Harddisk0\DR0\Partition1 - ok

17:56:42.0453 2820 ============================================================

17:56:42.0453 2820 Scan finished

17:56:42.0453 2820 ============================================================

17:56:42.0562 2892 Detected object count: 12

17:56:42.0562 2892 Actual detected object count: 12

18:01:22.0531 2892 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0531 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0531 2892 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0531 2892 cmuda ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 cmuda ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0531 2892 iteio ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 iteio ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0531 2892 KMWDKUSB ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0531 2892 KMWDKUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0546 2892 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0546 2892 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0546 2892 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0546 2892 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0546 2892 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0546 2892 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0546 2892 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0546 2892 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0546 2892 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user

18:01:22.0546 2892 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:01:22.0578 2892 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:01:22.0609 2892 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:01:22.0843 2892 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:01:23.0031 2892 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:01:33.0500 2892 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:01:34.0109 2892 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:01:34.0171 2892 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:01:34.0343 2892 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:01:34.0531 2892 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:01:34.0875 2892 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:01:35.0093 2892 \Device\Harddisk0\DR0\TDLFS - deleted

18:01:35.0093 2892 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

18:02:46.0515 2828 Deinitialize success

Link to post
Share on other sites

do I delete all 5 files that have chcek marks by them ?

Yes!!!

--------------------------------

Good....TDSSKiller cleaned out the infection.

Next.............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

when I run combofix am I supposed to be off line ? If I am supposed to disable windows firewall and all virous protection

I assume the answer is yes ?

You can be online.

Firewall can be left on

Disable all anti-virus programs running.

MrC

Link to post
Share on other sites

have tried running in safe mode and in adminstrator mode and the combofix goes through all steps up to when the scan starts .

Combofix scans for approx 2 minutes and then stops ! The yellow curser is blinking all the time . I even tried renaming combofix to Lexplorer.com and got the same results. I ran combofix from 2AM last night till 615 AM this morning. The yellow curser was blinking when I went to bed at 330AM and when I checked it at 6AM there was no yellow curser on screen. So now I am turning of computer at 645AM and going back to bed ! Any recomendations ?

Thanks

Link to post
Share on other sites

840 AM scan results

08:34:12.0125 3376 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

08:34:12.0343 3376 ============================================================

08:34:12.0343 3376 Current date / time: 2012/05/20 08:34:12.0343

08:34:12.0343 3376 SystemInfo:

08:34:12.0343 3376

08:34:12.0343 3376 OS Version: 5.1.2600 ServicePack: 3.0

08:34:12.0343 3376 Product type: Workstation

08:34:12.0343 3376 ComputerName: HOTROD

08:34:12.0343 3376 UserName: bobby

08:34:12.0343 3376 Windows directory: C:\WINDOWS

08:34:12.0343 3376 System windows directory: C:\WINDOWS

08:34:12.0343 3376 Processor architecture: Intel x86

08:34:12.0343 3376 Number of processors: 1

08:34:12.0343 3376 Page size: 0x1000

08:34:12.0343 3376 Boot type: Normal boot

08:34:12.0343 3376 ============================================================

08:34:13.0234 3376 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:34:13.0234 3376 ============================================================

08:34:13.0234 3376 \Device\Harddisk0\DR0:

08:34:13.0234 3376 MBR partitions:

08:34:13.0234 3376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB88210C

08:34:13.0234 3376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB88214B, BlocksNum 0xC35318D

08:34:13.0234 3376 ============================================================

08:34:13.0312 3376 C: <-> \Device\Harddisk0\DR0\Partition0

08:34:13.0593 3376 D: <-> \Device\Harddisk0\DR0\Partition1

08:34:13.0593 3376 ============================================================

08:34:13.0593 3376 Initialize success

08:34:13.0593 3376 ============================================================

08:34:24.0140 0272 ============================================================

08:34:24.0140 0272 Scan started

08:34:24.0140 0272 Mode: Manual; SigCheck; TDLFS;

08:34:24.0140 0272 ============================================================

08:34:24.0406 0272 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:34:24.0546 0272 !SASCORE - ok

08:34:24.0687 0272 49653951 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\49653951.sys

08:34:24.0828 0272 49653951 - ok

08:34:24.0890 0272 49653952 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\49653952.sys

08:34:24.0890 0272 49653952 - ok

08:34:24.0953 0272 85656581 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\85656581.sys

08:34:24.0953 0272 85656581 - ok

08:34:24.0968 0272 85656582 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\85656582.sys

08:34:24.0984 0272 85656582 - ok

08:34:25.0000 0272 Abiosdsk - ok

08:34:25.0000 0272 abp480n5 - ok

08:34:25.0046 0272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:34:26.0906 0272 ACPI - ok

08:34:26.0937 0272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:34:27.0093 0272 ACPIEC - ok

08:34:27.0218 0272 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:34:27.0234 0272 AdobeFlashPlayerUpdateSvc - ok

08:34:27.0250 0272 adpu160m - ok

08:34:27.0312 0272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:34:27.0437 0272 aec - ok

08:34:27.0531 0272 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:34:27.0593 0272 AFD - ok

08:34:27.0609 0272 Aha154x - ok

08:34:27.0609 0272 aic78u2 - ok

08:34:27.0625 0272 aic78xx - ok

08:34:27.0671 0272 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

08:34:27.0828 0272 Alerter - ok

08:34:27.0859 0272 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

08:34:27.0906 0272 ALG - ok

08:34:27.0921 0272 AliIde - ok

08:34:27.0921 0272 amsint - ok

08:34:27.0968 0272 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

08:34:28.0046 0272 AppMgmt - ok

08:34:28.0046 0272 asc - ok

08:34:28.0062 0272 asc3350p - ok

08:34:28.0078 0272 asc3550 - ok

08:34:28.0187 0272 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

08:34:28.0187 0272 aspnet_state - ok

08:34:28.0234 0272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:34:28.0375 0272 AsyncMac - ok

08:34:28.0390 0272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:34:28.0562 0272 atapi - ok

08:34:28.0578 0272 Atdisk - ok

08:34:28.0640 0272 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe

08:34:28.0687 0272 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning

08:34:28.0687 0272 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)

08:34:28.0750 0272 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe

08:34:28.0765 0272 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

08:34:28.0765 0272 ATI Smart - detected UnsignedFile.Multi.Generic (1)

08:34:28.0921 0272 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

08:34:29.0625 0272 ati2mtag ( UnsignedFile.Multi.Generic ) - warning

08:34:29.0625 0272 ati2mtag - detected UnsignedFile.Multi.Generic (1)

08:34:29.0765 0272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:34:29.0937 0272 Atmarpc - ok

08:34:29.0968 0272 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

08:34:30.0171 0272 AudioSrv - ok

08:34:30.0203 0272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:34:30.0359 0272 audstub - ok

08:34:30.0390 0272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:34:30.0562 0272 Beep - ok

08:34:30.0609 0272 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

08:34:30.0812 0272 BITS - ok

08:34:30.0843 0272 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

08:34:31.0046 0272 Browser - ok

08:34:31.0140 0272 catchme - ok

08:34:31.0171 0272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:34:31.0343 0272 cbidf2k - ok

08:34:31.0359 0272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:34:31.0531 0272 CCDECODE - ok

08:34:31.0531 0272 cd20xrnt - ok

08:34:31.0562 0272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:34:31.0750 0272 Cdaudio - ok

08:34:31.0781 0272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:34:31.0984 0272 Cdfs - ok

08:34:32.0000 0272 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:34:32.0187 0272 Cdrom - ok

08:34:32.0203 0272 Changer - ok

08:34:32.0250 0272 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

08:34:32.0406 0272 CiSvc - ok

08:34:32.0421 0272 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

08:34:32.0625 0272 ClipSrv - ok

08:34:32.0703 0272 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:34:32.0828 0272 clr_optimization_v2.0.50727_32 - ok

08:34:32.0875 0272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:34:32.0984 0272 clr_optimization_v4.0.30319_32 - ok

08:34:32.0984 0272 CmdIde - ok

08:34:33.0062 0272 cmuda (f262b92cd7e2f19a1bcb04f385c9d7be) C:\WINDOWS\system32\drivers\cmuda.sys

08:34:33.0171 0272 cmuda ( UnsignedFile.Multi.Generic ) - warning

08:34:33.0171 0272 cmuda - detected UnsignedFile.Multi.Generic (1)

08:34:33.0203 0272 CoachUsb (38d7513e99497eb26d3424ab1eea61cd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys

08:34:33.0250 0272 CoachUsb - ok

08:34:33.0265 0272 CoachVc (4c38e9d104e3e79073e6f27647994d3c) C:\WINDOWS\system32\DRIVERS\CoachVc.sys

08:34:33.0328 0272 CoachVc - ok

08:34:33.0328 0272 COMSysApp - ok

08:34:33.0375 0272 CoordinatorServiceHost - ok

08:34:33.0390 0272 Cpqarray - ok

08:34:33.0437 0272 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

08:34:33.0609 0272 CryptSvc - ok

08:34:33.0609 0272 dac2w2k - ok

08:34:33.0625 0272 dac960nt - ok

08:34:33.0671 0272 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:34:33.0765 0272 DcomLaunch - ok

08:34:33.0812 0272 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

08:34:34.0000 0272 Dhcp - ok

08:34:34.0031 0272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:34:34.0234 0272 Disk - ok

08:34:34.0234 0272 dmadmin - ok

08:34:34.0296 0272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:34:34.0484 0272 dmboot - ok

08:34:34.0500 0272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:34:34.0718 0272 dmio - ok

08:34:34.0750 0272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:34:34.0921 0272 dmload - ok

08:34:34.0968 0272 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

08:34:35.0156 0272 dmserver - ok

08:34:35.0171 0272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:34:35.0359 0272 DMusic - ok

08:34:35.0406 0272 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

08:34:35.0453 0272 Dnscache - ok

08:34:35.0531 0272 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

08:34:35.0718 0272 Dot3svc - ok

08:34:35.0718 0272 dpti2o - ok

08:34:35.0734 0272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:34:35.0890 0272 drmkaud - ok

08:34:35.0937 0272 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

08:34:36.0140 0272 EapHost - ok

08:34:36.0171 0272 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

08:34:36.0343 0272 ERSvc - ok

08:34:36.0390 0272 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:34:36.0406 0272 Eventlog - ok

08:34:36.0453 0272 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

08:34:36.0546 0272 EventSystem - ok

08:34:36.0593 0272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:34:36.0765 0272 Fastfat - ok

08:34:36.0812 0272 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:34:36.0843 0272 FastUserSwitchingCompatibility - ok

08:34:36.0875 0272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:34:37.0078 0272 Fdc - ok

08:34:37.0109 0272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:34:37.0296 0272 Fips - ok

08:34:37.0328 0272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:34:37.0531 0272 Flpydisk - ok

08:34:37.0562 0272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:34:37.0734 0272 FltMgr - ok

08:34:37.0828 0272 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:34:37.0843 0272 FontCache3.0.0.0 - ok

08:34:37.0875 0272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:34:38.0031 0272 Fs_Rec - ok

08:34:38.0046 0272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:34:38.0234 0272 Ftdisk - ok

08:34:38.0250 0272 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

08:34:38.0437 0272 gameenum - ok

08:34:38.0468 0272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:34:38.0671 0272 Gpc - ok

08:34:38.0765 0272 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

08:34:38.0796 0272 gupdate - ok

08:34:38.0796 0272 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

08:34:38.0812 0272 gupdatem - ok

08:34:38.0843 0272 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:34:38.0859 0272 gusvc - ok

08:34:38.0937 0272 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:34:39.0125 0272 helpsvc - ok

08:34:39.0140 0272 HidServ - ok

08:34:39.0171 0272 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:34:39.0359 0272 hidusb - ok

08:34:39.0390 0272 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

08:34:39.0562 0272 hkmsvc - ok

08:34:39.0562 0272 hpn - ok

08:34:39.0609 0272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:34:39.0656 0272 HTTP - ok

08:34:39.0687 0272 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

08:34:39.0875 0272 HTTPFilter - ok

08:34:39.0890 0272 i2omgmt - ok

08:34:39.0890 0272 i2omp - ok

08:34:39.0921 0272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:34:40.0109 0272 i8042prt - ok

08:34:40.0156 0272 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:34:40.0250 0272 idsvc - ok

08:34:40.0265 0272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:34:40.0453 0272 Imapi - ok

08:34:40.0515 0272 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

08:34:40.0718 0272 ImapiService - ok

08:34:40.0734 0272 ini910u - ok

08:34:40.0750 0272 IntelIde - ok

08:34:40.0781 0272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:34:40.0937 0272 Ip6Fw - ok

08:34:40.0968 0272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:34:41.0140 0272 IpFilterDriver - ok

08:34:41.0171 0272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:34:41.0343 0272 IpInIp - ok

08:34:41.0375 0272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:34:41.0546 0272 IpNat - ok

08:34:41.0578 0272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:34:41.0734 0272 IPSec - ok

08:34:41.0765 0272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:34:41.0828 0272 IRENUM - ok

08:34:41.0859 0272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:34:42.0015 0272 isapnp - ok

08:34:42.0062 0272 iteio (3a495271ce703ebff717c66b6fcdd16a) C:\WINDOWS\system32\drivers\iteio.sys

08:34:42.0093 0272 iteio ( UnsignedFile.Multi.Generic ) - warning

08:34:42.0093 0272 iteio - detected UnsignedFile.Multi.Generic (1)

08:34:42.0109 0272 itsernum (d944c1cb1791f6032b576ffbeccce978) C:\WINDOWS\system32\DRIVERS\itsernum.sys

08:34:42.0171 0272 itsernum - ok

08:34:42.0265 0272 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

08:34:42.0281 0272 JavaQuickStarterService - ok

08:34:42.0312 0272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:34:42.0515 0272 Kbdclass - ok

08:34:42.0531 0272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:34:42.0703 0272 kmixer - ok

08:34:42.0734 0272 KMWDKUSB (9a77cdad654c01aa7780f6c52060b1e6) C:\WINDOWS\system32\Drivers\KMWDKUSB.sys

08:34:42.0796 0272 KMWDKUSB ( UnsignedFile.Multi.Generic ) - warning

08:34:42.0796 0272 KMWDKUSB - detected UnsignedFile.Multi.Generic (1)

08:34:42.0828 0272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:34:42.0906 0272 KSecDD - ok

08:34:42.0953 0272 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

08:34:43.0015 0272 lanmanserver - ok

08:34:43.0031 0272 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

08:34:43.0078 0272 lanmanworkstation - ok

08:34:43.0093 0272 lbrtfdc - ok

08:34:43.0140 0272 LexBceS (027d03d9d8ab95194a115a999e960ac0) C:\WINDOWS\system32\LEXBCES.EXE

08:34:43.0218 0272 LexBceS - ok

08:34:43.0265 0272 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

08:34:43.0453 0272 LmHosts - ok

08:34:43.0546 0272 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

08:34:43.0734 0272 ltmodem5 - ok

08:34:43.0796 0272 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\6.tmp

08:34:43.0812 0272 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning

08:34:43.0812 0272 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)

08:34:43.0843 0272 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

08:34:44.0000 0272 Messenger - ok

08:34:44.0031 0272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:34:44.0156 0272 mnmdd - ok

08:34:44.0187 0272 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

08:34:44.0390 0272 mnmsrvc - ok

08:34:44.0437 0272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:34:44.0578 0272 Modem - ok

08:34:44.0625 0272 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

08:34:44.0703 0272 motccgp - ok

08:34:44.0734 0272 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

08:34:44.0781 0272 motccgpfl - ok

08:34:44.0812 0272 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

08:34:44.0843 0272 motmodem - ok

08:34:44.0843 0272 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

08:34:44.0875 0272 motport - ok

08:34:44.0921 0272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:34:45.0093 0272 Mouclass - ok

08:34:45.0125 0272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:34:45.0296 0272 mouhid - ok

08:34:45.0312 0272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:34:45.0468 0272 MountMgr - ok

08:34:45.0562 0272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:34:45.0593 0272 MozillaMaintenance - ok

08:34:45.0609 0272 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

08:34:45.0640 0272 MpFilter - ok

08:34:45.0734 0272 MpKsl1066ee92 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7055CB4B-9CDD-41D2-B92E-69AFCDF87C3E}\MpKsl1066ee92.sys

08:34:45.0734 0272 MpKsl1066ee92 - ok

08:34:45.0750 0272 mraid35x - ok

08:34:45.0765 0272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:34:45.0921 0272 MRxDAV - ok

08:34:45.0968 0272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:34:46.0078 0272 MRxSmb - ok

08:34:46.0125 0272 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

08:34:46.0281 0272 MSDTC - ok

08:34:46.0343 0272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:34:46.0484 0272 Msfs - ok

08:34:46.0500 0272 MSIServer - ok

08:34:46.0515 0272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:34:46.0703 0272 MSKSSRV - ok

08:34:46.0781 0272 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

08:34:46.0796 0272 MsMpSvc - ok

08:34:46.0828 0272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:34:46.0968 0272 MSPCLOCK - ok

08:34:47.0000 0272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:34:47.0171 0272 MSPQM - ok

08:34:47.0187 0272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:34:47.0359 0272 mssmbios - ok

08:34:47.0390 0272 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:34:47.0546 0272 MSTEE - ok

08:34:47.0812 0272 msvsmon80 (73fa09b84b23a1897809a84f976d5d99) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe

08:34:47.0984 0272 msvsmon80 - ok

08:34:48.0093 0272 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

08:34:48.0250 0272 ms_mpu401 - ok

08:34:48.0296 0272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:34:48.0343 0272 Mup - ok

08:34:48.0375 0272 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:34:48.0562 0272 NABTSFEC - ok

08:34:48.0609 0272 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

08:34:48.0750 0272 napagent - ok

08:34:48.0796 0272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:34:48.0953 0272 NDIS - ok

08:34:48.0984 0272 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:34:49.0171 0272 NdisIP - ok

08:34:49.0203 0272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:34:49.0234 0272 NdisTapi - ok

08:34:49.0281 0272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:34:49.0437 0272 Ndisuio - ok

08:34:49.0453 0272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:34:49.0609 0272 NdisWan - ok

08:34:49.0640 0272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:34:49.0687 0272 NDProxy - ok

08:34:49.0703 0272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:34:49.0890 0272 NetBIOS - ok

08:34:49.0953 0272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:34:50.0093 0272 NetBT - ok

08:34:50.0140 0272 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:34:50.0281 0272 NetDDE - ok

08:34:50.0296 0272 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:34:50.0468 0272 NetDDEdsdm - ok

08:34:50.0500 0272 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:34:50.0687 0272 Netlogon - ok

08:34:50.0734 0272 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

08:34:50.0875 0272 Netman - ok

08:34:50.0968 0272 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:34:50.0984 0272 NetTcpPortSharing - ok

08:34:51.0031 0272 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

08:34:51.0062 0272 Nla - ok

08:34:51.0109 0272 nlsX86cc (23688f610a5a16dd8b4d93d2f7bd44f6) C:\WINDOWS\system32\NLSSRV32.EXE

08:34:51.0140 0272 nlsX86cc - ok

08:34:51.0156 0272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:34:51.0343 0272 Npfs - ok

08:34:51.0390 0272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:34:51.0562 0272 Ntfs - ok

08:34:51.0578 0272 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:34:51.0734 0272 NtLmSsp - ok

08:34:51.0781 0272 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

08:34:51.0921 0272 NtmsSvc - ok

08:34:51.0968 0272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:34:52.0125 0272 Null - ok

08:34:52.0171 0272 nvatabus (04ef5690ac54924cf745a4a2d1fbf9c1) C:\WINDOWS\system32\DRIVERS\nvatabus.sys

08:34:52.0187 0272 nvatabus ( UnsignedFile.Multi.Generic ) - warning

08:34:52.0187 0272 nvatabus - detected UnsignedFile.Multi.Generic (1)

08:34:52.0203 0272 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys

08:34:52.0250 0272 NVENET - ok

08:34:52.0281 0272 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

08:34:52.0328 0272 nv_agp - ok

08:34:52.0359 0272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:34:52.0515 0272 NwlnkFlt - ok

08:34:52.0546 0272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:34:52.0703 0272 NwlnkFwd - ok

08:34:52.0734 0272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:34:52.0875 0272 Parport - ok

08:34:52.0906 0272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:34:53.0093 0272 PartMgr - ok

08:34:53.0125 0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:34:53.0265 0272 ParVdm - ok

08:34:53.0281 0272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:34:53.0453 0272 PCI - ok

08:34:53.0453 0272 PCIDump - ok

08:34:53.0515 0272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:34:53.0656 0272 PCIIde - ok

08:34:53.0671 0272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:34:53.0812 0272 Pcmcia - ok

08:34:53.0828 0272 PDCOMP - ok

08:34:53.0828 0272 PDFRAME - ok

08:34:53.0843 0272 PDRELI - ok

08:34:53.0859 0272 PDRFRAME - ok

08:34:53.0875 0272 perc2 - ok

08:34:53.0890 0272 perc2hib - ok

08:34:54.0031 0272 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE

08:34:54.0328 0272 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning

08:34:54.0328 0272 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)

08:34:54.0375 0272 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:34:54.0406 0272 PlugPlay - ok

08:34:54.0437 0272 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:34:54.0593 0272 PolicyAgent - ok

08:34:54.0625 0272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:34:54.0750 0272 PptpMiniport - ok

08:34:54.0781 0272 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:34:54.0968 0272 Processor - ok

08:34:54.0968 0272 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:34:55.0125 0272 ProtectedStorage - ok

08:34:55.0125 0272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:34:55.0312 0272 PSched - ok

08:34:55.0328 0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:34:55.0515 0272 Ptilink - ok

08:34:55.0546 0272 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:34:55.0562 0272 PxHelp20 - ok

08:34:55.0578 0272 ql1080 - ok

08:34:55.0593 0272 Ql10wnt - ok

08:34:55.0593 0272 ql12160 - ok

08:34:55.0609 0272 ql1240 - ok

08:34:55.0625 0272 ql1280 - ok

08:34:55.0640 0272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:34:55.0750 0272 RasAcd - ok

08:34:55.0796 0272 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

08:34:55.0953 0272 RasAuto - ok

08:34:55.0968 0272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:34:56.0125 0272 Rasl2tp - ok

08:34:56.0156 0272 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

08:34:56.0312 0272 RasMan - ok

08:34:56.0312 0272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:34:56.0468 0272 RasPppoe - ok

08:34:56.0484 0272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:34:56.0640 0272 Raspti - ok

08:34:56.0687 0272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:34:56.0843 0272 Rdbss - ok

08:34:56.0843 0272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:34:56.0984 0272 RDPCDD - ok

08:34:57.0015 0272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:34:57.0156 0272 rdpdr - ok

08:34:57.0218 0272 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

08:34:57.0281 0272 RDPWD - ok

08:34:57.0328 0272 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

08:34:57.0484 0272 RDSessMgr - ok

08:34:57.0515 0272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:34:57.0687 0272 redbook - ok

08:34:57.0718 0272 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

08:34:57.0875 0272 RemoteAccess - ok

08:34:57.0921 0272 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

08:34:58.0062 0272 RemoteRegistry - ok

08:34:58.0109 0272 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

08:34:58.0250 0272 RpcLocator - ok

08:34:58.0296 0272 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:34:58.0343 0272 RpcSs - ok

08:34:58.0390 0272 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

08:34:58.0531 0272 RSVP - ok

08:34:58.0562 0272 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:34:58.0718 0272 SamSs - ok

08:34:58.0812 0272 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:34:58.0828 0272 SASDIFSV - ok

08:34:58.0843 0272 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:34:58.0875 0272 SASKUTIL - ok

08:34:58.0921 0272 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREDrv.sys

08:34:58.0937 0272 SBRE - ok

08:34:58.0984 0272 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

08:34:59.0140 0272 SCardSvr - ok

08:34:59.0171 0272 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

08:34:59.0343 0272 Schedule - ok

08:34:59.0390 0272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:34:59.0453 0272 Secdrv - ok

08:34:59.0531 0272 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

08:34:59.0687 0272 seclogon - ok

08:34:59.0718 0272 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

08:34:59.0859 0272 SENS - ok

08:34:59.0875 0272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:35:00.0046 0272 serenum - ok

08:35:00.0062 0272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:35:00.0203 0272 Serial - ok

08:35:00.0265 0272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

08:35:00.0406 0272 Sfloppy - ok

08:35:00.0453 0272 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

08:35:00.0640 0272 SharedAccess - ok

08:35:00.0671 0272 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:35:00.0687 0272 ShellHWDetection - ok

08:35:00.0703 0272 Simbad - ok

08:35:00.0734 0272 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:35:00.0875 0272 SLIP - ok

08:35:00.0968 0272 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

08:35:07.0093 0272 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning

08:35:07.0093 0272 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)

08:35:07.0109 0272 Sparrow - ok

08:35:07.0156 0272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:35:07.0296 0272 splitter - ok

08:35:07.0328 0272 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

08:35:07.0375 0272 Spooler - ok

08:35:07.0406 0272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:35:07.0453 0272 sr - ok

08:35:07.0515 0272 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

08:35:07.0625 0272 srservice - ok

08:35:07.0656 0272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:35:07.0734 0272 Srv - ok

08:35:07.0781 0272 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

08:35:07.0843 0272 SSDPSRV - ok

08:35:07.0890 0272 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

08:35:08.0015 0272 stisvc - ok

08:35:08.0062 0272 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:35:08.0234 0272 streamip - ok

08:35:08.0265 0272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:35:08.0406 0272 swenum - ok

08:35:08.0437 0272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:35:08.0656 0272 swmidi - ok

08:35:08.0671 0272 SwPrv - ok

08:35:08.0687 0272 symc810 - ok

08:35:08.0703 0272 symc8xx - ok

08:35:08.0703 0272 sym_hi - ok

08:35:08.0718 0272 sym_u3 - ok

08:35:08.0750 0272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:35:08.0906 0272 sysaudio - ok

08:35:08.0953 0272 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

08:35:09.0078 0272 SysmonLog - ok

08:35:09.0109 0272 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

08:35:09.0250 0272 TapiSrv - ok

08:35:09.0296 0272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:35:09.0359 0272 Tcpip - ok

08:35:09.0375 0272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:35:09.0546 0272 TDPIPE - ok

08:35:09.0578 0272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:35:09.0718 0272 TDTCP - ok

08:35:09.0750 0272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:35:09.0875 0272 TermDD - ok

08:35:09.0921 0272 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

08:35:10.0078 0272 TermService - ok

08:35:10.0109 0272 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:35:10.0125 0272 Themes - ok

08:35:10.0171 0272 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

08:35:10.0250 0272 TlntSvr - ok

08:35:10.0265 0272 TosIde - ok

08:35:10.0312 0272 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

08:35:10.0468 0272 TrkWks - ok

08:35:10.0500 0272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:35:10.0656 0272 Udfs - ok

08:35:10.0656 0272 ultra - ok

08:35:10.0718 0272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:35:10.0875 0272 Update - ok

08:35:10.0953 0272 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe

08:35:10.0984 0272 UPHClean ( UnsignedFile.Multi.Generic ) - warning

08:35:10.0984 0272 UPHClean - detected UnsignedFile.Multi.Generic (1)

08:35:11.0031 0272 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

08:35:11.0125 0272 upnphost - ok

08:35:11.0156 0272 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

08:35:11.0296 0272 UPS - ok

08:35:11.0343 0272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:35:11.0500 0272 usbehci - ok

08:35:11.0593 0272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:35:11.0750 0272 usbhub - ok

08:35:11.0781 0272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:35:11.0906 0272 usbohci - ok

08:35:11.0953 0272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:35:12.0125 0272 usbprint - ok

08:35:12.0156 0272 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:35:12.0296 0272 usbscan - ok

08:35:12.0328 0272 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:35:12.0484 0272 USBSTOR - ok

08:35:12.0562 0272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:35:12.0718 0272 VgaSave - ok

08:35:12.0718 0272 ViaIde - ok

08:35:12.0750 0272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:35:12.0906 0272 VolSnap - ok

08:35:12.0937 0272 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

08:35:13.0015 0272 VSS - ok

08:35:13.0046 0272 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

08:35:13.0203 0272 W32Time - ok

08:35:13.0234 0272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:35:13.0437 0272 Wanarp - ok

08:35:13.0531 0272 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:35:13.0578 0272 Wdf01000 - ok

08:35:13.0593 0272 WDICA - ok

08:35:13.0625 0272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:35:13.0781 0272 wdmaud - ok

08:35:13.0812 0272 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

08:35:13.0968 0272 WebClient - ok

08:35:14.0046 0272 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

08:35:14.0171 0272 winmgmt - ok

08:35:14.0218 0272 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

08:35:14.0265 0272 WmdmPmSN - ok

08:35:14.0328 0272 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

08:35:14.0390 0272 Wmi - ok

08:35:14.0437 0272 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:35:14.0640 0272 WmiApSrv - ok

08:35:14.0750 0272 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

08:35:14.0828 0272 WMPNetworkSvc - ok

08:35:14.0984 0272 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:35:15.0046 0272 WPFFontCache_v0400 - ok

08:35:15.0109 0272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:35:15.0281 0272 WS2IFSL - ok

08:35:15.0312 0272 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

08:35:15.0453 0272 wscsvc - ok

08:35:15.0484 0272 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:35:15.0656 0272 WSTCODEC - ok

08:35:15.0687 0272 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

08:35:15.0828 0272 wuauserv - ok

08:35:15.0875 0272 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:35:15.0921 0272 WudfPf - ok

08:35:15.0953 0272 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:35:15.0968 0272 WudfRd - ok

08:35:16.0000 0272 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

08:35:16.0031 0272 WudfSvc - ok

08:35:16.0078 0272 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

08:35:16.0234 0272 WZCSVC - ok

08:35:16.0265 0272 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

08:35:16.0421 0272 xmlprov - ok

08:35:16.0562 0272 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

08:35:16.0609 0272 YahooAUService - ok

08:35:16.0656 0272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

08:35:17.0265 0272 \Device\Harddisk0\DR0 - ok

08:35:17.0312 0272 Boot (0x1200) (c11d370388720dfeda1b6e8759995e0a) \Device\Harddisk0\DR0\Partition0

08:35:17.0312 0272 \Device\Harddisk0\DR0\Partition0 - ok

08:35:17.0343 0272 Boot (0x1200) (e068d14c3685bb0bf5676fc159b0ac0b) \Device\Harddisk0\DR0\Partition1

08:35:17.0343 0272 \Device\Harddisk0\DR0\Partition1 - ok

08:35:17.0359 0272 ============================================================

08:35:17.0359 0272 Scan finished

08:35:17.0359 0272 ============================================================

08:35:17.0546 3996 Detected object count: 11

08:35:17.0546 3996 Actual detected object count: 11

08:40:06.0437 3996 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0437 3996 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0437 3996 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0437 3996 cmuda ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 cmuda ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0437 3996 iteio ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 iteio ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0437 3996 KMWDKUSB ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0437 3996 KMWDKUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0453 3996 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0453 3996 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0453 3996 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0453 3996 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0453 3996 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0453 3996 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0453 3996 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0453 3996 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:06.0453 3996 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user

08:40:06.0453 3996 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:40:12.0968 1496 Deinitialize success

Link to post
Share on other sites

Go to start > run and type: cmd

A command prompt window will open.

In the command prompt window, type:

del c:\windows\Tasks\At*.job

Hit enter.

----------------------------

Delete your copy of CombFix and download a fresh one to your desktop.

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\combofix.exe" /killall /nombr

Let me know if CF runs now, MrC

Link to post
Share on other sites

See if you can do this.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

See if you can post a HiJackThis log of the system:

You can download the HJT installer HERE:

Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

Link to post
Share on other sites

the otl scan would go through

services

driver

pattern

and stop at

fire fox settings

here is the results of hijackthis scan

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=f8a4ec2100000000000000502c09e114

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\bobby\Local Settings\Application Data\Akamai\netsession_win.exe"

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Unknown owner - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 8099 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.